rpms/krb5/devel krb5-trunk-spnego_delegation.patch, NONE, 1.1 krb5.spec, 1.138, 1.139

Nalin Somabhai Dahyabhai (nalin) fedora-extras-commits at redhat.com
Thu Oct 4 22:09:13 UTC 2007 

Author: nalin

Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30465

Modified Files:
	krb5.spec 
Added Files:
	krb5-trunk-spnego_delegation.patch 
Log Message:
- proposed fix for not being able to find delegated krb5 creds when using spnego


krb5-trunk-spnego_delegation.patch:

--- NEW FILE krb5-trunk-spnego_delegation.patch ---
An spnego credential is itself a union credential, so search through it
when we're looking for credentials of a mechanism which may already have
been wrapped by spnego.

Index: src/lib/gssapi/mechglue/g_glue.c
===================================================================
--- src/lib/gssapi/mechglue/g_glue.c	(revision 20093)
+++ src/lib/gssapi/mechglue/g_glue.c	(working copy)
@@ -33,6 +33,8 @@
 #define	MSO_BIT (8*(sizeof (int) - 1))  /* Most significant octet bit */
 
 extern gss_mechanism *gssint_mechs_array;
+#define SPNEGO_OID_LENGTH 6
+#define SPNEGO_OID "\053\006\001\005\005\002"
 
 /*
  * This file contains the support routines for the glue layer.
@@ -548,6 +550,8 @@
     gss_OID		mech_type;
 {
     int		i;
+    gss_union_cred_t	spnego_cred;
+    gss_cred_id_t	mech_cred;
     
     if (union_cred == GSS_C_NO_CREDENTIAL)
 	return GSS_C_NO_CREDENTIAL;
@@ -555,6 +559,17 @@
     for (i=0; i < union_cred->count; i++) {
 	if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
 	    return union_cred->cred_array[i];
+
+	/* if this is an spnego credential, search its contents */
+	if ((union_cred->mechs_array[i].length == SPNEGO_OID_LENGTH) &&
+	    (memcmp(union_cred->mechs_array[i].elements,
+		    SPNEGO_OID,
+		    SPNEGO_OID_LENGTH) == 0)) {
+	    spnego_cred = union_cred->cred_array[i];
+	    mech_cred = gssint_get_mechanism_cred(spnego_cred, mech_type);
+	    if (mech_cred != GSS_C_NO_CREDENTIAL)
+		return mech_cred;
+	}
     }
     return GSS_C_NO_CREDENTIAL;
 }


Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.138
retrieving revision 1.139
diff -u -r1.138 -r1.139
--- krb5.spec	1 Oct 2007 19:40:47 -0000	1.138
+++ krb5.spec	4 Oct 2007 22:08:39 -0000	1.139
@@ -93,6 +93,7 @@
 Patch63: krb5-1.6.1-selinux-label.patch
 Patch64: krb5-ok-as-delegate.patch
 Patch67: krb5-trunk-server_delegation.patch
+Patch68: krb5-trunk-spnego_delegation.patch
 
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
@@ -1240,6 +1241,7 @@
 #%patch59 -p0 -b .kpasswd_tcp
 #%patch64 -p0 -b .ok-as-delegate
 #%patch67 -p0 -b .server-delegation
+#%patch68 -p0 -b .spnego_delegation
 cp src/krb524/README README.krb524
 gzip doc/*.ps

More information about the fedora-extras-commits mailing list