packages: heimdal/heimdal.spec, heimdal/heimdal-kcm.patch - rel 9 - pull "m...
baggins
baggins at pld-linux.org
Tue Oct 19 23:20:21 CEST 2010
Author: baggins Date: Tue Oct 19 21:20:21 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 9
- pull "make kcm work on *nix" fixes from upstream
---- Files affected:
packages/heimdal:
heimdal.spec (1.220 -> 1.221) , heimdal-kcm.patch (1.3 -> 1.4)
---- Diffs:
================================================================
Index: packages/heimdal/heimdal.spec
diff -u packages/heimdal/heimdal.spec:1.220 packages/heimdal/heimdal.spec:1.221
--- packages/heimdal/heimdal.spec:1.220 Mon Oct 18 18:22:09 2010
+++ packages/heimdal/heimdal.spec Tue Oct 19 23:20:16 2010
@@ -9,7 +9,7 @@
Summary(pl.UTF-8): Implementacja Heimdal systemu Kerberos V5
Name: heimdal
Version: 1.4
-Release: 8
+Release: 9
License: Free
Group: Networking
Source0: http://www.h5l.org/dist/src/%{name}-%{version}.tar.gz
@@ -38,6 +38,7 @@
Patch10: %{name}-sbindir.patch
Patch11: %{name}-ntlm-digest.patch
Patch12: %{name}-krb5config-nosysdirs.patch
+Patch13: %{name}-kcm.patch
URL: http://www.h5l.org/
BuildRequires: autoconf >= 2.62
BuildRequires: automake >= 1:1.10.3
@@ -367,6 +368,7 @@
%patch10 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
%build
%{__rm} acinclude.m4 cf/{libtool,lt*}.m4
@@ -814,6 +816,10 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.221 2010/10/19 21:20:16 baggins
+- rel 9
+- pull "make kcm work on *nix" fixes from upstream
+
Revision 1.220 2010/10/18 16:22:09 baggins
- rel 8
- fix missing symbol in libkrb5
================================================================
Index: packages/heimdal/heimdal-kcm.patch
diff -u /dev/null packages/heimdal/heimdal-kcm.patch:1.4
--- /dev/null Tue Oct 19 23:20:21 2010
+++ packages/heimdal/heimdal-kcm.patch Tue Oct 19 23:20:16 2010
@@ -0,0 +1,285 @@
+diff --git a/kcm/cache.c b/kcm/cache.c
+index 8a27ba0..d0a5b6f 100644
+--- a/kcm/cache.c
++++ b/kcm/cache.c
+@@ -428,6 +428,8 @@ kcm_release_ccache(krb5_context context, kcm_ccache c)
+
+ HEIMDAL_MUTEX_lock(&c->mutex);
+ if (c->refcnt == 1) {
++ kcm_free_ccache_data_internal(context, c);
++ free(c);
+ } else {
+ c->refcnt--;
+ HEIMDAL_MUTEX_unlock(&c->mutex);
+diff --git a/kcm/protocol.c b/kcm/protocol.c
+index de65599..a019edd 100644
+--- a/kcm/protocol.c
++++ b/kcm/protocol.c
+@@ -948,6 +948,13 @@ kcm_op_move_cache(krb5_context context,
+ return ret;
+ }
+
++ /* move to ourself is simple, done! */
++ if (strcmp(oldname, newname) == 0) {
++ free(oldname);
++ free(newname);
++ return 0;
++ }
++
+ ret = kcm_ccache_resolve_client(context, client, opcode, oldname, &oldid);
+ if (ret) {
+ free(oldname);
+diff --git a/lib/ipc/hi_locl.h b/lib/ipc/hi_locl.h
+index b9a094f..1cbab32 100644
+--- a/lib/ipc/hi_locl.h
++++ b/lib/ipc/hi_locl.h
+@@ -49,6 +49,10 @@
+ #include <krb5-types.h>
+ #include <asn1-common.h>
+
++#ifdef HAVE_SYS_UN_H
++#include <sys/un.h>
++#endif
++
+ #include <base64.h>
+
+ #include <heim-ipc.h>
+diff --git a/lib/ipc/server.c b/lib/ipc/server.c
+index e2f771c..81127b7 100644
+--- a/lib/ipc/server.c
++++ b/lib/ipc/server.c
+@@ -456,6 +456,7 @@ struct client {
+ #define INHERIT_MASK 0xffff0000
+ #define INCLUDE_ERROR_CODE (1 << 16)
+ #define ALLOW_HTTP (1<<17)
++#define UNIX_SOCKET (1<<18)
+ unsigned calls;
+ size_t ptr, len;
+ uint8_t *inmsg;
+@@ -465,6 +466,11 @@ struct client {
+ dispatch_source_t in;
+ dispatch_source_t out;
+ #endif
++ struct {
++ uid_t uid;
++ gid_t gid;
++ pid_t pid;
++ } unixrights;
+ };
+
+ #ifndef HAVE_GCD
+@@ -476,6 +482,132 @@ static void handle_read(struct client *);
+ static void handle_write(struct client *);
+ static int maybe_close(struct client *);
+
++/*
++ * Update peer credentials from socket.
