linamh/net-fs/nfs-utils/files/nfs-utils-1.2.9-heimdal-1.patch

Submitted By: Mario Fetka (mario dot fetka at gmail dot com)
Date: 2013-11-21
Initial Package Version: 1.2.4
Origin: http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/nfs-utils/nfs-utils-heimdal.patch?view=log
Upstream Status: unknown
Description: Add proper Heimdal support
 
diff -Naur nfs-utils-1.2.9.orig/aclocal/kerberos5.m4 nfs-utils-1.2.9/aclocal/kerberos5.m4
--- nfs-utils-1.2.9.orig/aclocal/kerberos5.m4	2013-11-21 09:15:13.833824277 +0000
+++ nfs-utils-1.2.9/aclocal/kerberos5.m4	2013-11-21 09:46:48.325139877 +0000
@@ -31,16 +31,16 @@
     fi
     if test "$K5CONFIG" != ""; then
       KRBCFLAGS=`$K5CONFIG --cflags`
-      KRBLIBS=`$K5CONFIG --libs`
+      KRBLIBS=`$K5CONFIG --libs gssapi`
       GSSKRB_CFLAGS=`$K5CONFIG --cflags gssapi`
       GSSKRB_LIBS=`$K5CONFIG --libs gssapi`
-      K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
       AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
       if test -f $dir/include/gssapi/gssapi_krb5.h -a \
                 \( -f $dir/lib/libgssapi_krb5.a -o \
                    -f $dir/lib64/libgssapi_krb5.a -o \
                    -f $dir/lib64/libgssapi_krb5.so -o \
                    -f $dir/lib/libgssapi_krb5.so \) ; then
+         K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
          AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
          KRBDIR="$dir"
   dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the
@@ -58,7 +58,11 @@
       dnl of Heimdal Kerberos on SuSe
       elif test \( -f $dir/include/heim_err.h -o\
       		 -f $dir/include/heimdal/heim_err.h \) -a \
-                -f $dir/lib/libroken.a; then
+                \( -f $dir/lib/libroken.a -o \
+                   -f $dir/lib64/libroken.a -o \
+                   -f $dir/lib64/libroken.so -o \
+                   -f $dir/lib/libroken.so \) ; then
+         K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
          AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
          KRBDIR="$dir"
          gssapi_lib=gssapi
diff -Naur nfs-utils-1.2.9.orig/aclocal/rpcsec_vers.m4 nfs-utils-1.2.9/aclocal/rpcsec_vers.m4
--- nfs-utils-1.2.9.orig/aclocal/rpcsec_vers.m4	2013-11-21 09:15:13.833824277 +0000
+++ nfs-utils-1.2.9/aclocal/rpcsec_vers.m4	2013-11-21 09:22:55.731049767 +0000
@@ -4,8 +4,11 @@
   AC_ARG_WITH([gssglue],
 	[AC_HELP_STRING([--with-gssglue], [Use libgssglue for GSS support])])
   if test x"$with_gssglue" = x"yes"; then
-    PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
-    AC_CHECK_LIB([gssglue], [gss_set_allowable_enctypes])
+    dnl libgssglue is needed only for MIT Kerberos
+    if test "$gssapi_lib" = gssapi_krb5; then
+      PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])
+      AC_CHECK_LIB([gssglue], [gss_set_allowable_enctypes])
+    fi
   fi
 
   dnl TI-RPC replaces librpcsecgss
diff -Naur nfs-utils-1.2.9.orig/utils/gssd/context_lucid.c nfs-utils-1.2.9/utils/gssd/context_lucid.c
--- nfs-utils-1.2.9.orig/utils/gssd/context_lucid.c	2013-11-21 09:15:13.830824315 +0000
+++ nfs-utils-1.2.9/utils/gssd/context_lucid.c	2013-11-21 09:51:19.942744189 +0000
@@ -266,8 +266,13 @@
 	int retcode = 0;
 
 	printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__);
+#ifdef HAVE_HEIMDAL
+	maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,
+						1, &return_ctx);
+#else
 	maj_stat = gss_export_lucid_sec_context(&min_stat, ctx,
 						1, &return_ctx);
+#endif
 	if (maj_stat != GSS_S_COMPLETE) {
 		pgsserr("gss_export_lucid_sec_context",
 			maj_stat, min_stat, &krb5oid);
@@ -302,7 +307,11 @@
 	else
 		retcode = prepare_krb5_rfc4121_buffer(lctx, buf, endtime);
 
