From e64e2779612cac3e0fe1d36d9394e5c943766954fcb8f98c6a50efd27f4b587e Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 14 Sep 2007 14:20:57 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=25 --- krb5-1.6.2-post.dif | 500 +++++++++++++++++++++++++++++++++++++++---- krb5-doc.spec | 6 +- krb5-plugins.changes | 8 + krb5-plugins.spec | 11 +- krb5.changes | 8 + krb5.spec | 9 +- 6 files changed, 487 insertions(+), 55 deletions(-) diff --git a/krb5-1.6.2-post.dif b/krb5-1.6.2-post.dif index 3e4cd9b..bc809b7 100644 --- a/krb5-1.6.2-post.dif +++ b/krb5-1.6.2-post.dif @@ -1,7 +1,44 @@ +Index: src/include/k5-int.h +=================================================================== +--- src/include/k5-int.h (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/include/k5-int.h (.../branches/krb5-1-6) (Revision 19936) +@@ -216,6 +216,10 @@ + /* required */ + #define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */ + /* ticket don't match*/ ++#define KDC_ERR_SVC_UNAVAILABLE 29 /* A service is not ++ * available that is ++ * required to process the ++ * request */ + /* Application errors */ + #define KRB_AP_ERR_BAD_INTEGRITY 31 /* Decrypt integrity check failed */ + #define KRB_AP_ERR_TKT_EXPIRED 32 /* Ticket expired */ +@@ -498,7 +502,9 @@ + krb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message, + const struct addrlist *addrs, struct sendto_callback_info* callback_info, + krb5_data *reply, struct sockaddr *localaddr, socklen_t *localaddrlen, +- struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used); ++ struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, int *addr_used, ++ int (*msg_handler)(krb5_context, const krb5_data *, void *), ++ void *msg_handler_data); + + krb5_error_code krb5_get_krbhst (krb5_context, const krb5_data *, char *** ); + krb5_error_code krb5_free_krbhst (krb5_context, char * const * ); +@@ -1885,7 +1891,9 @@ + krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg, + const struct addrlist *, struct sendto_callback_info*, krb5_data *reply, + struct sockaddr *, socklen_t *,struct sockaddr *, +- socklen_t *, int *); ++ socklen_t *, int *, ++ int (*msg_handler)(krb5_context, const krb5_data *, void *), ++ void *msg_handler_data); + krb5_error_code (*add_host_to_list)(struct addrlist *lp, + const char *hostname, + int port, int secport, Index: src/clients/kvno/kvno.M =================================================================== ---- src/clients/kvno/kvno.M (.../tags/krb5-1-6-2-final) (Revision 19931) -+++ src/clients/kvno/kvno.M (.../branches/krb5-1-6) (Revision 19931) +--- src/clients/kvno/kvno.M (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/clients/kvno/kvno.M (.../branches/krb5-1-6) (Revision 19936) @@ -55,6 +55,15 @@ specifies that Kerberos version 4 tickets should be acquired and described. This option is only available if Kerberos 4 support was @@ -20,8 +57,8 @@ Index: src/clients/kvno/kvno.M uses the following environment variable: Index: src/clients/kvno/kvno.c =================================================================== ---- src/clients/kvno/kvno.c (.../tags/krb5-1-6-2-final) (Revision 19931) -+++ src/clients/kvno/kvno.c (.../branches/krb5-1-6) (Revision 19931) +--- src/clients/kvno/kvno.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/clients/kvno/kvno.c (.../branches/krb5-1-6) (Revision 19936) @@ -41,10 +41,10 @@ { #ifdef KRB5_KRB4_COMPAT @@ -115,8 +152,8 @@ Index: src/clients/kvno/kvno.c com_err(prog, ret, "while parsing principal name %s", names[i]); Index: src/lib/crypto/prng.c =================================================================== ---- src/lib/crypto/prng.c (.../tags/krb5-1-6-2-final) (Revision 19931) -+++ src/lib/crypto/prng.c (.../branches/krb5-1-6) (Revision 19931) +--- src/lib/crypto/prng.