Update to 1.12 beta

2013-11-19 18:08:43 -05:00 · 2013-11-19 18:08:43 -05:00 · 88c0c528bd
commit 88c0c528bd
parent 3c08a1616e
4 changed files with 17 additions and 140 deletions
--- a/.gitignore
+++ b/.gitignore
@ -95,3 +95,6 @@ krb5-1.8.3-pdf.tar.gz
 /krb5-1.11.4.tar.gz
 /krb5-1.11.4.tar.gz.asc
 /krb5-1.11.4-pdf.tar.xz
 /krb5-1.12-beta1.tar.gz
 /krb5-1.12-beta1.tar.gz.asc
 /krb5-1.12-beta1-pdf.tar.xz
--- a/krb5-1.12-alpha-gss-ccache-import.patch
+++ b/krb5-1.12-alpha-gss-ccache-import.patch
@ -1,129 +0,0 @@
 commit 48dd01f29b893a958a64dcf6eb0b734e8463425b
 Author: Greg Hudson <ghudson@mit.edu>
 Date:   Mon Oct 7 09:51:56 2013 -0400
    Fix GSSAPI krb5 cred ccache import
    json_to_ccache was incorrectly indexing the JSON array when restoring
    a memory ccache.  Fix it.
    Add test coverage for a multi-cred ccache by exporting/importing the
    synthesized S4U2Proxy delegated cred in t_s4u2proxy_krb5.c; move
    export_import_cred from t_export_cred.c to common.c to facilitate
    this.  Make a note in t_export_cred.py that this case is covered in
    t_s4u.py.
    ticket: 7706
    target_version: 1.11.4
 diff --git a/src/lib/gssapi/krb5/import_cred.c b/src/lib/gssapi/krb5/import_cred.c
 index 973b9d0..f0a0373 100644
 --- a/src/lib/gssapi/krb5/import_cred.c
 +++ b/src/lib/gssapi/krb5/import_cred.c
@@ -486,7 +486,7 @@ json_to_ccache(krb5_context context, k5_json_value v, krb5_ccache *ccache_out,
     /* Add remaining array entries to the ccache as credentials. */
     for (i = 1; i < len; i++) {
 -        if (json_to_creds(context, k5_json_array_get(array, 1), &creds))
 +        if (json_to_creds(context, k5_json_array_get(array, i), &creds))
             goto invalid;
         ret = krb5_cc_store_cred(context, ccache, &creds);
         krb5_free_cred_contents(context, &creds);
 diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c
 index 19a781a..231f44a 100644
 --- a/src/tests/gssapi/common.c
 +++ b/src/tests/gssapi/common.c
@@ -149,6 +149,20 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred,
 }
 void
 +export_import_cred(gss_cred_id_t *cred)
 +{
 +    OM_uint32 major, minor;
 +    gss_buffer_desc buf;
 +
 +    major = gss_export_cred(&minor, *cred, &buf);
 +    check_gsserr("gss_export_cred", major, minor);
 +    (void)gss_release_cred(&minor, cred);
 +    major = gss_import_cred(&minor, &buf, cred);
 +    check_gsserr("gss_import_cred", major, minor);
 +    (void)gss_release_buffer(&minor, &buf);
 +}
 +
 +void
 display_canon_name(const char *tag, gss_name_t name, gss_OID mech)
 {
     gss_name_t canon;
 diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h
 index 54c0d36..ae11b51 100644
 --- a/src/tests/gssapi/common.h
 +++ b/src/tests/gssapi/common.h
@@ -62,6 +62,10 @@ void establish_contexts(gss_OID imech, gss_cred_id_t icred,
                         gss_name_t *src_name, gss_OID *amech,
                         gss_cred_id_t *deleg_cred);
 +/* Export *cred to a token, then release *cred and replace it by re-importing
 + * the token. */
 +void export_import_cred(gss_cred_id_t *cred);
 +
 /* Display name as canonicalized to mech, preceded by tag. */
 void display_canon_name(const char *tag, gss_name_t name, gss_OID mech);
 diff --git a/src/tests/gssapi/t_export_cred.c b/src/tests/gssapi/t_export_cred.c
 index 5214cd5..4d7c028 100644
 --- a/src/tests/gssapi/t_export_cred.c
 +++ b/src/tests/gssapi/t_export_cred.c
@@ -37,22 +37,6 @@ usage(void)
     exit(1);
 }
 -/* Export *cred to a token, then release *cred and replace it by re-importing
 - * the token. */
 -static void
 -export_import_cred(gss_cred_id_t *cred)
 -{
 -    OM_uint32 major, minor;
 -    gss_buffer_desc buf;
 -
 -    major = gss_export_cred(&minor, *cred, &buf);
 -    check_gsserr("gss_export_cred", major, minor);
 -    (void)gss_release_cred(&minor, cred);
 -    major = gss_import_cred(&minor, &buf, cred);
 -    check_gsserr("gss_import_cred", major, minor);
 -    (void)gss_release_buffer(&minor, &buf);
 -}
 -
 int
 main(int argc, char *argv[])
 {
 diff --git a/src/tests/gssapi/t_export_cred.py b/src/tests/gssapi/t_export_cred.py
 index 53dd13c..6988359 100644
 --- a/src/tests/gssapi/t_export_cred.py
 +++ b/src/tests/gssapi/t_export_cred.py
@@ -1,7 +1,10 @@
 #!/usr/bin/python
 from k5test import *
 -# Test gss_export_cred and gss_import_cred.
