rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity

Accepting request 478948 from network

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/478948
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=126
This commit is contained in:
Yuchen Lin 2017-03-29 11:20:32 +00:00 committed by Git OBS Bridge
commit d7f7cda6ff
10 changed files with 79 additions and 240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

206
krb5-1.15-fix_kdb_free_principal_e_data.patch
View File

@ -1,206 +0,0 @@
From 28ca91cd71ea64c62419e996c38031bdae01f908 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 18 Jan 2017 11:40:49 -0500
Subject: [PATCH 1/2] Explicitly copy KDB vtable fields
In preparation for bumping the kdb_vftabl minor version, use explicit
field assignments when copying the module vtable to the internal copy,
so that we can conditionalize assignments for minor versions greater
than 0.
ticket: 8538
---
src/lib/kdb/kdb5.c | 81 +++++++++++++++++++++++++++++++++++++++---------------
1 file changed, 59 insertions(+), 22 deletions(-)
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index a3139a7dce..ee41272312 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -283,24 +283,63 @@ clean_n_exit:
}
static void
-kdb_setup_opt_functions(db_library lib)
-{
- if (lib->vftabl.fetch_master_key == NULL)
- lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
- if (lib->vftabl.fetch_master_key_list == NULL)
- lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list;
- if (lib->vftabl.store_master_key_list == NULL)
- lib->vftabl.store_master_key_list = krb5_def_store_mkey_list;
- if (lib->vftabl.dbe_search_enctype == NULL)
- lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype;
- if (lib->vftabl.change_pwd == NULL)
- lib->vftabl.change_pwd = krb5_dbe_def_cpw;
- if (lib->vftabl.decrypt_key_data == NULL)
- lib->vftabl.decrypt_key_data = krb5_dbe_def_decrypt_key_data;
- if (lib->vftabl.encrypt_key_data == NULL)
- lib->vftabl.encrypt_key_data = krb5_dbe_def_encrypt_key_data;
- if (lib->vftabl.rename_principal == NULL)
- lib->vftabl.rename_principal = krb5_db_def_rename_principal;
+copy_vtable(const kdb_vftabl *in, kdb_vftabl *out)
+{
+ /* Copy fields for minor version 0. */
+ out->maj_ver = in->maj_ver;
+ out->min_ver = in->min_ver;
+ out->init_library = in->init_library;
+ out->fini_library = in->fini_library;
+ out->init_module = in->init_module;
+ out->fini_module = in->fini_module;
+ out->create = in->create;
+ out->destroy = in->destroy;
+ out->get_age = in->get_age;
+ out->lock = in->lock;
+ out->unlock = in->unlock;
+ out->get_principal = in->get_principal;
+ out->put_principal = in->put_principal;
+ out->delete_principal = in->delete_principal;
+ out->rename_principal = in->rename_principal;
+ out->iterate = in->iterate;
+ out->create_policy = in->create_policy;
+ out->get_policy = in->get_policy;
+ out->put_policy = in->put_policy;
+ out->iter_policy = in->iter_policy;
+ out->delete_policy = in->delete_policy;
+ out->fetch_master_key = in->fetch_master_key;
+ out->fetch_master_key_list = in->fetch_master_key_list;
+ out->store_master_key_list = in->store_master_key_list;
+ out->dbe_search_enctype = in->dbe_search_enctype;
+ out->change_pwd = in->change_pwd;
+ out->promote_db = in->promote_db;
+ out->decrypt_key_data = in->decrypt_key_data;
+ out->encrypt_key_data = in->encrypt_key_data;
+ out->sign_authdata = in->sign_authdata;
+ out->check_transited_realms = in->check_transited_realms;
+ out->check_policy_as = in->check_policy_as;
+ out->check_policy_tgs = in->check_policy_tgs;
+ out->audit_as_req = in->audit_as_req;
+ out->refresh_config = in->refresh_config;
+ out->check_allowed_to_delegate = in->check_allowed_to_delegate;
+
+ /* Set defaults for optional fields. */
+ if (out->fetch_master_key == NULL)
+ out->fetch_master_key = krb5_db_def_fetch_mkey;
+ if (out->fetch_master_key_list == NULL)