+#ifdef HAVE_HEIMDAL
+        maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, return_ctx);
+#else
 	maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
+#endif
 	if (maj_stat != GSS_S_COMPLETE) {
 		pgsserr("gss_free_lucid_sec_context",
 			maj_stat, min_stat, &krb5oid);
diff -Naur nfs-utils-1.2.9.orig/utils/gssd/krb5_util.c nfs-utils-1.2.9/utils/gssd/krb5_util.c
--- nfs-utils-1.2.9.orig/utils/gssd/krb5_util.c	2013-11-21 09:15:13.829824327 +0000
+++ nfs-utils-1.2.9/utils/gssd/krb5_util.c	2013-11-21 09:58:13.211577618 +0000
@@ -115,7 +115,7 @@
 #include <errno.h>
 #include <time.h>
 #include <gssapi/gssapi.h>
-#ifdef USE_PRIVATE_KRB5_FUNCTIONS
+#ifdef HAVE_HEIMDAL
 #include <gssapi/gssapi_krb5.h>
 #endif
 #include <krb5.h>
@@ -970,9 +970,37 @@
 {
 	krb5_error_code ret;
 	krb5_creds creds;
-	krb5_cc_cursor cur;
 	int found = 0;
 
+#ifdef HAVE_HEIMDAL
+        krb5_creds pattern;
+        krb5_const_realm client_realm;
+
+        krb5_cc_clear_mcred(&pattern);
+
+        client_realm = krb5_principal_get_realm (context, principal);
+
+        ret = krb5_make_principal (context, &pattern.server,
+                                   client_realm, KRB5_TGS_NAME, client_realm,
+                                   NULL);
+        if (ret)
+          krb5_err (context, 1, ret, "krb5_make_principal");
+        pattern.client = principal;
+
+        ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
+        krb5_free_principal (context, pattern.server);
+        if (ret) {
+          if (ret == KRB5_CC_END)
+             return 1;
+          krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
+        }
+
+        found = creds.times.endtime > time(NULL);
+
+        krb5_free_cred_contents (context, &creds);
+#else
+        krb5_cc_cursor cur;
+
 	ret = krb5_cc_start_seq_get(context, ccache, &cur);
 	if (ret) 
 		return 0;
@@ -992,7 +1020,7 @@
 		krb5_free_cred_contents(context, &creds);
 	}
 	krb5_cc_end_seq_get(context, ccache, &cur);
-
+#endif
 	return found;
 }
 
@@ -1038,6 +1066,9 @@
 	}
 	krb5_free_principal(context, principal);
 err_princ:
+#ifdef HAVE_HEIMDAL
+#define KRB5_TC_OPENCLOSE              0x00000001
+#endif
 	krb5_cc_set_flags(context, ccache,  KRB5_TC_OPENCLOSE);
 	krb5_cc_close(context, ccache);
 err_cache:
@@ -1452,12 +1483,21 @@
 	 * If we failed for any reason to produce global
 	 * list of supported enctypes, use local default here.
 	 */
+#ifdef HAVE_HEIMDAL
+        if (krb5_enctypes == NULL || limit_to_legacy_enctypes)
+                maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
+                                        num_enctypes, enctypes);
+        else
+                maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
+                                        num_krb5_enctypes, krb5_enctypes);
+#else
 	if (krb5_enctypes == NULL || limit_to_legacy_enctypes)
 		maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
 					&krb5oid, num_enctypes, enctypes);
 	else
 		maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
 					&krb5oid, num_krb5_enctypes, krb5_enctypes);
+#endif
 
