diff --git a/.gitignore b/.gitignore index 377c28a..d4d1e76 100644 --- a/.gitignore +++ b/.gitignore @@ -95,3 +95,6 @@ krb5-1.8.3-pdf.tar.gz /krb5-1.11.4.tar.gz /krb5-1.11.4.tar.gz.asc /krb5-1.11.4-pdf.tar.xz +/krb5-1.12-beta1.tar.gz +/krb5-1.12-beta1.tar.gz.asc +/krb5-1.12-beta1-pdf.tar.xz diff --git a/krb5-1.12-alpha-gss-ccache-import.patch b/krb5-1.12-alpha-gss-ccache-import.patch deleted file mode 100644 index 86690e4..0000000 --- a/krb5-1.12-alpha-gss-ccache-import.patch +++ /dev/null @@ -1,129 +0,0 @@ -commit 48dd01f29b893a958a64dcf6eb0b734e8463425b -Author: Greg Hudson -Date: Mon Oct 7 09:51:56 2013 -0400 - - Fix GSSAPI krb5 cred ccache import - - json_to_ccache was incorrectly indexing the JSON array when restoring - a memory ccache. Fix it. - - Add test coverage for a multi-cred ccache by exporting/importing the - synthesized S4U2Proxy delegated cred in t_s4u2proxy_krb5.c; move - export_import_cred from t_export_cred.c to common.c to facilitate - this. Make a note in t_export_cred.py that this case is covered in - t_s4u.py. - - ticket: 7706 - target_version: 1.11.4 - -diff --git a/src/lib/gssapi/krb5/import_cred.c b/src/lib/gssapi/krb5/import_cred.c -index 973b9d0..f0a0373 100644 ---- a/src/lib/gssapi/krb5/import_cred.c -+++ b/src/lib/gssapi/krb5/import_cred.c -@@ -486,7 +486,7 @@ json_to_ccache(krb5_context context, k5_json_value v, krb5_ccache *ccache_out, - - /* Add remaining array entries to the ccache as credentials. */ - for (i = 1; i < len; i++) { -- if (json_to_creds(context, k5_json_array_get(array, 1), &creds)) -+ if (json_to_creds(context, k5_json_array_get(array, i), &creds)) - goto invalid; - ret = krb5_cc_store_cred(context, ccache, &creds); - krb5_free_cred_contents(context, &creds); -diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c -index 19a781a..231f44a 100644 ---- a/src/tests/gssapi/common.c -+++ b/src/tests/gssapi/common.c -@@ -149,6 +149,20 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, - } - - void -+export_import_cred(gss_cred_id_t *cred) -+{ -+ OM_uint32 major, minor; -+ gss_buffer_desc buf; -+ -+ major = gss_export_cred(&minor, *cred, &buf); -+ check_gsserr("gss_export_cred", major, minor); -+ (void)gss_release_cred(&minor, cred); -+ major = gss_import_cred(&minor, &buf, cred); -+ check_gsserr("gss_import_cred", major, minor); -+ (void)gss_release_buffer(&minor, &buf); -+} -+ -+void - display_canon_name(const char *tag, gss_name_t name, gss_OID mech) - { - gss_name_t canon; -diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h -index 54c0d36..ae11b51 100644 ---- a/src/tests/gssapi/common.h -+++ b/src/tests/gssapi/common.h -@@ -62,6 +62,10 @@ void establish_contexts(gss_OID imech, gss_cred_id_t icred, - gss_name_t *src_name, gss_OID *amech, - gss_cred_id_t *deleg_cred); - -+/* Export *cred to a token, then release *cred and replace it by re-importing -+ * the token. */ -+void export_import_cred(gss_cred_id_t *cred); -+ - /* Display name as canonicalized to mech, preceded by tag. */ - void display_canon_name(const char *tag, gss_name_t name, gss_OID mech); - -diff --git a/src/tests/gssapi/t_export_cred.c b/src/tests/gssapi/t_export_cred.c -index 5214cd5..4d7c028 100644 ---- a/src/tests/gssapi/t_export_cred.c -+++ b/src/tests/gssapi/t_export_cred.c -@@ -37,22 +37,6 @@ usage(void) - exit(1); - } - --/* Export *cred to a token, then release *cred and replace it by re-importing -- * the token. */ --static void --export_import_cred(gss_cred_id_t *cred) --{ -- OM_uint32 major, minor; -- gss_buffer_desc buf; -- -- major = gss_export_cred(&minor, *cred, &buf); -- check_gsserr("gss_export_cred", major, minor); -- (void)gss_release_cred(&minor, cred); -- major = gss_import_cred(&minor, &buf, cred); -- check_gsserr("gss_import_cred", major, minor); -- (void)gss_release_buffer(&minor, &buf); --} -- - int - main(int argc, char *argv[]) - { -diff --git a/src/tests/gssapi/t_export_cred.py b/src/tests/gssapi/t_export_cred.py -index 53dd13c..6988359 100644 ---- a/src/tests/gssapi/t_export_cred.py -+++ b/src/tests/gssapi/t_export_cred.py -@@ -1,7 +1,10 @@ - #!