rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

New upstream release - 1.15.1

Browse Source
This commit is contained in:
Robbie Harwood 2017-03-04 00:34:46 +00:00
parent 9ce824b289
commit 2a20da0e2a
19 changed files with 25 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -148,3 +148,6 @@ krb5-1.8.3-pdf.tar.gz
/krb5-1.15-pdfs.tar
/krb5-1.15.tar.gz
/krb5-1.15.tar.gz.asc
/krb5-1.15.1-pdfs.tar
/krb5-1.15.1.tar.gz
/krb5-1.15.1.tar.gz.asc

80
Add-free_principal_e_data-KDB-method.patch
View File

@ -1,80 +0,0 @@
From f784c4726c4223108170fe7398601b8cc8c775c9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 18 Jan 2017 11:52:48 +0100
Subject: [PATCH] Add free_principal_e_data KDB method
Add an optional method to kdb_vftabl to free e_data pointer in a
principal entry, in case it was populated by a module using a more
complex structure than a single memory region.
[ghudson@mit.edu: handled minor version bump; simplified code; rewrote
commit message]
ticket: 8538
target_version: 1.15-next
tags: pullup
(cherry picked from commit 87d8d1c6da227ff9410413de39ee64e4566429e5)
---
src/include/kdb.h | 11 +++++++++++
src/lib/kdb/kdb5.c | 14 +++++++++++++-
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/src/include/kdb.h b/src/include/kdb.h
index e9d1a84ba..da04724fc 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -1382,6 +1382,17 @@ typedef struct _kdb_vftabl {
krb5_const_principal client,
const krb5_db_entry *server,
krb5_const_principal proxy);
+
+ /* End of minor version 0. */
+
+ /*
+ * Optional: Free the e_data pointer of a database entry. If this method
+ * is not implemented, the e_data pointer in principal entries will be
+ * freed with free() as seen by libkdb5.
+ */
+ void (*free_principal_e_data)(krb5_context kcontext, krb5_octet *e_data);
+
+ /* End of minor version 1 for major version 6. */
} kdb_vftabl;
#endif /* !defined(_WIN32) */
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index ee4127231..4adf0fcbb 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -323,6 +323,12 @@ copy_vtable(const kdb_vftabl *in, kdb_vftabl *out)
out->refresh_config = in->refresh_config;
out->check_allowed_to_delegate = in->check_allowed_to_delegate;
+ /* Copy fields for minor version 1 (major version 6). */
+ assert(KRB5_KDB_DAL_MAJOR_VERSION == 6);
+ out->free_principal_e_data = NULL;
+ if (in->min_ver >= 1)
+ out->free_principal_e_data = in->free_principal_e_data;
+
/* Set defaults for optional fields. */
if (out->fetch_master_key == NULL)
out->fetch_master_key = krb5_db_def_fetch_mkey;
@@ -820,11 +826,17 @@ free_tl_data(krb5_tl_data *list)
void
krb5_db_free_principal(krb5_context kcontext, krb5_db_entry *entry)
{
+ kdb_vftabl *v;
int i;
if (entry == NULL)
return;
- free(entry->e_data);
+ if (entry->e_data != NULL) {
+ if (get_vftabl(kcontext, &v) == 0 && v->free_principal_e_data != NULL)
+ v->free_principal_e_data(kcontext, entry->e_data);
+ else
+ free(entry->e_data);
+ }
krb5_free_principal(kcontext, entry->princ);
free_tl_data(entry->tl_data);
for (i = 0; i < entry->n_key_data; i++)

2
Build-with-Werror-implicit-int-where-supported.patch
View File

@ -1,4 +1,4 @@
From 6c5c66b807cabaf71a56d1a630ea3b47344f81b4 Mon Sep 17 00:00:00 2001
From 8bab441cd8ac47721541aacf88349a9c027564b7 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 10 Nov 2016 13:20:49 -0500
Subject: [PATCH] Build with -Werror-implicit-int where supported