 	if (maj_stat != GSS_S_COMPLETE) {
 		pgsserr("gss_set_allowable_enctypes",
diff -Naur nfs-utils-1.2.9.orig/utils/gssd/svcgssd_krb5.c nfs-utils-1.2.9/utils/gssd/svcgssd_krb5.c
--- nfs-utils-1.2.9.orig/utils/gssd/svcgssd_krb5.c	2013-11-21 09:15:13.830824315 +0000
+++ nfs-utils-1.2.9/utils/gssd/svcgssd_krb5.c	2013-11-21 09:59:25.854669454 +0000
@@ -217,8 +217,13 @@
 			"enctypes from defaults\n", __func__, num_enctypes);
 	}
 
+#ifdef HAVE_HEIMDAL
+        maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gssd_creds,
+                        num_enctypes, enctypes);
+#else
 	maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds,
 			&krb5oid, num_enctypes, enctypes);
+#endif
 	if (maj_stat != GSS_S_COMPLETE) {
 		printerr(1, "WARNING: gss_set_allowable_enctypes failed\n");
 		pgsserr("svcgssd_limit_krb5_enctypes: gss_set_allowable_enctypes",
Bump heimdal patch Package-Manager: portage-2.2.0_alpha188 RepoMan-Options: --force 2013-11-21 11:12:25 +01:00			`Submitted By: Mario Fetka (mario dot fetka at gmail dot com)`
			`Date: 2013-11-21`
			`Initial Package Version: 1.2.4`
			`Origin: http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/nfs-utils/nfs-utils-heimdal.patch?view=log`
			`Upstream Status: unknown`
			`Description: Add proper Heimdal support`

			`diff -Naur nfs-utils-1.2.9.orig/aclocal/kerberos5.m4 nfs-utils-1.2.9/aclocal/kerberos5.m4`
			`--- nfs-utils-1.2.9.orig/aclocal/kerberos5.m4 2013-11-21 09:15:13.833824277 +0000`
			`+++ nfs-utils-1.2.9/aclocal/kerberos5.m4 2013-11-21 09:46:48.325139877 +0000`
			`@@ -31,16 +31,16 @@`
			`fi`
			`if test "$K5CONFIG" != ""; then`
			KRBCFLAGS=`$K5CONFIG --cflags`
			- KRBLIBS=`$K5CONFIG --libs`
			+ KRBLIBS=`$K5CONFIG --libs gssapi`
			GSSKRB_CFLAGS=`$K5CONFIG --cflags gssapi`
			GSSKRB_LIBS=`$K5CONFIG --libs gssapi`
			- K5VERS=`$K5CONFIG --version \| head -n 1 \| awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
			`AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])`
			`if test -f $dir/include/gssapi/gssapi_krb5.h -a \`
			`\( -f $dir/lib/libgssapi_krb5.a -o \`
			`-f $dir/lib64/libgssapi_krb5.a -o \`
			`-f $dir/lib64/libgssapi_krb5.so -o \`
			`-f $dir/lib/libgssapi_krb5.so \) ; then`
			+ K5VERS=`$K5CONFIG --version \| head -n 1 \| awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
			`AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])`
			`KRBDIR="$dir"`
			`dnl If we are using MIT K5 1.3.1 and before, we MUST use the`
			`@@ -58,7 +58,11 @@`
			`dnl of Heimdal Kerberos on SuSe`
			`elif test \( -f $dir/include/heim_err.h -o\`
			`-f $dir/include/heimdal/heim_err.h \) -a \`
			`- -f $dir/lib/libroken.a; then`
			`+ \( -f $dir/lib/libroken.a -o \`
			`+ -f $dir/lib64/libroken.a -o \`
			`+ -f $dir/lib64/libroken.so -o \`
			`+ -f $dir/lib/libroken.so \) ; then`
			+ K5VERS=`$K5CONFIG --version \| head -n 1 \| awk '{split($(2),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
			`AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])`
			`KRBDIR="$dir"`
			`gssapi_lib=gssapi`
			`diff -Naur nfs-utils-1.2.9.orig/aclocal/rpcsec_vers.m4 nfs-utils-1.2.9/aclocal/rpcsec_vers.m4`
			`--- nfs-utils-1.2.9.orig/aclocal/rpcsec_vers.m4 2013-11-21 09:15:13.833824277 +0000`
			`+++ nfs-utils-1.2.9/aclocal/rpcsec_vers.m4 2013-11-21 09:22:55.731049767 +0000`
			`@@ -4,8 +4,11 @@`
			`AC_ARG_WITH([gssglue],`
			`[AC_HELP_STRING([--with-gssglue], [Use libgssglue for GSS support])])`
			`if test x"$with_gssglue" = x"yes"; then`
			`- PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])`
			`- AC_CHECK_LIB([gssglue], [gss_set_allowable_enctypes])`
			`+ dnl libgssglue is needed only for MIT Kerberos`
			`+ if test "$gssapi_lib" = gssapi_krb5; then`
			`+ PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3])`
			`+ AC_CHECK_LIB([gssglue], [gss_set_allowable_enctypes])`
			`+ fi`
			`fi`

