From 6d42ba9cb1942d9a8f6d2025827f67b5e81d1637 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Wed, 9 Nov 2011 18:44:01 -0500
Subject: [PATCH] update for 1.10

---
 ...d_tcp.patch => krb5-1.10-kpasswd_tcp.patch |  20 +-
 krb5-trunk-kpasswd_tcp2.patch                 | 233 ------------------
 2 files changed, 9 insertions(+), 244 deletions(-)
 rename krb5-1.8-kpasswd_tcp.patch => krb5-1.10-kpasswd_tcp.patch (61%)
 delete mode 100644 krb5-trunk-kpasswd_tcp2.patch

diff --git a/krb5-1.8-kpasswd_tcp.patch b/krb5-1.10-kpasswd_tcp.patch
similarity index 61%
rename from krb5-1.8-kpasswd_tcp.patch
rename to krb5-1.10-kpasswd_tcp.patch
index 6cc611a..fd8da8e 100644
--- a/krb5-1.8-kpasswd_tcp.patch
+++ b/krb5-1.10-kpasswd_tcp.patch
@@ -1,14 +1,12 @@
 Fall back to TCP on kdc-unresolvable/unreachable errors.  We still have
 to wait for UDP to fail, so this might not be ideal.  RT #5868.
 
-diff -up krb5-1.8/src/lib/krb5/os/changepw.c.kpasswd_tcp krb5-1.8/src/lib/krb5/os/changepw.c
---- krb5-1.8/src/lib/krb5/os/changepw.c.kpasswd_tcp	2009-12-02 13:06:19.000000000 -0500
-+++ krb5-1.8/src/lib/krb5/os/changepw.c	2010-03-05 11:02:39.000000000 -0500
-@@ -270,11 +270,22 @@ change_set_password(krb5_context context
-                                    NULL,
-                                    NULL
-              ))) {
--
+--- krb5/src/lib/krb5/os/changepw.c
++++ krb5/src/lib/krb5/os/changepw.c
+@@ -270,10 +270,22 @@ change_set_password(krb5_context context
+                          &callback_info, &chpw_rep, ss2sa(&remote_addr),
+                          &addrlen, NULL, NULL, NULL);
+         if (code) {
 -            /*
 -             * Here we may want to switch to TCP on some errors.
 -             * right?
@@ -16,14 +14,14 @@ diff -up krb5-1.8/src/lib/krb5/os/changepw.c.kpasswd_tcp krb5-1.8/src/lib/krb5/o
 +            /* if we're not using a stream socket, and it's an error which
 +             * might reasonably be specific to a datagram "connection", try
 +             * again with a stream socket */
-+            if (!useTcp) {
++            if (!use_tcp) {
 +                switch (code) {
 +                case KRB5_KDC_UNREACH:
 +                case KRB5_REALM_CANT_RESOLVE:
 +                case KRB5KRB_ERR_RESPONSE_TOO_BIG:
 +                /* should we do this for more result codes than these? */
-+                    krb5int_free_addrlist (&al);
-+                    useTcp = 1;
++                    k5_free_serverlist (&sl);
++                    use_tcp = 1;
 +                    continue;
 +                default:
 +                    break;
diff --git a/krb5-trunk-kpasswd_tcp2.patch b/krb5-trunk-kpasswd_tcp2.patch
deleted file mode 100644
index b2e78c6..0000000
--- a/krb5-trunk-kpasswd_tcp2.patch
+++ /dev/null
@@ -1,233 +0,0 @@
-Use a list of disconnected and connected sockets to talk to kpasswd
-servers, so we automatically try TCP if we fail to change the password
-UDP, or if the UDP-based server is just slow.
-
-This patch looks big, but most of it's actually whitespace because
-most of the logic is no longer called as part of a loop with UDP and
-TCP being used in different iterations.  RT #5868.
-
-Index: src/lib/krb5/os/changepw.c
-===================================================================
---- src/lib/krb5/os/changepw.c	(revision 20199)
-+++ src/lib/krb5/os/changepw.c	(working copy)
-@@ -199,14 +199,14 @@
-     krb5_address 		remote_kaddr;
-     krb5_boolean		useTcp = 0;
-     GETSOCKNAME_ARG3_TYPE 	addrlen;
--    krb5_error_code 		code = 0;
-+    krb5_error_code 		code = 0, code2 = 0;
-     char 			*code_string;
--    int				local_result_code;
-+    int				local_result_code, i;
-     
-     struct sendto_callback_context  callback_ctx;
-     struct sendto_callback_info	callback_info;
-     struct sockaddr_storage	remote_addr;
--    struct addrlist 		al = ADDRLIST_INIT;
-+    struct addrlist 		al = ADDRLIST_INIT, al2 = ADDRLIST_INIT;
- 
-     memset( &callback_ctx, 0, sizeof(struct sendto_callback_context));
-     callback_ctx.context = context;
-@@ -225,109 +225,104 @@
- 				     &callback_ctx.ap_req)))
- 	goto cleanup;
- 
--    do {
--	if ((code = krb5_locate_kpasswd(callback_ctx.context,
--					krb5_princ_realm(callback_ctx.context,
--							 creds->server),
--					&al, useTcp)))
--	    break;
--
-+    code = krb5_locate_kpasswd(callback_ctx.context,
-+			       krb5_princ_realm(callback_ctx.context,
-+						creds->server),
-+			       &al, useTcp);
-+    code2 = krb5_locate_kpasswd(callback_ctx.context,
-+				krb5_princ_realm(callback_ctx.context,
-+						 creds->server),
-+				&al2, !useTcp);
-+    if ((al.naddrs + al2.naddrs) == 0) {
-+	if (!code)
-+	    code = code2 ? code2 : KRB5_REALM_CANT_RESOLVE;
-+	goto cleanup;
-+    }
-+
-+    if (al2.naddrs > 0) {
-+	if (krb5int_grow_addrlist(&al, al2.naddrs))
-+	    goto cleanup;
