Add krb5_db_register_keytab

Resolves: #1376812
2016-09-19 16:18:41 +00:00 · 2016-09-19 16:18:41 +00:00 · 4f5955da72
commit 4f5955da72
parent 3e13029eb0
2 changed files with 76 additions and 1 deletions
--- a/krb5-1.15-krb5_db_register_keytab.patch
+++ b/krb5-1.15-krb5_db_register_keytab.patch
@ -0,0 +1,69 @@
 From c9136272512a6158d77e74035d52869443403a10 Mon Sep 17 00:00:00 2001
 From: Andreas Schneider <asn@samba.org>
 Date: Wed, 7 Sep 2016 18:33:43 +0200
 Subject: [PATCH] Add krb5_db_register_keytab()
 Add a public libkdb5 function to register the KDB keytab type.  This
 functionality is needed for out-of-tree KDC servers such as the Samba
 kpasswd service.
 [ghudson@mit.edu: edited comments, whitespace, commit message]
 ticket: 8494 (new)
 (cherry picked from commit 2e99582062d9d6a70f2adb00fd8fe58a1f95b9b7)
 ---
 src/include/kdb.h           | 7 +++++++
 src/lib/kdb/keytab.c        | 6 ++++++
 src/lib/kdb/libkdb5.exports | 1 +
 3 files changed, 14 insertions(+)
 diff --git a/src/include/kdb.h b/src/include/kdb.h
 index 9d3bf9d..048327c 100644
 --- a/src/include/kdb.h
 +++ b/src/include/kdb.h
@@ -797,6 +797,13 @@ krb5_dbe_free_strings(krb5_context, krb5_string_attr *, int count);
 void
 krb5_dbe_free_string(krb5_context, char *);
 +/*
 + * Register the KDB keytab type, allowing "KDB:" to be used as a keytab name.
 + * For this type to work, the context used for keytab operations must have an
 + * associated database handle (via krb5_db_open()).
 + */
 +krb5_error_code krb5_db_register_keytab(krb5_context context);
 +
 #define KRB5_KDB_DEF_FLAGS      0
 #define KDB_MAX_DB_NAME                 128
 diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c
 index b85b67d..c6aa100 100644
 --- a/src/lib/kdb/keytab.c
 +++ b/src/lib/kdb/keytab.c
@@ -66,6 +66,12 @@ typedef struct krb5_ktkdb_data {
 } krb5_ktkdb_data;
 krb5_error_code
 +krb5_db_register_keytab(krb5_context context)
 +{
 +    return krb5_kt_register(context, &krb5_kt_kdb_ops);
 +}
 +
 +krb5_error_code
 krb5_ktkdb_resolve(context, name, id)
     krb5_context          context;
     const char          * name;
 diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports
 index cb4c3df..e5d1045 100644
 --- a/src/lib/kdb/libkdb5.exports
 +++ b/src/lib/kdb/libkdb5.exports
@@ -85,6 +85,7 @@ krb5_db_delete_policy
 krb5_db_free_policy
 krb5_def_store_mkey_list
 krb5_db_promote
 +krb5_db_register_keytab
 ulog_add_update
 ulog_init_header
 ulog_map
 -- 
 2.9.3
--- a/krb5.spec
+++ b/krb5.spec
@ -13,7 +13,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.14.3
-Release: 8%{?dist}
+Release: 9%{?dist}
 # - Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
 # - The sources below are stored in a lookaside cache. Upload with
@ -71,6 +71,7 @@ Patch169: krb5-1.15-kdc-error-encrypted-timestamp.patch
 Patch170: krb5-1.14.4-samba-client-mutual-flag.patch
 Patch171: krb5-1.14.4-responder-non-preauth.patch
 Patch172: krb5-1.15-krb5_db_register_keytab.patch
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@ -287,6 +288,7 @@ ln NOTICE LICENSE
 %patch170 -p1 -b .samba-client-mutual-flag
 %patch171 -p1 -b .responder-non-preauth
 %patch172 -p1 -b .krb5_db_register_keytab
 # Take the execute bit off of documentation.
 chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
@ -756,6 +758,10 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 %changelog
 * Mon Sep 19 2016 Robbie Harwood <rharwood@redhat.com> - 1.14.3-9
 - Add krb5_db_register_keytab
 - Resolves: #1376812
 * Mon Aug 29 2016 Robbie Harwood <rharwood@redhat.com> - 1.14.3-8
 - Use responder for non-preauth AS requests
 - Resolves: #1370622