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/crypto/prng.c (.../branches/krb5-1-6) (Revision 19936) @@ -162,7 +162,7 @@ krb5_data data; struct stat sb; @@ -156,8 +193,8 @@ Index: src/lib/crypto/prng.c data included in the reseed so we get it first.*/ Index: src/lib/gssapi/spnego/spnego_mech.c =================================================================== ---- src/lib/gssapi/spnego/spnego_mech.c (.../tags/krb5-1-6-2-final) (Revision 19931) -+++ src/lib/gssapi/spnego/spnego_mech.c (.../branches/krb5-1-6) (Revision 19931) +--- src/lib/gssapi/spnego/spnego_mech.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/gssapi/spnego/spnego_mech.c (.../branches/krb5-1-6) (Revision 19936) @@ -61,7 +61,7 @@ /* private routines for spnego_mechanism */ static spnego_token_t make_spnego_token(char *); @@ -175,23 +212,310 @@ Index: src/lib/gssapi/spnego/spnego_mech.c if (ret == GSS_S_COMPLETE) { /* * Now, switch the output context to refer to the +Index: src/lib/krb4/send_to_kdc.c +=================================================================== +--- src/lib/krb4/send_to_kdc.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/krb4/send_to_kdc.c (.../branches/krb5-1-6) (Revision 19936) +@@ -181,7 +181,7 @@ + message.length = pkt->length; + message.data = (char *)pkt->dat; /* XXX yuck */ + retval = internals.sendto_udp(NULL, &message, &al, NULL, &reply, addr, +- addrlen, NULL, 0, NULL); ++ addrlen, NULL, 0, NULL, NULL, NULL); + DEB(("sendto_udp returns %d\n", retval)); + free_al: + internals.free_addrlist(&al); +Index: src/lib/krb5/os/sendto_kdc.c +=================================================================== +--- src/lib/krb5/os/sendto_kdc.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/krb5/os/sendto_kdc.c (.../branches/krb5-1-6) (Revision 19936) +@@ -1,7 +1,7 @@ + /* + * lib/krb5/os/sendto_kdc.c + * +- * Copyright 1990,1991,2001,2002,2004,2005 by the Massachusetts Institute of Technology. ++ * Copyright 1990,1991,2001,2002,2004,2005,2007 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may +@@ -295,6 +295,30 @@ + return 0; + } + ++static int ++check_for_svc_unavailable (krb5_context context, ++ const krb5_data *reply, ++ void *msg_handler_data) ++{ ++ krb5_error_code *retval = (krb5_error_code *)msg_handler_data; ++ ++ *retval = 0; ++ ++ if (krb5_is_krb_error(reply)) { ++ krb5_error *err_reply; ++ ++ if (decode_krb5_error(reply, &err_reply) == 0) { ++ *retval = err_reply->error; ++ krb5_free_error(context, err_reply); ++ ++ /* Returning 0 means continue to next KDC */ ++ return (*retval != KDC_ERR_SVC_UNAVAILABLE); ++ } ++ } ++ ++ return 1; ++} ++ + /* + * send the formatted request 'message' to a KDC for realm 'realm' and + * return the response (if any) in 'reply'. +@@ -381,9 +405,12 @@ + } + + if (addrs.naddrs > 0) { ++ krb5_error_code err = 0; ++ + retval = krb5int_sendto (context, message, &addrs, 0, reply, 0, 0, +- 0, 0, &addr_used); +- if (retval == 0) { ++ 0, 0, &addr_used, check_for_svc_unavailable, &err); ++ switch (retval) { ++ case 0: + /* + * Set use_master to 1 if we ended up talking to a master when + * we didn't explicitly request to +@@ -401,7 +428,19 @@ + } + krb5int_free_addrlist (&addrs); + return 0; +- } ++ default: ++ break; ++ /* Cases here are for constructing useful error messages. */ ++ case KRB5_KDC_UNREACH: ++ if (err == KDC_ERR_SVC_UNAVAILABLE) { ++ retval = KRB5KDC_ERR_SVC_UNAVAILABLE; ++ } else { ++ krb5_set_error_message(context, retval, ++ "Cannot contact any KDC for realm '%.