++ *
++ * SCM_CREDS can only be updated the first time there is read data to
++ * read from the filedescriptor, so if we read do it before this
++ * point, the cred data might not be is not there yet.
++ */
++
++static int
++update_client_creds(struct client *c)
++{
++#ifdef HAVE_GETPEERUCRED
++ /* Solaris 10 */
++ {
++ ucred_t *peercred;
++
++ if (getpeerucred(c->fd, &peercred) != 0) {
++ c->unixrights.uid = ucred_geteuid(peercred);
++ c->unixrights.gid = ucred_getegid(peercred);
++ c->unixrights.pid = 0;
++ ucred_free(peercred);
++ return 1;
++ }
++ }
++#endif
++#ifdef HAVE_GETPEEREID
++ /* FreeBSD, OpenBSD */
++ {
++ uid_t uid;
++ gid_t gid;
++
++ if (getpeereid(c->fd, &uid, &gid) == 0) {
++ c->unixrights.uid = uid;
++ c->unixrights.gid = gid;
++ c->unixrights.pid = 0;
++ return 1;
++ }
++ }
++#endif
++#ifdef SO_PEERCRED
++ /* Linux */
++ {
++ struct ucred pc;
++ socklen_t pclen = sizeof(pc);
++
++ if (getsockopt(c->fd, SOL_SOCKET, SO_PEERCRED, (void *)&pc, &pclen) == 0) {
++ c->unixrights.uid = pc.uid;
++ c->unixrights.gid = pc.gid;
++ c->unixrights.pid = pc.pid;
++ return 1;
++ }
++ }
++#endif
++#if defined(LOCAL_PEERCRED) && defined(XUCRED_VERSION)
++ {
++ struct xucred peercred;
++ socklen_t peercredlen = sizeof(peercred);
++
++ if (getsockopt(c->fd, LOCAL_PEERCRED, 1,
++ (void *)&peercred, &peercredlen) == 0
++ && peercred.cr_version == XUCRED_VERSION)
++ {
++ c->unixrights.uid = peercred.cr_uid;
++ c->unixrights.gid = peercred.cr_gid;
++ c->unixrights.pid = 0;
++ return 1;
++ }
++ }
++#endif
++#if defined(SOCKCREDSIZE) && defined(SCM_CREDS)
++ /* NetBSD */
++ if (c->unixrights.uid == -1) {
++ struct msghdr msg;
++ socklen_t crmsgsize;
++ void *crmsg;
++ struct cmsghdr *cmp;
++ struct sockcred *sc;
++
++ memset(&msg, 0, sizeof(msg));
++ crmsgsize = CMSG_SPACE(SOCKCREDSIZE(NGROUPS));
++ if (crmsgsize == 0)
++ return 1 ;
++
++ crmsg = malloc(crmsgsize);
++ if (crmsg == NULL)
++ goto failed_scm_creds;
++
++ memset(crmsg, 0, crmsgsize);
++
++ msg.msg_control = crmsg;
++ msg.msg_controllen = crmsgsize;
++
++ if (recvmsg(c->fd, &msg, 0) < 0) {
++ free(crmsg);
++ goto failed_scm_creds;
++ }
++
++ if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) {
++ free(crmsg);
++ goto failed_scm_creds;
++ }
++
++ cmp = CMSG_FIRSTHDR(&msg);
++ if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) {
++ free(crmsg);
++ goto failed_scm_creds;
++ }
++
++ sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
++
++ c->unixrights.uid = sc->sc_euid;
++ c->unixrights.gid = sc->sc_egid;
++ c->unixrights.pid = 0;
++
++ free(crmsg);
++ return 1;
++ } else {
++ /* we already got the cred, just return it */
++ return 1;
++ }
++ failed_scm_creds:
++#endif
++ return 0;
++}
++
++
+ static struct client *
+ add_new_socket(int fd,
+ int flags,
+@@ -569,6 +701,7 @@ maybe_close(struct client *c)
+ struct socket_call {
+ heim_idata in;
+ struct client *c;
++ heim_icred cred;
+ };
+
+ static void
+@@ -616,7 +749,8 @@ socket_complete(heim_sipc_call ctx, int returnvalue, heim_idata *reply)
+ }
+
+ c->calls--;
+-
++ if (sc->cred)
++ heim_ipc_free_cred(sc->cred);
+ free(sc->in.data);
+ sc->c = NULL; /* so we can catch double complete */
+ free(sc);
+@@ -782,7 +916,7 @@ handle_read(struct client *c)
+ c->flags &= ~WAITING_READ;
+ return;
+ }
+- if (dlen < c->ptr - sizeof(dlen)) {
++ if (dlen > c->ptr - sizeof(dlen)) {
+ break;
+ }
+
+@@ -799,8 +933,15 @@ handle_read(struct client *c)
+ }
+
+ c->calls++;
++
++ if ((c->flags & UNIX_SOCKET) != 0) {
++ if (update_client_creds(c))
++ _heim_ipc_create_cred(c->unixrights.uid, c->unixrights.gid,
++ c->unixrights.pid, -1, &cs->cred);
++ }
++
+ c->callback(c->userctx, &cs->in,
+- NULL, socket_complete,
++ cs->cred, socket_complete,
+ (heim_sipc_call)cs);
+ }
+ }
+@@ -924,6 +1065,11 @@ heim_sipc_stream_listener(int fd, int type,
+
+ ct->mech = c;
+ ct->release = socket_release;
++
++ c->unixrights.uid = (uid_t) -1;
++ c->unixrights.gid = (gid_t) -1;
++ c->unixrights.pid = (pid_t) 0;
++
+ *ctx = ct;
+ return 0;
+ }
+@@ -934,7 +1080,7 @@ heim_sipc_service_unix(const char *service,
+ void *user, heim_sipc *ctx)
+ {
+ struct sockaddr_un un;
+- int fd;
++ int fd, ret;
+
+ un.sun_family = AF_UNIX;
+
+@@ -966,8 +1112,14 @@ heim_sipc_service_unix(const char *service,
+
+ chmod(un.sun_path, 0666);
+
+- return heim_sipc_stream_listener(fd, HEIM_SIPC_TYPE_IPC,
+- callback, user, ctx);
++ ret = heim_sipc_stream_listener(fd, HEIM_SIPC_TYPE_IPC,
++ callback, user, ctx);
++ if (ret == 0) {
++ struct client *c = (*ctx)->mech;
++ c->flags |= UNIX_SOCKET;
++ }
++
++ return ret;
+ }
+
+ /**
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/heimdal/heimdal.spec?r1=1.220&r2=1.221&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/heimdal/heimdal-kcm.patch?r1=1.3&r2=1.4&f=u
More information about the pld-cvs-commit
mailing list