+ out->fetch_master_key_list = krb5_def_fetch_mkey_list;
+ if (out->store_master_key_list == NULL)
+ out->store_master_key_list = krb5_def_store_mkey_list;
+ if (out->dbe_search_enctype == NULL)
+ out->dbe_search_enctype = krb5_dbe_def_search_enctype;
+ if (out->change_pwd == NULL)
+ out->change_pwd = krb5_dbe_def_cpw;
+ if (out->decrypt_key_data == NULL)
+ out->decrypt_key_data = krb5_dbe_def_decrypt_key_data;
+ if (out->encrypt_key_data == NULL)
+ out->encrypt_key_data = krb5_dbe_def_encrypt_key_data;
+ if (out->rename_principal == NULL)
+ out->rename_principal = krb5_db_def_rename_principal;
}
#ifdef STATIC_PLUGINS
@@ -334,8 +373,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr)
return ENOMEM;
strlcpy(lib->name, lib_name, sizeof(lib->name));
- memcpy(&lib->vftabl, vftabl_addr, sizeof(kdb_vftabl));
- kdb_setup_opt_functions(lib);
+ copy_vtable(vftabl_addr, &lib->vftabl);
status = lib->vftabl.init_library();
if (status)
@@ -433,8 +471,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib)
goto clean_n_exit;
}
- memcpy(&(*lib)->vftabl, vftabl_addrs[0], sizeof(kdb_vftabl));
- kdb_setup_opt_functions(*lib);
+ copy_vtable(vftabl_addrs[0], &(*lib)->vftabl);
if ((status = (*lib)->vftabl.init_library()))
goto clean_n_exit;
--
2.11.0
From 82a163b99f1f6228f98b433892444372b18ecdb3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 18 Jan 2017 11:52:48 +0100
Subject: [PATCH 2/2] Add free_principal_e_data KDB method
Add an optional method to kdb_vftabl to free e_data pointer in a
principal entry, in case it was populated by a module using a more
complex structure than a single memory region.
[ghudson@mit.edu: handled minor version bump; simplified code; rewrote
commit message]
ticket: 8538
target_version: 1.15-next
tags: pullup
---
src/include/kdb.h | 11 +++++++++++
src/lib/kdb/kdb5.c | 14 +++++++++++++-
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/src/include/kdb.h b/src/include/kdb.h
index e9d1a84ba1..da04724fce 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -1382,6 +1382,17 @@ typedef struct _kdb_vftabl {
krb5_const_principal client,
const krb5_db_entry *server,
krb5_const_principal proxy);
+
+ /* End of minor version 0. */
+
+ /*
+ * Optional: Free the e_data pointer of a database entry. If this method
+ * is not implemented, the e_data pointer in principal entries will be
+ * freed with free() as seen by libkdb5.
+ */
+ void (*free_principal_e_data)(krb5_context kcontext, krb5_octet *e_data);
+
+ /* End of minor version 1 for major version 6. */
} kdb_vftabl;
#endif /* !defined(_WIN32) */
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index ee41272312..4adf0fcbb2 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -323,6 +323,12 @@ copy_vtable(const kdb_vftabl *in, kdb_vftabl *out)
out->refresh_config = in->refresh_config;
out->check_allowed_to_delegate = in->check_allowed_to_delegate;
+ /* Copy fields for minor version 1 (major version 6). */
+ assert(KRB5_KDB_DAL_MAJOR_VERSION == 6);
+ out->free_principal_e_data = NULL;
+ if (in->min_ver >= 1)
+ out->free_principal_e_data = in->free_principal_e_data;
+
/* Set defaults for optional fields. */
if (out->fetch_master_key == NULL)
out->fetch_master_key = krb5_db_def_fetch_mkey;
@@ -820,11 +826,17 @@ free_tl_data(krb5_tl_data *list)
void
krb5_db_free_principal(krb5_context kcontext, krb5_db_entry *entry)
{
+ kdb_vftabl *v;
int i;
if (entry == NULL)
return;
- free(entry->e_data);
+ if (entry->e_data != NULL) {
+ if (get_vftabl(kcontext, &v) == 0 && v->free_principal_e_data != NULL)
+ v->free_principal_e_data(kcontext, entry->e_data);
+ else
+ free(entry->e_data);
+ }
krb5_free_principal(kcontext, entry->princ);
free_tl_data(entry->tl_data);
for (i = 0; i < entry->n_key_data; i++)
--
2.11.0

3
krb5-1.15.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:437c8831ddd5fde2a993fef425dedb48468109bb3d3261ef838295045a89eb45
size 9375538