*s'", ++ realm->length, realm->data); ++ } ++ break; ++ } + krb5int_free_addrlist (&addrs); + } + return retval; +@@ -1015,9 +1054,12 @@ + } + + static int +-service_fds (struct select_state *selstate, ++service_fds (krb5_context context, ++ struct select_state *selstate, + struct conn_state *conns, size_t n_conns, int *winning_conn, +- struct select_state *seltemp) ++ struct select_state *seltemp, ++ int (*msg_handler)(krb5_context, const krb5_data *, void *), ++ void *msg_handler_data) + { + int e, selret; + +@@ -1056,9 +1098,22 @@ + state_strings[(int) conns[i].state]); + + if (conns[i].service (&conns[i], selstate, ssflags)) { +- dprint("fd service routine says we're done\n"); +- *winning_conn = i; +- return 1; ++ int stop = 1; ++ ++ if (msg_handler != NULL) { ++ krb5_data reply; ++ ++ reply.data = conns[i].x.in.buf; ++ reply.length = conns[i].x.in.pos - conns[i].x.in.buf; ++ ++ stop = (msg_handler(context, &reply, msg_handler_data) != 0); ++ } ++ ++ if (stop) { ++ dprint("fd service routine says we're done\n"); ++ *winning_conn = i; ++ return 1; ++ } + } + } + } +@@ -1098,7 +1153,10 @@ + struct sendto_callback_info* callback_info, krb5_data *reply, + struct sockaddr *localaddr, socklen_t *localaddrlen, + struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, +- int *addr_used) ++ int *addr_used, ++ /* return 0 -> keep going, 1 -> quit */ ++ int (*msg_handler)(krb5_context, const krb5_data *, void *), ++ void *msg_handler_data) + { + int i, pass; + int delay_this_pass = 2; +@@ -1185,8 +1243,8 @@ + goto egress; + sel_state->end_time = now; + sel_state->end_time.tv_sec += 1; +- e = service_fds(sel_state, conns, host+1, &winning_conn, +- sel_state+1); ++ e = service_fds(context, sel_state, conns, host+1, &winning_conn, ++ sel_state+1, msg_handler, msg_handler_data); + if (e) + break; + if (pass > 0 && sel_state->nfds == 0) +@@ -1206,7 +1264,8 @@ + call with the last one from the above loop, if the loop + actually calls select. */ + sel_state->end_time.tv_sec += delay_this_pass; +- e = service_fds(sel_state, conns, host+1, &winning_conn, sel_state+1); ++ e = service_fds(context, sel_state, conns, host+1, &winning_conn, ++ sel_state+1, msg_handler, msg_handler_data); + if (e) + break; + if (sel_state->nfds == 0) +Index: src/lib/krb5/os/send524.c +=================================================================== +--- src/lib/krb5/os/send524.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/krb5/os/send524.c (.../branches/krb5-1-6) (Revision 19936) +@@ -98,7 +98,7 @@ + if (al.naddrs == 0) + return KRB5_REALM_UNKNOWN; + +- retval = krb5int_sendto (context, message, &al, NULL, reply, addr, addrlen, NULL, 0, NULL); ++ retval = krb5int_sendto (context, message, &al, NULL, reply, addr, addrlen, NULL, 0, NULL, NULL, NULL); + krb5int_free_addrlist (&al); + return retval; + #else +Index: src/lib/krb5/os/changepw.c +=================================================================== +--- src/lib/krb5/os/changepw.