Drop call-access()-more patch for ksu

- drop patch to add additional access() checks to ksu - they add to breakage
  when non-FILE: caches are in use (#1026099), shouldn't be resulting in any
  benefit, and clash with proposed changes to fix its cache handling
This commit is contained in:
Nalin Dahyabhai 2013-11-04 10:26:41 -05:00
parent 433fcb1772
commit a00c810e4e
2 changed files with 6 additions and 50 deletions

View File

@ -1,47 +0,0 @@
The idea is to not complain about problems in the default ticket file if we
couldn't read it, because the client would be able to tell if it's there or
not, and we're implicitly letting the client tell us where it is. Still needs
work, I think.
--- krb5/src/clients/ksu/ccache.c
+++ krb5/src/clients/ksu/ccache.c
@@ -78,7 +78,7 @@ krb5_error_code krb5_ccache_copy (contex
cc_def_name = krb5_cc_get_name(context, cc_def);
cc_other_name = krb5_cc_get_name(context, *cc_other);
- if ( ! stat(cc_def_name, &st_temp)){
+ if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){
if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
return retval;
}
--- krb5/src/clients/ksu/heuristic.c
+++ krb5/src/clients/ksu/heuristic.c
@@ -409,7 +409,7 @@ krb5_error_code find_either_ticket (cont
cc_source_name = krb5_cc_get_name(context, cc);
- if ( ! stat(cc_source_name, &st_temp)){
+ if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){
retval = find_ticket(context, cc, client, end_server, &temp_found);
if (retval)
@@ -569,7 +569,7 @@ krb5_error_code get_best_princ_for_targe
cc_source_name = krb5_cc_get_name(context, cc_source);
- if (! stat(cc_source_name, &st_temp)) {
+ if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) {
retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
if (retval)
return retval;
--- krb5/src/clients/ksu/main.c
+++ krb5/src/clients/ksu/main.c
@@ -270,7 +270,7 @@ main (argc, argv)
if ( strchr(cc_source_tag, ':')){
cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
- if( stat( cc_source_tag_tmp, &st_temp)){
+ if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){
com_err(prog_name, errno,
_("while looking for credentials file %s"),
cc_source_tag_tmp);

View File

@ -41,7 +41,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.11.3
Release: 27%{?dist}
Release: 28%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
Source0: krb5-%{version}.tar.gz
@ -74,7 +74,6 @@ BuildRequires: cmake
Source100: nss_wrapper-0.0-20130719153839Z.git6cb59864.bz2
Source101: noport.c
Patch5: krb5-1.10-ksu-access.patch
Patch6: krb5-1.10-ksu-path.patch
Patch12: krb5-1.7-ktany.patch
Patch16: krb5-1.10-buildconf.patch
@ -318,7 +317,6 @@ ln -s NOTICE LICENSE
%patch63 -p1 -b .selinux-label
%patch5 -p1 -b .ksu-access
%patch6 -p1 -b .ksu-path
%patch12 -p1 -b .ktany
%patch16 -p1 -b .buildconf %{?_rawbuild}
@ -1006,6 +1004,11 @@ exit 0
%{_sbindir}/uuserver
%changelog
* Mon Nov 4 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-28
- drop patch to add additional access() checks to ksu - they add to breakage
when non-FILE: caches are in use (#1026099), shouldn't be resulting in any
benefit, and clash with proposed changes to fix its cache handling
* Tue Oct 22 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-27
- add some minimal description to the top of the wrapper scripts we use
when starting krb5kdc and kadmind to describe why they exist (tooling)