 +# Test gss_export_cred and gss_import_cred for initiator creds,
 +# acceptor creds, and traditional delegated creds.  t_s4u.py tests
 +# exporting and importing a synthesized S4U2Proxy delegated
 +# credential.
 # Make up a filename to hold user's initial credentials.
 def ccache_savefile(realm):
 diff --git a/src/tests/gssapi/t_s4u2proxy_krb5.c b/src/tests/gssapi/t_s4u2proxy_krb5.c
 index 3ad1086..483d915 100644
 --- a/src/tests/gssapi/t_s4u2proxy_krb5.c
 +++ b/src/tests/gssapi/t_s4u2proxy_krb5.c
@@ -117,6 +117,10 @@ main(int argc, char *argv[])
         goto cleanup;
     }
 +    /* Take the opportunity to test cred export/import on the synthesized
 +     * S4U2Proxy delegated cred. */
 +    export_import_cred(&deleg_cred);
 +
     /* Store the delegated credentials. */
     ret = krb5_cc_resolve(context, storage_ccname, &storage_ccache);
     check_k5err(context, "krb5_cc_resolve", ret);
--- a/krb5.spec
+++ b/krb5.spec
@ -41,15 +41,15 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.12
-Release: 0%{?dist}.alpha1.0
+Release: 0%{?dist}.beta1.0
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12-alpha1-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12-beta1-signed.tar
-Source0: krb5-%{version}-alpha1.tar.gz
+Source0: krb5-%{version}-beta1.tar.gz
-Source1: krb5-%{version}-alpha1.tar.gz.asc
+Source1: krb5-%{version}-beta1.tar.gz.asc
 # Use a dummy krb5-%{version}-pdf.tar.xz the first time through, then
 #  tar cvJf $RPM_SOURCE_DIR/krb5-%%{version}-pdf.tar.xz build-pdf/*.pdf
 # after the build phase finishes.
-Source3: krb5-%{version}-alpha1-pdf.tar.xz
+Source3: krb5-%{version}-beta1-pdf.tar.xz
 Source2: kprop.service
 Source4: kadmin.service
 Source5: krb5kdc.service
@ -92,7 +92,6 @@ Patch129: krb5-1.11-run_user_0.patch
 Patch134: krb5-1.11-kpasswdtest.patch
 Patch138: krb5-master-keyring-offsets.patch
 Patch139: krb5-master-keyring-expiration.patch
 Patch140: krb5-1.12-alpha-gss-ccache-import.patch
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@ -284,7 +283,7 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.
 %prep
-%setup -q -n %{name}-%{version}-alpha1 -a 3 -a 100
+%setup -q -n %{name}-%{version}-beta1 -a 3 -a 100
 ln -s NOTICE LICENSE
 %patch60 -p1 -b .pam
@ -311,7 +310,6 @@ ln -s NOTICE LICENSE
 %patch134 -p1 -b .kpasswdtest
 %patch138 -p1 -b .keyring-offsets
 %patch139 -p1 -b .keyring-expiration
 %patch140 -p1 -b .gss-ccache-import
 # Take the execute bit off of documentation.
 chmod -x doc/krb5-protocol/*.txt
@ -960,6 +958,11 @@ exit 0
 %{_sbindir}/uuserver
 %changelog
 * Tue Nov 19 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.12-beta1.0
 - rebase to master
 - update to beta1
  - drop obsolete backport of fix for RT#7706
 * Mon Nov 18 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.4-2
 - pull in fix to store KDC time offsets in keyring credential caches (RT#7768,
  #1030607)
--- a/6
+++ b/6
@ -1,4 +1,4 @@
-81d38859182c1388c7126bdb975c678b  krb5-1.11.4.tar.gz
+f0f5329199f62d9fcf68e02780c8e2e3  krb5-1.12-beta1.tar.gz
-1ac1512ea788e1747464d250d7734f1d  krb5-1.11.4.tar.gz.asc
+1d812e9438bcc73e8d15ed8836cb1510  krb5-1.12-beta1.tar.gz.asc
-bcbc071bd1267fef501cf5c95d399305  krb5-1.11.4-pdf.tar.xz
+8b4dc313aded04f51f16605c898005d6  krb5-1.12-beta1-pdf.tar.xz
 0d676f5babfc3c5f9e685d6538850021  nss_wrapper-0.0-20130719153839Z.git6cb59864.bz2