121
Explicitly-copy-KDB-vtable-fields.patch
View File

@ -1,121 +0,0 @@
From f6dce77d8f1606c3443f47517ef101a6f1978d69 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 18 Jan 2017 11:40:49 -0500
Subject: [PATCH] Explicitly copy KDB vtable fields
In preparation for bumping the kdb_vftabl minor version, use explicit
field assignments when copying the module vtable to the internal copy,
so that we can conditionalize assignments for minor versions greater
than 0.
ticket: 8538
(cherry picked from commit 50605efa5058583667227223a75ca44a512f4796)
---
src/lib/kdb/kdb5.c | 79 +++++++++++++++++++++++++++++++++++++++---------------
1 file changed, 58 insertions(+), 21 deletions(-)
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index a3139a7dc..ee4127231 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -283,24 +283,63 @@ clean_n_exit:
}
static void
-kdb_setup_opt_functions(db_library lib)
+copy_vtable(const kdb_vftabl *in, kdb_vftabl *out)
{
- if (lib->vftabl.fetch_master_key == NULL)
- lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
- if (lib->vftabl.fetch_master_key_list == NULL)
- lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list;
- if (lib->vftabl.store_master_key_list == NULL)
- lib->vftabl.store_master_key_list = krb5_def_store_mkey_list;
- if (lib->vftabl.dbe_search_enctype == NULL)
- lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype;
- if (lib->vftabl.change_pwd == NULL)
- lib->vftabl.change_pwd = krb5_dbe_def_cpw;
- if (lib->vftabl.decrypt_key_data == NULL)
- lib->vftabl.decrypt_key_data = krb5_dbe_def_decrypt_key_data;
- if (lib->vftabl.encrypt_key_data == NULL)
- lib->vftabl.encrypt_key_data = krb5_dbe_def_encrypt_key_data;
- if (lib->vftabl.rename_principal == NULL)
- lib->vftabl.rename_principal = krb5_db_def_rename_principal;
+ /* Copy fields for minor version 0. */
+ out->maj_ver = in->maj_ver;
+ out->min_ver = in->min_ver;
+ out->init_library = in->init_library;
+ out->fini_library = in->fini_library;
+ out->init_module = in->init_module;
+ out->fini_module = in->fini_module;
+ out->create = in->create;
+ out->destroy = in->destroy;
+ out->get_age = in->get_age;
+ out->lock = in->lock;
+ out->unlock = in->unlock;
+ out->get_principal = in->get_principal;
+ out->put_principal = in->put_principal;
+ out->delete_principal = in->delete_principal;
+ out->rename_principal = in->rename_principal;
+ out->iterate = in->iterate;
+ out->create_policy = in->create_policy;
+ out->get_policy = in->get_policy;
+ out->put_policy = in->put_policy;
+ out->iter_policy = in->iter_policy;
+ out->delete_policy = in->delete_policy;
+ out->fetch_master_key = in->fetch_master_key;
+ out->fetch_master_key_list = in->fetch_master_key_list;
+ out->store_master_key_list = in->store_master_key_list;
+ out->dbe_search_enctype = in->dbe_search_enctype;
+ out->change_pwd = in->change_pwd;
+ out->promote_db = in->promote_db;
+ out->decrypt_key_data = in->decrypt_key_data;
+ out->encrypt_key_data = in->encrypt_key_data;
+ out->sign_authdata = in->sign_authdata;
+ out->check_transited_realms = in->check_transited_realms;
+ out->check_policy_as = in->check_policy_as;
+ out->check_policy_tgs = in->check_policy_tgs;
+ out->audit_as_req = in->audit_as_req;
+ out->refresh_config = in->refresh_config;
+ out->check_allowed_to_delegate = in->check_allowed_to_delegate;
+
+ /* Set defaults for optional fields. */
+ if (out->fetch_master_key == NULL)
+ out->fetch_master_key = krb5_db_def_fetch_mkey;
+ if (out->fetch_master_key_list == NULL)
+ out->fetch_master_key_list = krb5_def_fetch_mkey_list;
+ if (out->store_master_key_list == NULL)
+ out->store_master_key_list = krb5_def_store_mkey_list;
+ if (out->dbe_search_enctype == NULL)
+ out->dbe_search_enctype = krb5_dbe_def_search_enctype;
+ if (out->change_pwd == NULL)
+ out->change_pwd = krb5_dbe_def_cpw;
+ if (out->decrypt_key_data == NULL)
+ out->decrypt_key_data = krb5_dbe_def_decrypt_key_data;
+ if (out->encrypt_key_data == NULL)
+ out->encrypt_key_data = krb5_dbe_def_encrypt_key_data;
+ if (out->rename_principal == NULL)
+ out->rename_principal = krb5_db_def_rename_principal;
}
#ifdef STATIC_PLUGINS
@@ -334,8 +373,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr)
return ENOMEM;
strlcpy(lib->name, lib_name, sizeof(lib->name));
- memcpy(&lib->vftabl, vftabl_addr, sizeof(kdb_vftabl));
- kdb_setup_opt_functions(lib);
+ copy_vtable(vftabl_addr, &lib->vftabl);
status = lib->vftabl.init_library();
if (status)
@@ -433,8 +471,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib)
goto clean_n_exit;
}
- memcpy(&(*lib)->vftabl, vftabl_addrs[0], sizeof(kdb_vftabl));
- kdb_setup_opt_functions(*lib);
+ copy_vtable(vftabl_addrs[0], &(*lib)->vftabl);
if ((status = (*lib)->vftabl.init_library()))
goto clean_n_exit;