			`dnl TI-RPC replaces librpcsecgss`
			`diff -Naur nfs-utils-1.2.9.orig/utils/gssd/context_lucid.c nfs-utils-1.2.9/utils/gssd/context_lucid.c`
			`--- nfs-utils-1.2.9.orig/utils/gssd/context_lucid.c 2013-11-21 09:15:13.830824315 +0000`
			`+++ nfs-utils-1.2.9/utils/gssd/context_lucid.c 2013-11-21 09:51:19.942744189 +0000`
			`@@ -266,8 +266,13 @@`
			`int retcode = 0;`

			`printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__);`
			`+#ifdef HAVE_HEIMDAL`
			`+ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,`
			`+ 1, &return_ctx);`
			`+#else`
			`maj_stat = gss_export_lucid_sec_context(&min_stat, ctx,`
			`1, &return_ctx);`
			`+#endif`
			`if (maj_stat != GSS_S_COMPLETE) {`
			`pgsserr("gss_export_lucid_sec_context",`
			`maj_stat, min_stat, &krb5oid);`
			`@@ -302,7 +307,11 @@`
			`else`
			`retcode = prepare_krb5_rfc4121_buffer(lctx, buf, endtime);`

			`+#ifdef HAVE_HEIMDAL`
			`+ maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, return_ctx);`
			`+#else`
			`maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);`
			`+#endif`
			`if (maj_stat != GSS_S_COMPLETE) {`
			`pgsserr("gss_free_lucid_sec_context",`
			`maj_stat, min_stat, &krb5oid);`
			`diff -Naur nfs-utils-1.2.9.orig/utils/gssd/krb5_util.c nfs-utils-1.2.9/utils/gssd/krb5_util.c`
			`--- nfs-utils-1.2.9.orig/utils/gssd/krb5_util.c 2013-11-21 09:15:13.829824327 +0000`
			`+++ nfs-utils-1.2.9/utils/gssd/krb5_util.c 2013-11-21 09:58:13.211577618 +0000`
			`@@ -115,7 +115,7 @@`
			`#include <errno.h>`
			`#include <time.h>`
			`#include <gssapi/gssapi.h>`
			`-#ifdef USE_PRIVATE_KRB5_FUNCTIONS`
			`+#ifdef HAVE_HEIMDAL`
			`#include <gssapi/gssapi_krb5.h>`
			`#endif`
			`#include <krb5.h>`
			`@@ -970,9 +970,37 @@`
			`{`
			`krb5_error_code ret;`
			`krb5_creds creds;`
			`- krb5_cc_cursor cur;`
			`int found = 0;`