17
krb5-1.15.1.tar.gz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAWLmTPQy6CFdfg3LfAQKWgBAAnahZbh9rFKBor8lz8icPdOAPyF7QP9xM
aDlxANUePQxN7BG68MPNL0A4/kIB1QHVl07t9vEnPBMKuF6RfVS1Sl9LYvxAF5Gf
pp5nbOOYf8bs5V/isMYjAu61D4Hyr/anKYZsbOTcR+c5CI4UXAB1uaznGcTUT+vL
MJie3ebWxJOPhv2HhkMU4BMkBxnGs1ONNsmU7yvCnbf6kgxpLaVITDzKGDrjIdQu
ej6HZQpwidUZDRICFks6pY4ASfSBEzUGswnnhdsq3uvUhxm5F6jn097K+3nIydVT
SgbJX4sBn5iJBBNumRZZ3OAovwBN+6XKM54ELWgyeQCY3Pk2P8qTojIWaqNJtyuf
q0FSR16rWKq7ZRxHwgc93YETmzIkdil5WFnTpAtqVR5RFOL/GNGh5Dwn645mC3XY
WOFBaVhX1libl+GApJjwriIzZ3e+gtaqsYa/A473BGJL+mKCp8xOfeTXeZCTCVgo
x32NhUcXTxr6RRCq/WTEH6reu4oU+VkostCv3yknHOHatYbzh2DDni+mUVnUpGw8
WEh3XNjHrjPQ5Vr1F7/aIhmG80QXVKWfJgrVVTwUXjk8+v0enTWudsKYVanvPZDN
Yo1Jqrgc7tfRJpirVpJKxS0rNt/ES2I4heLkoz8j/DnDNqNmKV718jWVAms6jjuR
Cunhql8OvtU=
=Tvr2
-----END PGP SIGNATURE-----

3
krb5-1.15.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fd34752774c808ab4f6f864f935c49945f5a56b62240b1ad4ab1af7b4ded127c
size 9327157

14
krb5-1.15.tar.gz.asc
View File

@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAABAgAGBQJYQKmiAAoJEKMvF/0AVcMFfisL/j4xfA/HF0ElUB9X6nSboR8P
60BSDZZe38gCQyONHn1CiZA5nY7xUy45oXmtffED32NZRIq/8R0CHkSoTd+wCtev
EEGAACK0cbFMA8YDvlF5R1Hdt2Vgghr+BYGg8TbuhiZadp4I8VZ13WePR5gToaV0
+35lOwgqRYV+Jxijp8N92KuZyZnH88tGbAh9gvPLxps2L7xA+MWwU2R71rraTIVj
b+saDBldKubh5Hamf+3Qle+lsvJuC7ErUifnjth+tpOonIlgeiLHs6+VwyHlOiv4
i+Uf0diN/gzWZd62Y+Fl42JDevTXyschWp+HxKLkbQXley04gS0nujRLpvaDkNlR
L+4Yy873q0yS6o4x7Pmcm3nb/nJQxQyvBJMy8MjLE3pEdynFZK9o0KGBkLtNIYVt
VwlqHrTGEsOtXYQKdhq9bGvpJa4jwrR2MIDaKvR5i1zc2xtZcWkvhlKJ67FGuRRD
eSbZR00NXP2wETo7Bu8BsJR5t9/1j+4US9vA15CUQg==
=iCzw
-----END PGP SIGNATURE-----

25
krb5-mini.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Thu Mar 9 20:58:42 UTC 2017 - michael@stroeder.com
- use HTTPS project and source URLs
-------------------------------------------------------------------
Thu Mar 9 16:31:41 UTC 2017 - meissner@suse.com
- use source urls.
- krb5.keyring: Added Greg Hudson
-------------------------------------------------------------------
Sat Mar 4 21:29:34 UTC 2017 - michael@stroeder.com
- removed obsolete krb5-1.15-fix_kdb_free_principal_e_data.patch
- Upgrade to 1.15.1
* Allow KDB modules to determine how the e_data field of principal
fields is freed
* Fix udp_preference_limit when the KDC location is configured with
SRV records
* Fix KDC and kadmind startup on some IPv4-only systems
* Fix the processing of PKINIT certificate matching rules which have
two components and no explicit relation
* Improve documentation
-------------------------------------------------------------------
Thu Jan 19 16:01:27 UTC 2017 - asn@cryptomilk.org