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/krb5/os/changepw.c (.../branches/krb5-1-6) (Revision 19936) +@@ -247,6 +247,8 @@ + NULL, + ss2sa(&remote_addr), + &addrlen, ++ NULL, ++ NULL, + NULL + ))) { + +Index: src/lib/krb5/error_tables/krb5_err.et +=================================================================== +--- src/lib/krb5/error_tables/krb5_err.et (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/krb5/error_tables/krb5_err.et (.../branches/krb5-1-6) (Revision 19936) +@@ -1,7 +1,7 @@ + # + # lib/krb5/error_tables/krb5_err.et + # +-# Copyright 1989,1990,1991 by the Massachusetts Institute of Technology. ++# Copyright 1989,1990,1991,2007 by the Massachusetts Institute of Technology. + # All Rights Reserved. + # + # Export of this software from the United States of America may +@@ -68,7 +68,7 @@ + error_code KRB5KDC_ERR_SERVER_NOMATCH, "Requested server and ticket don't match" + error_code KRB5PLACEHOLD_27, "KRB5 error code 27" + error_code KRB5PLACEHOLD_28, "KRB5 error code 28" +-error_code KRB5PLACEHOLD_29, "KRB5 error code 29" ++error_code KRB5KDC_ERR_SVC_UNAVAILABLE, "A service is not available that is required to process the request" + error_code KRB5PLACEHOLD_30, "KRB5 error code 30" + # vv 31 + error_code KRB5KRB_AP_ERR_BAD_INTEGRITY, "Decrypt integrity check failed" +Index: src/lib/krb5/ccache/t_cc.c +=================================================================== +--- src/lib/krb5/ccache/t_cc.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/krb5/ccache/t_cc.c (.../branches/krb5-1-6) (Revision 19936) +@@ -123,6 +123,7 @@ + krb5_cc_cursor cursor; + const char *c_name; + char newcache[300]; ++ char *save_type; + + init_test_cred(context); + +@@ -135,7 +136,9 @@ + CHECK_STR(c_name, "get_name"); + + c_name = krb5_cc_get_type(context, id); +- CHECK_STR(c_name, "get_prefix"); ++ CHECK_STR(c_name, "get_type"); ++ save_type=strdup(c_name); ++ CHECK_STR(save_type, "copying type"); + + kret = krb5_cc_store_cred(context, id, &test_creds); + CHECK(kret, "store"); +@@ -192,17 +195,22 @@ + kret = krb5_cc_destroy(context, id); + CHECK(kret, "destroy"); + +-#if 0 + /* ----------------------------------------------------- */ + /* Tests the generate new code */ +- kret = krb5_cc_resolve(context, name, &id); +- CHECK(kret, "resolve"); +- kret = krb5_cc_gen_new(context, &id); +- CHECK(kret, "gen_new"); +- kret = krb5_cc_destroy(context, id); +- CHECK(kret, "destroy"); +-#endif ++ kret = krb5_cc_new_unique(context, save_type, ++ NULL, &id2); ++ CHECK(kret, "new_unique"); ++ ++ kret = krb5_cc_initialize(context, id2, test_creds.client); ++ CHECK(kret, "initialize"); + ++ kret = krb5_cc_store_cred(context, id2, &test_creds); ++ CHECK(kret, "store"); ++ ++ kret = krb5_cc_destroy(context, id2); ++ CHECK(kret, "destroy id2"); ++ ++ free(save_type); + free_test_cred(context); + + } Index: src/lib/krb5/ccache/cc_file.c =================================================================== ---- src/lib/krb5/ccache/cc_file.c (.../tags/krb5-1-6-2-final) (Revision 19931) -+++ src/lib/krb5/ccache/cc_file.c (.../branches/krb5-1-6) (Revision 19931) -@@ -1954,6 +1954,9 @@ +--- src/lib/krb5/ccache/cc_file.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/krb5/ccache/cc_file.c (.../branches/krb5-1-6) (Revision 19936) +@@ -1950,115 +1950,165 @@ + { + krb5_ccache lid; + int ret; +- krb5_error_code retcode = 0; ++ krb5_error_code kret = 0; char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for NUL */ krb5_fcc_data *data; + krb5_int16 fcc_fvno = htons(context->fcc_default_format); + krb5_int16 fcc_flen = 0; + int errsave, cnt; ++ struct fcc_set *setptr; - /* Allocate memory */ - lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); -@@ -1968,13 +1971,20 @@ +- /* Allocate memory */ +- lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); +- if (lid == NULL) +- return KRB5_CC_NOMEM; ++ /* Set master lock */ ++ kret = k5_mutex_lock(&krb5int_cc_file_mutex); ++ if (kret) ++ return