2
Use-GSSAPI-fallback-skiptest.patch
View File

@ -1,4 +1,4 @@
From 487228e55146bfb258379dd60950bf2727921c92 Mon Sep 17 00:00:00 2001
From 99df255485ea60bd32e8fffc012348d1046693b2 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 1 Mar 2017 17:46:22 -0500
Subject: [PATCH] Use GSSAPI fallback skiptest

2
Use-fallback-realm-for-GSSAPI-ccache-selection.patch
View File

@ -1,4 +1,4 @@
From d903c706a378c521ae38d57d95e43fb10469b03f Mon Sep 17 00:00:00 2001
From 1f1dc3a88a5581e55d010eda16d8ef896009b2d0 Mon Sep 17 00:00:00 2001
From: Matt Rogers <mrogers@redhat.com>
Date: Fri, 10 Feb 2017 12:53:42 -0500
Subject: [PATCH] Use fallback realm for GSSAPI ccache selection

2
krb5-1.11-kpasswdtest.patch
View File

@ -1,4 +1,4 @@
From 0fb88f451f25c4bf923248c9e13dd79f658c743a Mon Sep 17 00:00:00 2001
From ab786ce6f599e3e2185b689dae73ea0922d7d744 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:52:01 -0400
Subject: [PATCH] krb5-1.11-kpasswdtest.patch

2
krb5-1.11-run_user_0.patch
View File

@ -1,4 +1,4 @@
From 308f3826d44ab9ee114fc7d1c4fb61e9005025ad Mon Sep 17 00:00:00 2001
From 7148ab604465801f1d73ebabf58f906073be0b10 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:49:57 -0400
Subject: [PATCH] krb5-1.11-run_user_0.patch

2
krb5-1.12-api.patch
View File

@ -1,4 +1,4 @@
From e08681c1315628c8202d103de09325ed4881d1a5 Mon Sep 17 00:00:00 2001
From 8ab8fd6039155f41218b2fe1eb39269b7910ff8f Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:47:00 -0400
Subject: [PATCH] krb5-1.12-api.patch

2
krb5-1.12-ksu-path.patch
View File

@ -1,4 +1,4 @@
From 13918214c30b97aaef5d816a3d266be0ec13147e Mon Sep 17 00:00:00 2001
From d5f00c7819b307be9ed2ca4bf2ac9b273fc04c84 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:32:09 -0400
Subject: [PATCH] krb5-1.12-ksu-path.patch

2
krb5-1.12-ktany.patch
View File

@ -1,4 +1,4 @@
From e2f52b93c6a6257a76ac37d3c7d63ea3099dd89c Mon Sep 17 00:00:00 2001
From ea0aedf9770b3f8c6b640aaff8ddcbd5be3842d6 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:33:53 -0400
Subject: [PATCH] krb5-1.12-ktany.patch

2
krb5-1.12.1-pam.patch
View File

@ -1,4 +1,4 @@
From 977d51ce9a5bb37255e87db37353f0d70d6b293d Mon Sep 17 00:00:00 2001
From 461ae27581ad3b132b9b2d8c07777102fba015f3 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:29:58 -0400
Subject: [PATCH] krb5-1.12.1-pam.patch