			`+#ifdef HAVE_HEIMDAL`
			`+ krb5_creds pattern;`
			`+ krb5_const_realm client_realm;`
			`+`
			`+ krb5_cc_clear_mcred(&pattern);`
			`+`
			`+ client_realm = krb5_principal_get_realm (context, principal);`
			`+`
			`+ ret = krb5_make_principal (context, &pattern.server,`
			`+ client_realm, KRB5_TGS_NAME, client_realm,`
			`+ NULL);`
			`+ if (ret)`
			`+ krb5_err (context, 1, ret, "krb5_make_principal");`
			`+ pattern.client = principal;`
			`+`
			`+ ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);`
			`+ krb5_free_principal (context, pattern.server);`
			`+ if (ret) {`
			`+ if (ret == KRB5_CC_END)`
			`+ return 1;`
			`+ krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");`
			`+ }`
			`+`
			`+ found = creds.times.endtime > time(NULL);`
			`+`
			`+ krb5_free_cred_contents (context, &creds);`
			`+#else`
			`+ krb5_cc_cursor cur;`
			`+`
			`ret = krb5_cc_start_seq_get(context, ccache, &cur);`
			`if (ret)`
			`return 0;`
			`@@ -992,7 +1020,7 @@`
			`krb5_free_cred_contents(context, &creds);`
			`}`
			`krb5_cc_end_seq_get(context, ccache, &cur);`
			`-`
			`+#endif`
			`return found;`
			`}`

			`@@ -1038,6 +1066,9 @@`
			`}`
			`krb5_free_principal(context, principal);`
			`err_princ:`
			`+#ifdef HAVE_HEIMDAL`
			`+#define KRB5_TC_OPENCLOSE 0x00000001`
			`+#endif`
			`krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);`
			`krb5_cc_close(context, ccache);`
			`err_cache:`
			`@@ -1452,12 +1483,21 @@`
			`* If we failed for any reason to produce global`
			`* list of supported enctypes, use local default here.`
			`*/`
			`+#ifdef HAVE_HEIMDAL`
			`+ if (krb5_enctypes == NULL \|\| limit_to_legacy_enctypes)`
			`+ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,`
			`+ num_enctypes, enctypes);`
			`+ else`
			`+ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,`
			`+ num_krb5_enctypes, krb5_enctypes);`
			`+#else`
			`if (krb5_enctypes == NULL \|\| limit_to_legacy_enctypes)`
			`maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,`
			`&krb5oid, num_enctypes, enctypes);`
			`else`
			`maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,`
			`&krb5oid, num_krb5_enctypes, krb5_enctypes);`
			`+#endif`

			`if (maj_stat != GSS_S_COMPLETE) {`
			`pgsserr("gss_set_allowable_enctypes",`
			`diff -Naur nfs-utils-1.2.9.orig/utils/gssd/svcgssd_krb5.c nfs-utils-1.2.9/utils/gssd/svcgssd_krb5.c`
			`--- nfs-utils-1.2.9.orig/utils/gssd/svcgssd_krb5.c 2013-11-21 09:15:13.830824315 +0000`
			`+++ nfs-utils-1.2.9/utils/gssd/svcgssd_krb5.c 2013-11-21 09:59:25.854669454 +0000`
			`@@ -217,8 +217,13 @@`
			`"enctypes from defaults\n", __func__, num_enctypes);`
			`}`

			`+#ifdef HAVE_HEIMDAL`
			`+ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gssd_creds,`
			`+ num_enctypes, enctypes);`
			`+#else`
			`maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds,`
			`&krb5oid, num_enctypes, enctypes);`
			`+#endif`
			`if (maj_stat != GSS_S_COMPLETE) {`
			`printerr(1, "WARNING: gss_set_allowable_enctypes failed\n");`
			`pgsserr("svcgssd_limit_krb5_enctypes: gss_set_allowable_enctypes",`