Pass gss_localname() through SPNEGO

This commit is contained in:
Robbie Harwood 2020-04-28 13:12:21 -04:00
parent 46d8c677ae
commit 19d5d2e504
2 changed files with 68 additions and 8 deletions

View File

@ -0,0 +1,58 @@
From 646212314a580a8cdffdacda9cb3c8f806471b08 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 26 Apr 2020 19:55:54 -0400
Subject: [PATCH] Pass gss_localname() through SPNEGO
ticket: 8897 (new)
(cherry picked from commit f7b8a6432bd289bdc528017be122305f95b8e285)
---
src/lib/gssapi/spnego/gssapiP_spnego.h | 8 ++++++++
src/lib/gssapi/spnego/spnego_mech.c | 9 ++++++++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
index a93763314..066ec736f 100644
--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
+++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
@@ -357,6 +357,14 @@ OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit
OM_uint32 *max_input_size
);
+OM_uint32 KRB5_CALLCONV spnego_gss_localname
+(
+ OM_uint32 *minor_status,
+ const gss_name_t pname,
+ const gss_const_OID mech_type,
+ gss_buffer_t localname
+);
+
OM_uint32 KRB5_CALLCONV spnego_gss_get_mic
(
OM_uint32 *minor_status,
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 8e0c3a348..8d36a05e8 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -237,7 +237,7 @@ static struct gss_config spnego_mechanism =
spnego_gss_inquire_context, /* gss_inquire_context */
NULL, /* gss_internal_release_oid */
spnego_gss_wrap_size_limit, /* gss_wrap_size_limit */
- NULL, /* gssd_pname_to_uid */
+ spnego_gss_localname,
NULL, /* gss_userok */
NULL, /* gss_export_name */
spnego_gss_duplicate_name, /* gss_duplicate_name */
@@ -2371,6 +2371,13 @@ spnego_gss_wrap_size_limit(
return (ret);
}
+OM_uint32 KRB5_CALLCONV
+spnego_gss_localname(OM_uint32 *minor_status, const gss_name_t pname,
+ const gss_const_OID mech_type, gss_buffer_t localname)
+{
+ return gss_localname(minor_status, pname, GSS_C_NO_OID, localname);
+}
+
OM_uint32 KRB5_CALLCONV
spnego_gss_get_mic(
OM_uint32 *minor_status,

View File

@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.1
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
Release: 1%{?dist}
Release: 3%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
@ -56,6 +56,7 @@ Patch13: Add-finalization-safety-check-to-com_err.patch
Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch
Patch15: Correctly-import-service-GSS-host-based-name.patch
Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
Patch17: Pass-gss_localname-through-SPNEGO.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@ -80,18 +81,13 @@ BuildRequires: iproute
BuildRequires: libverto-devel
BuildRequires: openldap-devel
BuildRequires: lmdb-devel
BuildRequires: nss_wrapper
BuildRequires: socket_wrapper
# Need KDFs. This is the backported version
BuildRequires: openssl-devel >= 1:1.1.1d-4
BuildRequires: openssl-devel < 1:3.0.0
%ifarch %{ix86} x86_64
BuildRequires: yasm
%endif
BuildRequires: nss_wrapper
BuildRequires: socket_wrapper
%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
@ -633,6 +629,12 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
* Tue Apr 28 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-3
- Pass gss_localname() through SPNEGO
* Tue Apr 14 2020 Robbie Harwood <rharwood@redhat.com> - 1.18-1.1
- Drop yasm requirement since we don't use builtin crypto
* Tue Apr 14 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-1
- New upstream version (1.18.1)