rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached

Browse Source 
(more of #761317)
This commit is contained in:
Nalin Dahyabhai 2011-12-13 10:48:28 -05:00
parent fb7c02faff
commit 6d68d342c9
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
krb5-trunk-7047.patch Normal file
View File

@ -0,0 +1,28 @@
commit 59a8a0861d5aacd4e985ad4dc4d46a11c2ebc136
Author: ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>
Date: Wed Dec 7 19:38:22 2011 +0000
ticket: 7047
subject: Allow S4U2Proxy service tickets to be cached
Previous to this change, the GSS code avoids caching S4U2Proxy results
for fear of the memory cache growing without bound, but that seems
unlikely to be a serious problem. Allow these to be cached.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25530 dc483132-0cff-0310-8789-dd5450dbe970
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index d7b9ffa..07baefa 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -148,9 +148,7 @@ static krb5_error_code get_credentials(context, cred, server, now,
!krb5_principal_compare(context, cred->impersonator, server->princ)) {
krb5_creds mcreds;
- flags |= KRB5_GC_CANONICALIZE |
- KRB5_GC_NO_STORE |
- KRB5_GC_CONSTRAINED_DELEGATION;
+ flags |= KRB5_GC_CANONICALIZE | KRB5_GC_CONSTRAINED_DELEGATION;
memset(&mcreds, 0, sizeof(mcreds));

4
krb5.spec
View File

@ -60,6 +60,7 @@ Patch86: krb5-1.9-debuginfo.patch
Patch92: krb5-1.10-alpha1-uninit.patch Patch92: krb5-1.10-alpha1-uninit.patch
Patch93: http://web.mit.edu/kerberos/advisories/2011-007-patch.txt Patch93: http://web.mit.edu/kerberos/advisories/2011-007-patch.txt
Patch100: krb5-trunk-7046.patch Patch100: krb5-trunk-7046.patch
Patch101: krb5-trunk-7047.patch
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -227,6 +228,7 @@ ln -s NOTICE LICENSE
%patch86 -p0 -b .debuginfo %patch86 -p0 -b .debuginfo
%patch93 -p1 -b .2011-007 %patch93 -p1 -b .2011-007
%patch100 -p1 -b .7046 %patch100 -p1 -b .7046
%patch101 -p1 -b .7047
# XXX Temporary, backported from trunk. # XXX Temporary, backported from trunk.
%patch92 -p1 -b .uninit %patch92 -p1 -b .uninit
# XXX Temporary, fixed properly in trunk. # XXX Temporary, fixed properly in trunk.
@ -744,6 +746,8 @@ exit 0
* Tue Dec 13 2011 Nalin Dahyabhai <nalin@redhat.com> * Tue Dec 13 2011 Nalin Dahyabhai <nalin@redhat.com>
- pull in patch for RT#7046: tag a ccache containing credentials obtained via - pull in patch for RT#7046: tag a ccache containing credentials obtained via
S4U2Proxy with the principal name of the proxying principal (part of #761317) S4U2Proxy with the principal name of the proxying principal (part of #761317)
- pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached
(more of #761317)
* Tue Dec 6 2011 Nalin Dahyabhai <nalin@redhat.com> 1.10-0.alpha1.2 * Tue Dec 6 2011 Nalin Dahyabhai <nalin@redhat.com> 1.10-0.alpha1.2
- apply upstream patch to fix a null pointer dereference when processing - apply upstream patch to fix a null pointer dereference when processing