kret; + +- lid->ops = &krb5_fcc_ops; +- + (void) strcpy(scratch, TKT_ROOT); + (void) strcat(scratch, "XXXXXX"); + #ifdef HAVE_MKSTEMP ret = mkstemp(scratch); if (ret == -1) { ++ k5_mutex_unlock(&krb5int_cc_file_mutex); return krb5_fcc_interpret(context, errno); - } else close(ret); + } @@ -204,36 +528,73 @@ Index: src/lib/krb5/ccache/cc_file.c + } #endif - lid->data = (krb5_pointer) malloc(sizeof(krb5_fcc_data)); - if (lid->data == NULL) { +- lid->data = (krb5_pointer) malloc(sizeof(krb5_fcc_data)); +- if (lid->data == NULL) { +- krb5_xfree(lid); ++ /* Allocate memory */ ++ data = (krb5_pointer) malloc(sizeof(krb5_fcc_data)); ++ if (data == NULL) { + close(ret); + unlink(scratch); - krb5_xfree(lid); ++ k5_mutex_unlock(&krb5int_cc_file_mutex); return KRB5_CC_NOMEM; } -@@ -1982,6 +1992,8 @@ - ((krb5_fcc_data *) lid->data)->filename = (char *) - malloc(strlen(scratch) + 1); - if (((krb5_fcc_data *) lid->data)->filename == NULL) { + +- ((krb5_fcc_data *) lid->data)->filename = (char *) +- malloc(strlen(scratch) + 1); +- if (((krb5_fcc_data *) lid->data)->filename == NULL) { +- krb5_xfree(((krb5_fcc_data *) lid->data)); +- krb5_xfree(lid); ++ data->filename = strdup(scratch); ++ if (data->filename == NULL) { ++ k5_mutex_unlock(&krb5int_cc_file_mutex); ++ free(data); + close(ret); + unlink(scratch); - krb5_xfree(((krb5_fcc_data *) lid->data)); - krb5_xfree(lid); ++ k5_mutex_unlock(&krb5int_cc_file_mutex); return KRB5_CC_NOMEM; -@@ -1996,63 +2008,54 @@ - data = (krb5_fcc_data *) lid->data; + } - retcode = k5_mutex_init(&data->lock); -- if (retcode) -+ if (retcode) { -+ close(ret); -+ unlink(scratch); - goto err_out; ++ kret = k5_mutex_init(&data->lock); ++ if (kret) { ++ k5_mutex_unlock(&krb5int_cc_file_mutex); ++ free(data->filename); ++ free(data); ++ close(ret); ++ unlink(scratch); ++ return kret; + } ++ kret = k5_mutex_lock(&data->lock); ++ if (kret) { ++ k5_mutex_unlock(&krb5int_cc_file_mutex); ++ k5_mutex_destroy(&data->lock); ++ free(data->filename); ++ free(data); ++ close(ret); ++ unlink(scratch); ++ return kret; ++ } ++ + /* + * The file is initially closed at the end of this call... + */ +- ((krb5_fcc_data *) lid->data)->flags = 0; +- ((krb5_fcc_data *) lid->data)->file = -1; +- ((krb5_fcc_data *) lid->data)->valid_bytes = 0; +- data = (krb5_fcc_data *) lid->data; ++ data->flags = 0; ++ data->file = -1; ++ data->valid_bytes = 0; ++ /* data->version,mode filled in for real later */ ++ data->version = data->mode = 0; - /* Set up the filename */ - strcpy(((krb5_fcc_data *) lid->data)->filename, scratch); +- retcode = k5_mutex_init(&data->lock); +- if (retcode) +- goto err_out; +- /* Set up the filename */ +- strcpy(((krb5_fcc_data *) lid->data)->filename, scratch); +- - /* Make sure the file name is reserved */ - ret = THREEPARAMOPEN(((krb5_fcc_data *) lid->data)->filename, - O_CREAT | O_EXCL | O_WRONLY | O_BINARY, 0); @@ -250,7 +611,7 @@ Index: src/lib/krb5/ccache/cc_file.c #ifndef HAVE_FCHMOD #ifdef HAVE_CHMOD - chmod(((krb5_fcc_data *) lid->data)->filename, S_IRUSR | S_IWUSR); -+ chmod(((krb5_fcc_data *) lid->data)->filename, S_IRUSR | S_IWUSR); ++ chmod(data->filename, S_IRUSR | S_IWUSR); #endif #else - fchmod(ret, S_IRUSR | S_IWUSR); @@ -267,8 +628,8 @@ Index: src/lib/krb5/ccache/cc_file.c + != sizeof(fcc_fvno)) { + errsave = errno; + (void) close(ret); -+ (void) unlink(((krb5_fcc_data *) lid->data)->filename); -+ retcode = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; ++ (void) unlink(data->filename); ++ kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; + goto