From dc8775d11d7134f84024545f21b4561a6bd8dccf Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 18 Nov 2020 13:33:37 -0500 Subject: [PATCH] Fix build failure in -1 --- ...e-kvno-options-from-Heimdal-kgetcred.patch | 34 +++++++++---------- ...t-KDC-alias-helper-function-contract.patch | 2 +- ...ases-when-matching-U2U-second-ticket.patch | 2 +- ...d-passing-DB-entry-structures-in-KDC.patch | 2 +- Fix-minor-static-analysis-defects.patch | 2 +- ...-KDC-alias-checking-for-S4U-requests.patch | 2 +- Minimize-usage-of-tgs_server-in-KDC.patch | 2 +- ...KDC-authdata-list-management-helpers.patch | 2 +- krb5.spec | 5 ++- 9 files changed, 28 insertions(+), 25 deletions(-) diff --git a/Add-three-kvno-options-from-Heimdal-kgetcred.patch b/Add-three-kvno-options-from-Heimdal-kgetcred.patch index 9cb1386..1f6452f 100644 --- a/Add-three-kvno-options-from-Heimdal-kgetcred.patch +++ b/Add-three-kvno-options-from-Heimdal-kgetcred.patch @@ -1,4 +1,4 @@ -From ba21ad84f7c8317a595ded1e657c7985fa4b90e1 Mon Sep 17 00:00:00 2001 +From 4da87d7fe288f3f7087dca8396d42abfd958b8e4 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 17 Jun 2020 20:48:38 -0400 Subject: [PATCH] Add three kvno options from Heimdal kgetcred @@ -17,10 +17,10 @@ ticket: 8917 (new) --- doc/user/user_commands/kvno.rst | 13 ++++ src/clients/kvno/Makefile.in | 3 + - src/clients/kvno/kvno.c | 113 +++++++++++++++++++++++--------- + src/clients/kvno/kvno.c | 112 +++++++++++++++++++++++--------- src/clients/kvno/t_kvno.py | 75 +++++++++++++++++++++ src/man/kvno.man | 13 ++++ - 5 files changed, 185 insertions(+), 32 deletions(-) + 5 files changed, 185 insertions(+), 31 deletions(-) create mode 100644 src/clients/kvno/t_kvno.py diff --git a/doc/user/user_commands/kvno.rst b/doc/user/user_commands/kvno.rst @@ -62,16 +62,16 @@ index 1c3f79392..5ba877271 100644 $(RM) kvno.o kvno diff --git a/src/clients/kvno/kvno.c b/src/clients/kvno/kvno.c -index 8edd97361..55e7dd0ce 100644 +index 8edd97361..c5f6bf700 100644 --- a/src/clients/kvno/kvno.c +++ b/src/clients/kvno/kvno.c -@@ -47,15 +47,16 @@ xusage() +@@ -47,15 +47,17 @@ xusage() "[-u | -S sname]" XUSAGE_BREAK "[[{-F cert_file | {-I | -U} for_user} [-P]] | " "--u2u ccache]" XUSAGE_BREAK + "[--cached-only] [--no-store] [--out-cache] " "service1 service2 ...\n"), -- prog); + prog); exit(1); } @@ -86,7 +86,7 @@ index 8edd97361..55e7dd0ce 100644 const char *u2u_ccname); #include -@@ -65,18 +66,21 @@ static void extended_com_err_fn(const char *myprog, errcode_t code, +@@ -65,18 +67,21 @@ static void extended_com_err_fn(const char *myprog, errcode_t code, int main(int argc, char *argv[]) { @@ -115,7 +115,7 @@ index 8edd97361..55e7dd0ce 100644 setlocale(LC_ALL, ""); set_com_err_hook(extended_com_err_fn); -@@ -139,6 +143,12 @@ main(int argc, char *argv[]) +@@ -139,6 +144,12 @@ main(int argc, char *argv[]) case OPTION_U2U: u2u_ccname = optarg; break; @@ -128,7 +128,7 @@ index 8edd97361..55e7dd0ce 100644 default: xusage(); break; -@@ -163,8 +173,9 @@ main(int argc, char *argv[]) +@@ -163,8 +174,9 @@ main(int argc, char *argv[]) xusage(); do_v5_kvno(argc - optind, argv + optind, ccachestr, etypestr, keytab_name, @@ -140,7 +140,7 @@ index 8edd97361..55e7dd0ce 100644 return 0; } -@@ -278,14 +289,16 @@ static krb5_error_code +@@ -278,14 +290,16 @@ static