14
krb5-mini.spec
View File

@ -16,12 +16,12 @@
#
%define srcRoot krb5-1.15
%define srcRoot krb5-1.15.1
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5
Name: krb5-mini
Url: http://web.mit.edu/kerberos/www/
Url: https://web.mit.edu/kerberos/www/
BuildRequires: autoconf
BuildRequires: bison
BuildRequires: keyutils
@ -29,7 +29,7 @@ BuildRequires: keyutils-devel
BuildRequires: libcom_err-devel
BuildRequires: libselinux-devel
BuildRequires: ncurses-devel
Version: 1.15
Version: 1.15.1
Release: 0
Summary: MIT Kerberos5 implementation and libraries with minimal dependencies
License: MIT
@ -47,9 +47,8 @@ Conflicts: krb5-server
Conflicts: krb5-plugin-kdb-ldap
Conflicts: krb5-plugin-preauth-pkinit
Conflicts: krb5-plugin-preauth-otp
# both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
Source0: krb5-%{version}.tar.gz
Source1: krb5-%{version}.tar.gz.asc
Source0: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz
Source1: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz.asc
Source2: krb5.keyring
Source3: vendor-files.tar.bz2
Source4: baselibs.conf
@ -63,8 +62,6 @@ Patch8: krb5-1.12-api.patch
Patch11: krb5-1.12-ksu-path.patch
Patch12: krb5-1.12-selinux-label.patch
Patch13: krb5-1.9-debuginfo.patch
# http://krbdev.mit.edu/rt/Ticket/Display.html?id=8538
Patch14: krb5-1.15-fix_kdb_free_principal_e_data.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %fillup_prereq
@ -108,7 +105,6 @@ Include Files for Development
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%build
# needs to be re-generated

25
krb5.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Thu Mar 9 20:58:42 UTC 2017 - michael@stroeder.com
- use HTTPS project and source URLs
-------------------------------------------------------------------
Thu Mar 9 16:31:41 UTC 2017 - meissner@suse.com
- use source urls.
- krb5.keyring: Added Greg Hudson
-------------------------------------------------------------------
Sat Mar 4 21:29:34 UTC 2017 - michael@stroeder.com
- removed obsolete krb5-1.15-fix_kdb_free_principal_e_data.patch
- Upgrade to 1.15.1
* Allow KDB modules to determine how the e_data field of principal
fields is freed
* Fix udp_preference_limit when the KDC location is configured with
SRV records
* Fix KDC and kadmind startup on some IPv4-only systems
* Fix the processing of PKINIT certificate matching rules which have
two components and no explicit relation
* Improve documentation
-------------------------------------------------------------------
Fri Jan 27 14:50:39 UTC 2017 - bwiedemann@suse.com

BIN
krb5.keyring
View File

Binary file not shown.

12
krb5.spec
View File

@ -17,7 +17,7 @@
Name: krb5
Url: http://web.mit.edu/kerberos/www/
Url: https://web.mit.edu/kerberos/www/
BuildRequires: autoconf
BuildRequires: bison
BuildRequires: keyutils
@ -25,7 +25,7 @@ BuildRequires: keyutils-devel
BuildRequires: libcom_err-devel
BuildRequires: libselinux-devel
BuildRequires: ncurses-devel
Version: 1.15
Version: 1.15.1
Release: 0
Summary: MIT Kerberos5 Implementation--Libraries
License: MIT
@ -46,9 +46,8 @@ BuildRequires: pkgconfig(systemd)
Obsoletes: krb5-64bit
%endif
Conflicts: krb5-mini
# both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
Source0: krb5-%{version}.tar.gz
Source1: krb5-%{version}.tar.gz.asc
Source0: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz
Source1: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz.asc
Source2: krb5.keyring
Source3: vendor-files.tar.bz2
Source4: baselibs.conf
@ -63,8 +62,6 @@ Patch8: krb5-1.12-api.patch
Patch11: krb5-1.12-ksu-path.patch
Patch12: krb5-1.12-selinux-label.patch
Patch13: krb5-1.9-debuginfo.patch
# http://krbdev.mit.edu/rt/Ticket/Display.html?id=8538
Patch14: krb5-1.15-fix_kdb_free_principal_e_data.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %fillup_prereq
@ -179,7 +176,6 @@ Include Files for Development
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%build
# needs to be re-generated