rpms/mod_auth_kerb/devel mod_auth_kerb-5.0-rc6-krb15.patch, NONE, 1.1

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Jul 20 10:16:26 UTC 2006 

Author: jorton

Update of /cvs/dist/rpms/mod_auth_kerb/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1651

Added Files:
	mod_auth_kerb-5.0-rc6-krb15.patch 
Log Message:
* Thu Jul 20 2006 Joe Orton <jorton at redhat.com> 5.0-9
- add Russ Allbery's fix for disabling replay cache with krb15


mod_auth_kerb-5.0-rc6-krb15.patch:
 mod_auth_kerb.c |   52 ++--------------------------------------------------
 1 files changed, 2 insertions(+), 50 deletions(-)

--- NEW FILE mod_auth_kerb-5.0-rc6-krb15.patch ---

Forcibly disable the replay cache using the environment variable
rather than trying to hack through libkrb5 internals (doomed to failure).

Patch by: Russ Allbery <rra stanford.edu>

--- mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c.krb14	2006-07-20 11:05:41.000000000 +0100
+++ mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c	2006-07-20 11:11:16.000000000 +0100
@@ -215,35 +215,6 @@
    { NULL }
 };
 
-#if defined(KRB5) && !defined(HEIMDAL)
-/* Needed to work around problems with replay caches */
-#include "mit-internals.h"
-
-/* This is our replacement krb5_rc_store function */
-static krb5_error_code
-mod_auth_kerb_rc_store(krb5_context context, krb5_rcache rcache,
-                       krb5_donot_replay_internal *donot_replay)
-{
-   return 0;
-}
-
-/* And this is the operations vector for our replay cache */
-const krb5_rc_ops_internal mod_auth_kerb_rc_ops = {
-  0,
-  "dfl",
-  krb5_rc_dfl_init,
-  krb5_rc_dfl_recover,
-  krb5_rc_dfl_destroy,
-  krb5_rc_dfl_close,
-  mod_auth_kerb_rc_store,
-  krb5_rc_dfl_expunge,
-  krb5_rc_dfl_get_span,
-  krb5_rc_dfl_get_name,
-  krb5_rc_dfl_resolve
-};
-#endif
-
-
 /*************************************************************************** 
  Auth Configuration Initialization
  ***************************************************************************/
@@ -1055,27 +1026,6 @@
 		 		     "gss_acquire_cred() failed"));
       return HTTP_INTERNAL_SERVER_ERROR;
    }
-
-#ifndef HEIMDAL
-   /*
-    * With MIT Kerberos 5 1.3.x the gss_cred_id_t is the same as
-    * krb5_gss_cred_id_t and krb5_gss_cred_id_rec contains a pointer to
-    * the replay cache.
-    * This allows us to override the replay cache function vector with
-    * our own one.
-    * Note that this is a dirty hack to get things working and there may
-    * well be unknown side-effects.
-    */
-   {
-      krb5_gss_cred_id_t gss_creds = (krb5_gss_cred_id_t) *server_creds;
-
-      if (gss_creds && gss_creds->rcache && gss_creds->rcache->ops &&
-	  gss_creds->rcache->ops->type &&  
-	  memcmp(gss_creds->rcache->ops->type, "dfl", 3) == 0)
-          /* Override the rcache operations */
-	 gss_creds->rcache->ops = &mod_auth_kerb_rc_ops;
-   }
-#endif
    
    return 0;
 }
@@ -1455,6 +1405,8 @@
       		  apr_pool_t *ptemp, server_rec *s)
 {
    ap_add_version_component(p, "mod_auth_kerb/" MODAUTHKERB_VERSION);
+   if (getenv("KRB5RCACHETYPE") == NULL)
+      putenv("KRB5RCACHETYPE=none");
    return OK;
 }

More information about the fedora-cvs-commits mailing list