Read GSS configuration files with mtime 0

There is at least one case (with flatpaks) where configuration files
in the special read-only /etc all have an mtime of 0.  Using an
initial last modified time of 0 in g_initialize.c causes these files
to never be read.

Change the initial high value to the be the "invalid" value
(time_t)-1.  Since the C and POSIX standards do not require time_t to
be signed, special-case the checks in load_if_changed() and
updateMechList() to treat all mod times as newer than -1.

Signed-off-by: Julien Rische <jrische@redhat.com>

Read-GSS-configuration-files-with-mtime-0.patch

@@ -0,0 +1,71 @@
+From f8747c22fd159ad3556fdf6ec4f269c754c1eadb Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 19 May 2022 12:27:40 -0400
+Subject: [PATCH] Read GSS configuration files with mtime 0
+
+There is at least one case (with flatpaks) where configuration files
+in the special read-only /etc all have an mtime of 0.  Using an
+initial last modified time of 0 in g_initialize.c causes these files
+to never be read.
+
+Change the initial high value to the be the "invalid" value
+(time_t)-1.  Since the C and POSIX standards do not require time_t to
+be signed, special-case the checks in load_if_changed() and
+updateMechList() to treat all mod times as newer than -1.
+
+[ghudson@mit.edu: edited commit message; slightly modified approach]
+
+ticket: 9060 (new)
+target_version: 1.20
+tags: pullup
+---
+ src/lib/gssapi/mechglue/g_initialize.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
+index 6d49700a5..857d4a4f2 100644
+--- a/src/lib/gssapi/mechglue/g_initialize.c
++++ b/src/lib/gssapi/mechglue/g_initialize.c
+@@ -93,7 +93,7 @@ static void free_mechSet(void);
+ static gss_mech_info g_mechList = NULL;
+ static gss_mech_info g_mechListTail = NULL;
+ static k5_mutex_t g_mechListLock = K5_MUTEX_PARTIAL_INITIALIZER;
+-static time_t g_confFileModTime = (time_t)0;
++static time_t g_confFileModTime = (time_t)-1;
+ static time_t g_confLastCall = (time_t)0;
+ 
+ static gss_OID_set_desc g_mechSet = { 0, NULL };
+@@ -469,9 +469,9 @@ load_if_changed(const char *pathname, time_t last, time_t *highest)
+ 	mtime = check_link_mtime(pathname, &mtime);
+ 	if (mtime == (time_t)-1)
+ 		return;
+-	if (mtime > *highest)
++	if (mtime > *highest || *highest == (time_t)-1)
+ 		*highest = mtime;
+-	if (mtime > last)
++	if (mtime > last || last == (time_t)-1)
+ 		loadConfigFile(pathname);
+ }
+ 
+@@ -482,7 +482,7 @@ static void
+ loadConfigFiles()
+ {
+ 	glob_t globbuf;
+-	time_t highest = 0, now;
++	time_t highest = (time_t)-1, now;
+ 	char **path;
+ 	const char *val;
+ 
+@@ -522,7 +522,8 @@ updateMechList(void)
+ 
+ #if defined(_WIN32)
+ 	time_t lastConfModTime = getRegConfigModTime(MECH_KEY);
+-	if (g_confFileModTime >= lastConfModTime)
++	if (g_confFileModTime >= lastConfModTime &&
++	    g_confFileModTime != (time_t)-1)
+ 		return;
+ 	g_confFileModTime = lastConfModTime;
+ 	loadConfigFromRegistry(HKEY_CURRENT_USER, MECH_KEY);
+-- 
+2.35.3
+

krb5.spec

@@ -100,6 +100,7 @@ Patch39: krb5-krad-larger-attrs.patch
 Patch40: Try-harder-to-avoid-password-change-replay-errors.patch
 Patch41: Add-configure-variable-for-default-PKCS-11-module.patch
 Patch42: downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch
+Patch43: Read-GSS-configuration-files-with-mtime-0.patch
 
 License: MIT
 URL: https://web.mit.edu/kerberos/www/
@@ -650,9 +651,10 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
-* Thu May 12 2022 Julien Rische <jrische@redhat.com> - 1.19.2-11
+* Wed Jun 15 2022 Julien Rische <jrische@redhat.com> - 1.19.2-11
 - Allow libkrad UDP/TCP connection to localhost in FIPS mode
 - Resolves: rhbz#2082189
+- Read GSS configuration files with mtime 0
 
 * Mon May  2 2022 Julien Rische <jrische@redhat.com> - 1.19.2-10
 - Use p11-kit as default PKCS11 module