err_out; + } + /* For version 4 we save a length for the rest of the header */ @@ -277,8 +638,8 @@ Index: src/lib/krb5/ccache/cc_file.c + != sizeof(fcc_flen)) { + errsave = errno; + (void) close(ret); -+ (void) unlink(((krb5_fcc_data *) lid->data)->filename); -+ retcode = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; ++ (void) unlink(data->filename); ++ kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; + goto err_out; } - /* For version 4 we save a length for the rest of the header */ @@ -307,23 +668,67 @@ Index: src/lib/krb5/ccache/cc_file.c } + if (close(ret) == -1) { + errsave = errno; -+ (void) unlink(((krb5_fcc_data *) lid->data)->filename); -+ retcode = krb5_fcc_interpret(context, errsave); ++ (void) unlink(data->filename); ++ kret = krb5_fcc_interpret(context, errsave); + goto err_out; + } -+ *id = lid; + ++ ++ setptr = malloc(sizeof(struct fcc_set)); ++ if (setptr == NULL) { ++ k5_mutex_unlock(&krb5int_cc_file_mutex); ++ k5_mutex_destroy(&data->lock); ++ free(data->filename); ++ free(data); ++ (void) close(ret); ++ (void) unlink(scratch); ++ return KRB5_CC_NOMEM; ++ } ++ setptr->refcount = 1; ++ setptr->data = data; ++ setptr->next = fccs; ++ fccs = setptr; ++ k5_mutex_unlock(&krb5int_cc_file_mutex); ++ ++ k5_mutex_assert_locked(&data->lock); ++ k5_mutex_unlock(&data->lock); ++ lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); ++ if (lid == NULL) { ++ dereference(context, data); ++ return KRB5_CC_NOMEM; ++ } ++ ++ lid->ops = &krb5_fcc_ops; ++ lid->data = data; ++ lid->magic = KV5M_CCACHE; ++ + /* default to open/close on every trn - otherwise destroy + will get as to state confused */ + ((krb5_fcc_data *) lid->data)->flags = KRB5_TC_OPENCLOSE; ++ ++ *id = lid; ++ ++ + krb5_change_cache (); + return KRB5_OK; - ++ err_out: - krb5_xfree(((krb5_fcc_data *) lid->data)->filename); +- krb5_xfree(((krb5_fcc_data *) lid->data)->filename); +- krb5_xfree(((krb5_fcc_data *) lid->data)); +- krb5_xfree(lid); +- return retcode; ++ k5_mutex_unlock(&krb5int_cc_file_mutex); ++ k5_mutex_destroy(&data->lock); ++ free(data->filename); ++ free(data); ++ return kret; + } + + /* Index: src/lib/krb5/ccache/ccfns.c =================================================================== ---- src/lib/krb5/ccache/ccfns.c (.../tags/krb5-1-6-2-final) (Revision 19931) -+++ src/lib/krb5/ccache/ccfns.c (.../branches/krb5-1-6) (Revision 19931) +--- src/lib/krb5/ccache/ccfns.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/krb5/ccache/ccfns.c (.../branches/krb5-1-6) (Revision 19936) @@ -1,7 +1,7 @@ /* * lib/krb5/ccache/ccfns.c @@ -391,8 +796,8 @@ Index: src/lib/krb5/ccache/ccfns.c krb5_error_code KRB5_CALLCONV Index: src/lib/krb5/krb/gc_frm_kdc.c =================================================================== ---- src/lib/krb5/krb/gc_frm_kdc.c (.../tags/krb5-1-6-2-final) (Revision 19931) -+++ src/lib/krb5/krb/gc_frm_kdc.c (.../branches/krb5-1-6) (Revision 19931) +--- src/lib/krb5/krb/gc_frm_kdc.c (.../tags/krb5-1-6-2-final) (Revision 19936) ++++ src/lib/krb5/krb/gc_frm_kdc.c (.../branches/krb5-1-6) (Revision 19936) @@ -906,7 +906,6 @@ /* Whether or not that succeeded, we're done. */ goto cleanup; @@ -450,3 +855,4 @@ Index: src/lib/krb5/krb/gc_frm_kdc.c } } + diff --git a/krb5-doc.spec b/krb5-doc.spec index f0f7dff..69c6691 100644 --- a/krb5-doc.spec +++ b/krb5-doc.spec @@ -13,18 +13,18 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version: 1.6.2 -Release: 28 +Release: 29 %define srcRoot krb5-1.6.2 Summary: MIT Kerberos5 Implementation--Documentation License: X11/MIT -URL: http://web.mit.edu/kerberos/www/ +Url: http://web.mit.edu/kerberos/www/ Group: Documentation/Other Source: krb5-1.6.2.tar.bz2 Source1: README.Source Source2: Makefile.kadm5 Patch0: krb5-1.3.5-perlfix.