From e506fad693fe66555116a07d3fc54487acd78c74 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 19 Jul 2018 16:43:21 -0400 Subject: [PATCH] Make krb5kdc -p affect TCP ports --- Make-krb5kdc-p-affect-TCP-ports.patch | 67 +++++++++++++++++++++++++++ krb5.spec | 6 ++- 2 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 Make-krb5kdc-p-affect-TCP-ports.patch diff --git a/Make-krb5kdc-p-affect-TCP-ports.patch b/Make-krb5kdc-p-affect-TCP-ports.patch new file mode 100644 index 0000000..ac5bc30 --- /dev/null +++ b/Make-krb5kdc-p-affect-TCP-ports.patch @@ -0,0 +1,67 @@ +From 5587c1de938324faa1871e08ccfc835415acb443 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Tue, 17 Jul 2018 11:29:19 -0400 +Subject: [PATCH] Make krb5kdc -p affect TCP ports + +Now that the KDC listens for TCP connections by default (ticket 6731), +the "-p" option should affect both UDP and TCP default listening +ports. + +ticket: 8715 (new) +(cherry picked from commit eb514587acc5c357bf0f554199bf0489b5515f8b) +--- + doc/admin/admin_commands/krb5kdc.rst | 12 ++++++------ + src/kdc/main.c | 12 ++++-------- + 2 files changed, 10 insertions(+), 14 deletions(-) + +diff --git a/doc/admin/admin_commands/krb5kdc.rst b/doc/admin/admin_commands/krb5kdc.rst +index 7ec4ee4d3..bda2c015c 100644 +--- a/doc/admin/admin_commands/krb5kdc.rst ++++ b/doc/admin/admin_commands/krb5kdc.rst +@@ -57,12 +57,12 @@ The **-P** *pid_file* option tells the KDC to write its PID into + the KDC is still running and to allow init scripts to stop the correct + process. + +-The **-p** *portnum* option specifies the default UDP port numbers +-which the KDC should listen on for Kerberos version 5 requests, as a +-comma-separated list. This value overrides the UDP port numbers +-specified in the :ref:`kdcdefaults` section of :ref:`kdc.conf(5)`, but +-may be overridden by realm-specific values. If no value is given from +-any source, the default port is 88. ++The **-p** *portnum* option specifies the default UDP and TCP port ++numbers which the KDC should listen on for Kerberos version 5 ++requests, as a comma-separated list. This value overrides the port ++numbers specified in the :ref:`kdcdefaults` section of ++:ref:`kdc.conf(5)`, but may be overridden by realm-specific values. ++If no value is given from any source, the default port is 88. + + The **-w** *numworkers* option tells the KDC to fork *numworkers* + processes to listen to the KDC ports and process requests in parallel. +diff --git a/src/kdc/main.c b/src/kdc/main.c +index ccac3a759..89dac23ae 100644 +--- a/src/kdc/main.c ++++ b/src/kdc/main.c +@@ -793,19 +793,15 @@ initialize_realms(krb5_context kcontext, int argc, char **argv, + pid_file = optarg; + break; + case 'p': +- if (def_udp_listen) +- free(def_udp_listen); ++ free(def_udp_listen); ++ free(def_tcp_listen); + def_udp_listen = strdup(optarg); +- if (!def_udp_listen) { ++ def_tcp_listen = strdup(optarg); ++ if (def_udp_listen == NULL || def_tcp_listen == NULL) { + fprintf(stderr, _(" KDC cannot initialize. Not enough " + "memory\n")); + exit(1); + } +-#if 0 /* not yet */ +- if (default_tcp_ports) +- free(default_tcp_ports); +- default_tcp_ports = strdup(optarg); +-#endif + break; + case 'T': + time_offset = atoi(optarg); diff --git a/krb5.spec b/krb5.spec index 25804a9..eb3cf66 100644 --- a/krb5.spec +++ b/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.16.1 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 15%{?dist} +Release: 16%{?dist} # lookaside-cached sources; two downloads and a build artifact Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz @@ -99,6 +99,7 @@ Patch79: Convert-Python-tests-to-Python-3.patch Patch80: Zap-copy-of-secret-in-RC4-string-to-key.patch Patch81: Fix-some-broken-tests-for-Python-3.patch Patch82: Eliminate-preprocessor-disabled-dead-code.patch +Patch83: Make-krb5kdc-p-affect-TCP-ports.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -745,6 +746,9 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Thu Jul 19 2018 Robbie Harwood - 1.16.1-16 +- Make krb5kdc -p affect TCP ports + * Thu Jul 19 2018 Robbie Harwood - 1.16.1-15 - Eliminate preprocessor-disabled dead code