2
krb5-1.13-dirsrv-accountlock.patch
View File

@ -1,4 +1,4 @@
From 0a33cb5ff8f80c62a652bc60860fad375ee58a85 Mon Sep 17 00:00:00 2001
From 7f75d00da9e4d6e9af1663f5b208e000f4ed5c62 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:47:44 -0400
Subject: [PATCH] krb5-1.13-dirsrv-accountlock.patch

2
krb5-1.15-beta1-buildconf.patch
View File

@ -1,4 +1,4 @@
From 302fdf788fe4d3895a9dcc0e86f98c09a34ea82a Mon Sep 17 00:00:00 2001
From 715dbc4d99494d028951058c3c21a1948f7697d1 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:45:26 -0400
Subject: [PATCH] krb5-1.15-beta1-buildconf.patch

2
krb5-1.15-beta1-selinux-label.patch
View File

@ -1,4 +1,4 @@
From a2e0aed3d390ded3a7724fa223a3dc1102ec6221 Mon Sep 17 00:00:00 2001
From 6d95fa032279ef3a53348243c9d0d4b9233761db Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:30:53 -0400
Subject: [PATCH] krb5-1.15-beta1-selinux-label.patch

2
krb5-1.3.1-dns.patch
View File

@ -1,4 +1,4 @@
From 285e023d996ed1a9dbe77239967b3f56ed2c8075 Mon Sep 17 00:00:00 2001
From f4ef24189140081b5f92132fe6b552029a1d7661 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:46:21 -0400
Subject: [PATCH] krb5-1.3.1-dns.patch

2
krb5-1.9-debuginfo.patch
View File

@ -1,4 +1,4 @@
From 792c6e3ce90f8cb374df41abbf3da1631d64045f Mon Sep 17 00:00:00 2001
From 460d36cea95033381a1f50dd387ce21447e7fb85 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 23 Aug 2016 16:49:25 -0400
Subject: [PATCH] krb5-1.9-debuginfo.patch

9
krb5.spec
View File

@ -16,9 +16,9 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.15
Version: 1.15.1
# for prerelease, should be e.g., 0.3.beta2%{?dist}
Release: 9%{?dist}
Release: 1%{?dist}
# - Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
# - The sources below are stored in a lookaside cache. Upload with
@ -62,8 +62,6 @@ Patch9: krb5-1.9-debuginfo.patch
Patch10: krb5-1.11-run_user_0.patch
Patch11: krb5-1.11-kpasswdtest.patch
Patch12: Build-with-Werror-implicit-int-where-supported.patch
Patch13: Explicitly-copy-KDB-vtable-fields.patch
Patch14: Add-free_principal_e_data-KDB-method.patch
Patch15: Use-fallback-realm-for-GSSAPI-ccache-selection.patch
Patch16: Use-GSSAPI-fallback-skiptest.patch
@ -720,6 +718,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
* Fri Mar 03 2017 Robbie Harwood <rharwood@redhat.com> - 1.15.1-1
- New upstream release - 1.15.1
* Wed Mar 01 2017 Robbie Harwood <rharwood@redhat.com> - 1.15-9
- Patch build by disabling failing test; will fix properly soon

6
sources
View File

@ -1,3 +1,3 @@
fa2af49908afa204ab177fb997d8c17f krb5-1.15-pdfs.tar
cd43a3316ebbb86b2a9020b485b1a819 krb5-1.15.tar.gz
4c5c99f00e1bf19e5c1ae0957230a6e5 krb5-1.15.tar.gz.asc
SHA512 (krb5-1.15.1-pdfs.tar) = f014d5da5e4cc74a19d51df658f52c6ae2f6f64663b29342e81f81ddb6e734a44c452b3f0d02f90c43baeb0618438f8b264d4f68424b0d98300a9dbe59a28552
SHA512 (krb5-1.15.1.tar.gz) = 068b4c012722d8c232049d2a617f7ee28ceeaba6be94a78439e69e37b66cfdc49085641e42cfb03b2fbb72d21517b537e437061ec4dd2bf864f31e55e05fe918
SHA512 (krb5-1.15.1.tar.gz.asc) = 48d2b1382970d4117340fbfd82a88ecd9342aaddad3e06a26db2b5e4766654e2e4cda03a3af6803e463e6ddcfbfbb32323379d9ccc70561c3f296b406bfee905