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildArchitectures: noarch +BuildArch: noarch %description Kerberos V5 is a trusted-third-party network authentication diff --git a/krb5-plugins.changes b/krb5-plugins.changes index 49c999f..2056cfc 100644 --- a/krb5-plugins.changes +++ b/krb5-plugins.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Sep 14 12:10:01 CEST 2007 - mc@suse.de + +- update krb5-1.6.2-post.dif + * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that + that the client library will not failover to the next KDC. + [#310540] + ------------------------------------------------------------------- Tue Sep 11 15:11:34 CEST 2007 - mc@suse.de diff --git a/krb5-plugins.spec b/krb5-plugins.spec index 8a32f69..c41aaa5 100644 --- a/krb5-plugins.spec +++ b/krb5-plugins.spec @@ -13,7 +13,7 @@ Name: krb5-plugins Version: 1.6.2 -Release: 3 +Release: 4 BuildRequires: bison krb5-devel ncurses-devel openldap2-devel %define srcRoot krb5-1.6.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ @@ -21,7 +21,7 @@ BuildRequires: bison krb5-devel ncurses-devel openldap2-devel Requires: krb5-server Summary: MIT Kerberos5 Implementation--Libraries License: X11/MIT -URL: http://web.mit.edu/kerberos/www/ +Url: http://web.mit.edu/kerberos/www/ Group: Productivity/Networking/Security Source: krb5-1.6.2.tar.bz2 Source1: vendor-files.tar.bz2 @@ -66,7 +66,7 @@ Authors: Requires: krb5-server = %{version} Summary: MIT Kerberos5 Implementation--LDAP Database Plugin License: X11/MIT -URL: http://web.mit.edu/kerberos/www/ +Url: http://web.mit.edu/kerberos/www/ Group: Productivity/Networking/Security %description -n krb5-plugin-kdb-ldap @@ -209,6 +209,11 @@ rm -rf %{buildroot} %{_mandir}/man8/* %changelog +* Fri Sep 14 2007 - mc@suse.de +- update krb5-1.6.2-post.dif + * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that + that the client library will not failover to the next KDC. + [#310540] * Tue Sep 11 2007 - mc@suse.de - update krb5-1.6.2-post.dif * new -S sname option for kvno diff --git a/krb5.changes b/krb5.changes index af52eac..b1ca637 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de + +- update krb5-1.6.2-post.dif + * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that + that the client library will not failover to the next KDC. + [#310540] + ------------------------------------------------------------------- Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index b7a89e8..1de1da9 100644 --- a/krb5.spec +++ b/krb5.spec @@ -12,7 +12,7 @@ Name: krb5 Version: 1.6.2 -Release: 18 +Release: 19 BuildRequires: bison libcom_err-devel ncurses-devel %if %{suse_version} > 1010 BuildRequires: keyutils keyutils-devel @@ -24,7 +24,7 @@ Provides: heimdal-lib Obsoletes: heimdal-lib Summary: MIT Kerberos5 Implementation--Libraries License: X11/MIT -URL: http://web.mit.edu/kerberos/www/ +Url: http://web.mit.edu/kerberos/www/ Group: Productivity/Networking/Security Source: krb5-1.6.2.tar.bz2 Source1: vendor-files.tar.bz2 @@ -513,6 +513,11 @@ rm -rf %{buildroot} %{_mandir}/man1/krb5-config.1* %changelog +* Fri Sep 14 2007 - mc@suse.de +- update krb5-1.6.2-post.dif + * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that + that the client library will not failover to the next KDC. + [#310540] * Tue Sep 11 2007 - mc@suse.de - update krb5-1.6.2-post.dif * new -S sname option for kvno