/usr/bin/python - from k5test import * - --# Test gss_export_cred and gss_import_cred. -+# Test gss_export_cred and gss_import_cred for initiator creds, -+# acceptor creds, and traditional delegated creds. t_s4u.py tests -+# exporting and importing a synthesized S4U2Proxy delegated -+# credential. - - # Make up a filename to hold user's initial credentials. - def ccache_savefile(realm): -diff --git a/src/tests/gssapi/t_s4u2proxy_krb5.c b/src/tests/gssapi/t_s4u2proxy_krb5.c -index 3ad1086..483d915 100644 ---- a/src/tests/gssapi/t_s4u2proxy_krb5.c -+++ b/src/tests/gssapi/t_s4u2proxy_krb5.c -@@ -117,6 +117,10 @@ main(int argc, char *argv[]) - goto cleanup; - } - -+ /* Take the opportunity to test cred export/import on the synthesized -+ * S4U2Proxy delegated cred. */ -+ export_import_cred(&deleg_cred); -+ - /* Store the delegated credentials. */ - ret = krb5_cc_resolve(context, storage_ccname, &storage_ccache); - check_k5err(context, "krb5_cc_resolve", ret); diff --git a/krb5.spec b/krb5.spec index 19282a6..1c6900b 100644 --- a/krb5.spec +++ b/krb5.spec @@ -41,15 +41,15 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.12 -Release: 0%{?dist}.alpha1.0 +Release: 0%{?dist}.beta1.0 # Maybe we should explode from the now-available-to-everybody tarball instead? -# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12-alpha1-signed.tar -Source0: krb5-%{version}-alpha1.tar.gz -Source1: krb5-%{version}-alpha1.tar.gz.asc +# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12-beta1-signed.tar +Source0: krb5-%{version}-beta1.tar.gz +Source1: krb5-%{version}-beta1.tar.gz.asc # Use a dummy krb5-%{version}-pdf.tar.xz the first time through, then # tar cvJf $RPM_SOURCE_DIR/krb5-%%{version}-pdf.tar.xz build-pdf/*.pdf # after the build phase finishes. -Source3: krb5-%{version}-alpha1-pdf.tar.xz +Source3: krb5-%{version}-beta1-pdf.tar.xz Source2: kprop.service Source4: kadmin.service Source5: krb5kdc.service @@ -92,7 +92,6 @@ Patch129: krb5-1.11-run_user_0.patch Patch134: krb5-1.11-kpasswdtest.patch Patch138: krb5-master-keyring-offsets.patch Patch139: krb5-master-keyring-expiration.patch -Patch140: krb5-1.12-alpha-gss-ccache-import.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -284,7 +283,7 @@ to obtain initial credentials from a KDC using a private key and a certificate. %prep -%setup -q -n %{name}-%{version}-alpha1 -a 3 -a 100 +%setup -q -n %{name}-%{version}-beta1 -a 3 -a 100 ln -s NOTICE LICENSE %patch60 -p1 -b .pam @@ -311,7 +310,6 @@ ln -s NOTICE LICENSE %patch134 -p1 -b .kpasswdtest %patch138 -p1 -b .keyring-offsets %patch139 -p1 -b .keyring-expiration -%patch140 -p1 -b .gss-ccache-import # Take the execute bit off of documentation. chmod -x doc/krb5-protocol/*.txt @@ -960,6 +958,11 @@ exit 0 %{_sbindir}/uuserver %changelog +* Tue Nov 19 2013 Nalin Dahyabhai - 1.12-beta1.0 +- rebase to master +- update to beta1 + - drop obsolete backport of fix for RT#7706 + * Mon Nov 18 2013 Nalin Dahyabhai - 1.11.4-2 - pull in fix to store KDC time offsets in keyring credential caches (RT#7768, #1030607) diff --git a/sources b/sources index d2fa168..c4a2d5e 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -81d38859182c1388c7126bdb975c678b krb5-1.11.4.tar.gz -1ac1512ea788e1747464d250d7734f1d krb5-1.11.4.tar.gz.asc -bcbc071bd1267fef501cf5c95d399305 krb5-1.11.4-pdf.tar.xz +f0f5329199f62d9fcf68e02780c8e2e3 krb5-1.12-beta1.tar.gz +1d812e9438bcc73e8d15ed8836cb1510 krb5-1.12-beta1.tar.gz.asc +8b4dc313aded04f51f16605c898005d6 krb5-1.12-beta1-pdf.tar.xz 0d676f5babfc3c5f9e685d6538850021 nss_wrapper-0.0-20130719153839Z.git6cb59864.bz2