krb5_error_code kvno(const char *name, krb5_ccache ccache, krb5_principal me, krb5_enctype etype, krb5_keytab keytab, const char *sname, krb5_flags options, int unknown, krb5_principal for_user_princ, @@ -159,7 +159,7 @@ index 8edd97361..55e7dd0ce 100644 memset(&in_creds, 0, sizeof(in_creds)); if (sname != NULL) { -@@ -325,13 +338,12 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, +@@ -325,13 +339,12 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, in_creds.client = for_user_princ; in_creds.server = me; ret = krb5_get_credentials_for_user(context, options, ccache, @@ -175,7 +175,7 @@ index 8edd97361..55e7dd0ce 100644 } if (ret) { -@@ -340,7 +352,7 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, +@@ -340,7 +353,7 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, } /* We need a native ticket. */ @@ -184,7 +184,7 @@ index 8edd97361..55e7dd0ce 100644 if (ret) { com_err(prog, ret, _("while decoding ticket for %s"), princ); goto cleanup; -@@ -366,15 +378,15 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, +@@ -366,15 +379,15 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, } if (proxy) { @@ -205,7 +205,7 @@ index 8edd97361..55e7dd0ce 100644 krb5_free_principal(context, in_creds.client); if (ret) { com_err(prog, ret, _("%s: constrained delegation failed"), -@@ -383,10 +395,13 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, +@@ -383,10 +396,13 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, } } @@ -220,7 +220,7 @@ index 8edd97361..55e7dd0ce 100644 krb5_free_unparsed_name(context, princ); return ret; } -@@ -432,19 +447,28 @@ cleanup: +@@ -432,19 +448,28 @@ cleanup: static void do_v5_kvno(int count, char *names[], char * ccachestr, char *etypestr, @@ -255,7 +255,7 @@ index 8edd97361..55e7dd0ce 100644 ret = krb5_init_context(&context); if (ret) { -@@ -471,6 +495,14 @@ do_v5_kvno(int count, char *names[], char * ccachestr, char *etypestr, +@@ -471,6 +496,14 @@ do_v5_kvno(int count, char *names[], char * ccachestr, char *etypestr, exit(1); } @@ -270,7 +270,7 @@ index 8edd97361..55e7dd0ce 100644 if (keytab_name != NULL) { ret = krb5_kt_resolve(context, keytab_name, &keytab); if (ret) { -@@ -517,8 +549,25 @@ do_v5_kvno(int count, char *names[], char * ccachestr, char *etypestr, +@@ -517,8 +550,25 @@ do_v5_kvno(int count, char *names[], char * ccachestr, char *etypestr, errors = 0; for (i = 0; i < count; i++) { if (kvno(names[i], ccache, me, etype, keytab, sname, options, unknown, diff --git a/Adjust-KDC-alias-helper-function-contract.patch b/Adjust-KDC-alias-helper-function-contract.patch index 0046bb4..13f4cb7 100644 --- a/Adjust-KDC-alias-helper-function-contract.patch +++ b/Adjust-KDC-alias-helper-function-contract.patch @@ -1,4 +1,4 @@ -From cf853d10b13dca77acd08d1387e94527994f9ef5 Mon Sep 17 00:00:00 2001 +From 833dfff1a11da3b1b9cf45a2bb09f17efa49cdba Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 22 Sep 2020 01:11:39 +0300 Subject: [PATCH] Adjust KDC alias helper function contract diff --git a/Allow-aliases-when-matching-U2U-second-ticket.patch b/Allow-aliases-when-matching-U2U-second-ticket.patch index 07519e1..523402f 100644 --- a/Allow-aliases-when-matching-U2U-second-ticket.patch +++ b/Allow-aliases-when-matching-U2U-second-ticket.patch @@ -1,4 +1,4 @@ -From 5a9b4d190906a8b11a7e1f707d1ea1930ce2fd31 