-+	for (i = 0; i < al2.naddrs; i++)
-+	    al.addrs[al.naddrs++] = al2.addrs[i];
-+	al2.naddrs = 0;
-+    }
-+
--	addrlen = sizeof(remote_addr);
--
--	callback_info.context = (void*) &callback_ctx;
--	callback_info.pfn_callback = kpasswd_sendto_msg_callback;
--	callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup;
--
--	if ((code = krb5int_sendto(callback_ctx.context, 
--				   NULL, 
--				   &al, 
--				   &callback_info,
--				   &chpw_rep,
--				   NULL,
--				   NULL,
--				   ss2sa(&remote_addr),
--                                   &addrlen,
--				   NULL,
--				   NULL,
--				   NULL
--		 ))) {
--
--	    /*
--	     * Here we may want to switch to TCP on some errors.
--	     * right?
--	     */
--	    break;
--	}
--
-+    addrlen = sizeof(remote_addr);
-+
-+    callback_info.context = (void*) &callback_ctx;
-+    callback_info.pfn_callback = kpasswd_sendto_msg_callback;
-+    callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup;
-+
-+    if ((code = krb5int_sendto(callback_ctx.context, 
-+			       NULL, 
-+			       &al, 
-+			       &callback_info,
-+			       &chpw_rep,
-+			       NULL,
-+			       NULL,
-+			       ss2sa(&remote_addr),
-+			       &addrlen,
-+			       NULL,
-+			       NULL,
-+			       NULL
-+		 )))
-+	goto cleanup;
-+
--	remote_kaddr.addrtype = ADDRTYPE_INET;
--	remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
--	remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
--
--	if ((code = krb5_auth_con_setaddrs(callback_ctx.context,  
--					   callback_ctx.auth_context,  
--					   NULL, 
--					   &remote_kaddr)))
--	    break;
--
-+    remote_kaddr.addrtype = ADDRTYPE_INET;
-+    remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
-+    remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
-+
-+    if ((code = krb5_auth_con_setaddrs(callback_ctx.context,  
-+				       callback_ctx.auth_context,
-+				       NULL,
-+				       &remote_kaddr)))
-+	goto cleanup;
-+
--	if (set_password_for)
--	    code = krb5int_rd_setpw_rep(callback_ctx.context, 
--					callback_ctx.auth_context, 
--					&chpw_rep, 
--					&local_result_code, 
--					result_string);
--	else
--	    code = krb5int_rd_chpw_rep(callback_ctx.context, 
--				       callback_ctx.auth_context, 
--				       &chpw_rep, 
--				       &local_result_code, 
--				       result_string);
--
--	if (code) {
--	    if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) {
--		krb5int_free_addrlist (&al);
--		useTcp = 1;
--		continue;
--	    }
--
--	    break;
--	}
--
--	if (result_code)
--	    *result_code = local_result_code;
--	
-+    if (set_password_for)
-+	code = krb5int_rd_setpw_rep(callback_ctx.context, 
-+				    callback_ctx.auth_context, 
-+				    &chpw_rep, 
-+				    &local_result_code, 
-+				    result_string);
-+    else
-+	code = krb5int_rd_chpw_rep(callback_ctx.context, 
-+				   callback_ctx.auth_context, 
-+				   &chpw_rep, 
-+				   &local_result_code, 
-+				   result_string);
-+
-+    if (code)
-+	goto cleanup;
-+
-+    if (result_code)
-+	*result_code = local_result_code;
-+	
--	if (result_code_string) {
--	    if (set_password_for)
--		code = krb5int_setpw_result_code_string(callback_ctx.context, 
--							local_result_code, 
--							(const char **)&code_string);
--	    else
--		code = krb5_chpw_result_code_string(callback_ctx.context, 
--						    local_result_code, 
--						    &code_string);
--	    if(code)
--		goto cleanup;
--
--	    result_code_string->length = strlen(code_string);
--	    result_code_string->data = malloc(result_code_string->length);
--	    if (result_code_string->data == NULL) {
--		code = ENOMEM;
--		goto cleanup;
--	    }
--	    strncpy(result_code_string->data, code_string, result_code_string->length);
--	}
--
--	if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) {
--	    krb5int_free_addrlist (&al);
--	    useTcp = 1;
--        } else {
--	    break;
--	} 
--    } while (TRUE);
-+    if (result_code_string) {
-+	if (set_password_for)
-+	    code = krb5int_setpw_result_code_string(callback_ctx.context, 
-+						    local_result_code, 
-+						    (const char **) &code_string);
-+	else
-+	    code = krb5_chpw_result_code_string(callback_ctx.context, 
-+						local_result_code, 
-+						&code_string);
-+	if (code)
-+	    goto cleanup;
-+
-+	result_code_string->length = strlen(code_string);
-+	result_code_string->data = malloc(result_code_string->length);
-+	if (result_code_string->data == NULL) {
-+	    code = ENOMEM;
-+	    goto cleanup;
-+	}
-+	strncpy(result_code_string->data, code_string, result_code_string->length);
-+    }
- 
- cleanup:
-     if (callback_ctx.auth_context != NULL)
- 	krb5_auth_con_free(callback_ctx.context, callback_ctx.auth_context);
- 
-+    krb5int_free_addrlist (&al2);
-     krb5int_free_addrlist (&al);
-     krb5_free_data_contents(callback_ctx.context, &callback_ctx.ap_req);
-