Drop call-access()-more patch for ksu

- drop patch to add additional access() checks to ksu - they add to breakage when non-FILE: caches are in use (#1026099), shouldn't be resulting in any benefit, and clash with proposed changes to fix its cache handling
2013-11-04 10:26:41 -05:00 · 2013-11-04 10:26:41 -05:00 · a00c810e4e
commit a00c810e4e
parent 433fcb1772
2 changed files with 6 additions and 50 deletions
--- a/krb5-1.10-ksu-access.patch
+++ b/krb5-1.10-ksu-access.patch
@ -1,47 +0,0 @@
 The idea is to not complain about problems in the default ticket file if we
 couldn't read it, because the client would be able to tell if it's there or
 not, and we're implicitly letting the client tell us where it is.  Still needs
 work, I think.
 --- krb5/src/clients/ksu/ccache.c
 +++ krb5/src/clients/ksu/ccache.c
@@ -78,7 +78,7 @@ krb5_error_code krb5_ccache_copy (contex
     cc_def_name = krb5_cc_get_name(context, cc_def);
     cc_other_name = krb5_cc_get_name(context, *cc_other);
 -    if ( ! stat(cc_def_name, &st_temp)){
 +    if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){
         if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
             return retval;
         }
 --- krb5/src/clients/ksu/heuristic.c
 +++ krb5/src/clients/ksu/heuristic.c
@@ -409,7 +409,7 @@ krb5_error_code find_either_ticket (cont
     cc_source_name = krb5_cc_get_name(context, cc);
 -    if ( ! stat(cc_source_name, &st_temp)){
 +    if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){
         retval = find_ticket(context, cc, client, end_server, &temp_found);
         if (retval)
@@ -569,7 +569,7 @@ krb5_error_code get_best_princ_for_targe
     cc_source_name = krb5_cc_get_name(context, cc_source);
 -    if (! stat(cc_source_name, &st_temp)) {
 +    if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) {
         retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
         if (retval)
             return retval;
 --- krb5/src/clients/ksu/main.c
 +++ krb5/src/clients/ksu/main.c
@@ -270,7 +270,7 @@ main (argc, argv)
                 if ( strchr(cc_source_tag, ':')){
                     cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
 -                    if( stat( cc_source_tag_tmp, &st_temp)){
 +                    if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){
                         com_err(prog_name, errno,
                                 _("while looking for credentials file %s"),
                                 cc_source_tag_tmp);
--- a/krb5.spec
+++ b/krb5.spec
@ -41,7 +41,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.3
-Release: 27%{?dist}
+Release: 28%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
 Source0: krb5-%{version}.tar.gz
@ -74,7 +74,6 @@ BuildRequires: cmake
 Source100: nss_wrapper-0.0-20130719153839Z.git6cb59864.bz2
 Source101: noport.c
 Patch5: krb5-1.10-ksu-access.patch
 Patch6: krb5-1.10-ksu-path.patch
 Patch12: krb5-1.7-ktany.patch
 Patch16: krb5-1.10-buildconf.patch
@ -318,7 +317,6 @@ ln -s NOTICE LICENSE
 %patch63 -p1 -b .selinux-label
 %patch5  -p1 -b .ksu-access
 %patch6  -p1 -b .ksu-path
 %patch12 -p1 -b .ktany
 %patch16 -p1 -b .buildconf %{?_rawbuild}
@ -1006,6 +1004,11 @@ exit 0
 %{_sbindir}/uuserver
 %changelog
 * Mon Nov  4 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-28
 - drop patch to add additional access() checks to ksu - they add to breakage
  when non-FILE: caches are in use (#1026099), shouldn't be resulting in any
  benefit, and clash with proposed changes to fix its cache handling
 * Tue Oct 22 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-27
 - add some minimal description to the top of the wrapper scripts we use
  when starting krb5kdc and kadmind to describe why they exist (tooling)