Mon Sep 17 00:00:00 2001 +From e976a70ff23e600a76d1c3134f9c2f80753b6679 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 22 Sep 2020 01:17:11 +0300 Subject: [PATCH] Allow aliases when matching U2U second ticket diff --git a/Avoid-passing-DB-entry-structures-in-KDC.patch b/Avoid-passing-DB-entry-structures-in-KDC.patch index aeb20ad..23f96e3 100644 --- a/Avoid-passing-DB-entry-structures-in-KDC.patch +++ b/Avoid-passing-DB-entry-structures-in-KDC.patch @@ -1,4 +1,4 @@ -From f5987c71188138626030eef62145a126a84b62fb Mon Sep 17 00:00:00 2001 +From e0fc680b2fb51513993c4cdaa2c25b292f57a073 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 30 Sep 2020 02:12:00 -0400 Subject: [PATCH] Avoid passing DB entry structures in KDC diff --git a/Fix-minor-static-analysis-defects.patch b/Fix-minor-static-analysis-defects.patch index 644df97..b94b48c 100644 --- a/Fix-minor-static-analysis-defects.patch +++ b/Fix-minor-static-analysis-defects.patch @@ -1,4 +1,4 @@ -From ae153c1dbb91782e1c8d5e80be9e133766eb81fd Mon Sep 17 00:00:00 2001 +From 0de060366a1b75df47189f5cc0a7a92685cbe1d7 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 15 Oct 2020 18:15:29 -0400 Subject: [PATCH] Fix minor static analysis defects diff --git a/Improve-KDC-alias-checking-for-S4U-requests.patch b/Improve-KDC-alias-checking-for-S4U-requests.patch index d58ffa5..76b0bf9 100644 --- a/Improve-KDC-alias-checking-for-S4U-requests.patch +++ b/Improve-KDC-alias-checking-for-S4U-requests.patch @@ -1,4 +1,4 @@ -From ec23f914a4be4f4ce5a8960ea72f0f45f7c8cf59 Mon Sep 17 00:00:00 2001 +From dc03b33af17f2014baaa29412a1787cbcb140a62 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 4 Sep 2020 14:05:50 +0300 Subject: [PATCH] Improve KDC alias checking for S4U requests diff --git a/Minimize-usage-of-tgs_server-in-KDC.patch b/Minimize-usage-of-tgs_server-in-KDC.patch index 3e3c740..5199395 100644 --- a/Minimize-usage-of-tgs_server-in-KDC.patch +++ b/Minimize-usage-of-tgs_server-in-KDC.patch @@ -1,4 +1,4 @@ -From 62f5a8c4ef97f0f0f3ceddff8e0a768c5f3b544e Mon Sep 17 00:00:00 2001 +From ce60c549887a7732a6079d6e7111eb645f279781 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 25 Sep 2020 11:12:34 -0400 Subject: [PATCH] Minimize usage of tgs_server in KDC diff --git a/Refactor-KDC-authdata-list-management-helpers.patch b/Refactor-KDC-authdata-list-management-helpers.patch index f60e0af..495dbda 100644 --- a/Refactor-KDC-authdata-list-management-helpers.patch +++ b/Refactor-KDC-authdata-list-management-helpers.patch @@ -1,4 +1,4 @@ -From 227828eb22ff0383f76b918899a03e1c7c97a7c0 Mon Sep 17 00:00:00 2001 +From 00245d789edc6cf6263540d7c9d7ee45bbac58ce Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 5 Feb 2020 18:46:11 -0500 Subject: [PATCH] Refactor KDC authdata list management helpers diff --git a/krb5.spec b/krb5.spec index 6d2244a..8372f70 100644 --- a/krb5.spec +++ b/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.18.3 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 1%{?dist} +Release: 2%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz @@ -627,6 +627,9 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Wed Nov 18 2020 Robbie Harwood - 1.18.3-2 +- Fix build failure in -1 + * Wed Nov 18 2020 Robbie Harwood - 1.18.3-1 - New upstream version (1.18.3)