rpms/mod_auth_kerb/devel mod_auth_kerb-5.0-rc6-krb15.patch, NONE, 1.1
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jul 20 10:16:26 UTC 2006
Author: jorton
Update of /cvs/dist/rpms/mod_auth_kerb/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1651
Added Files:
mod_auth_kerb-5.0-rc6-krb15.patch
Log Message:
* Thu Jul 20 2006 Joe Orton <jorton at redhat.com> 5.0-9
- add Russ Allbery's fix for disabling replay cache with krb15
mod_auth_kerb-5.0-rc6-krb15.patch:
mod_auth_kerb.c | 52 ++--------------------------------------------------
1 files changed, 2 insertions(+), 50 deletions(-)
--- NEW FILE mod_auth_kerb-5.0-rc6-krb15.patch ---
Forcibly disable the replay cache using the environment variable
rather than trying to hack through libkrb5 internals (doomed to failure).
Patch by: Russ Allbery <rra stanford.edu>
--- mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c.krb14 2006-07-20 11:05:41.000000000 +0100
+++ mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c 2006-07-20 11:11:16.000000000 +0100
@@ -215,35 +215,6 @@
{ NULL }
};
-#if defined(KRB5) && !defined(HEIMDAL)
-/* Needed to work around problems with replay caches */
-#include "mit-internals.h"
-
-/* This is our replacement krb5_rc_store function */
-static krb5_error_code
-mod_auth_kerb_rc_store(krb5_context context, krb5_rcache rcache,
- krb5_donot_replay_internal *donot_replay)
-{
- return 0;
-}
-
-/* And this is the operations vector for our replay cache */
-const krb5_rc_ops_internal mod_auth_kerb_rc_ops = {
- 0,
- "dfl",
- krb5_rc_dfl_init,
- krb5_rc_dfl_recover,
- krb5_rc_dfl_destroy,
- krb5_rc_dfl_close,
- mod_auth_kerb_rc_store,
- krb5_rc_dfl_expunge,
- krb5_rc_dfl_get_span,
- krb5_rc_dfl_get_name,
- krb5_rc_dfl_resolve
-};
-#endif
-
-
/***************************************************************************
Auth Configuration Initialization
***************************************************************************/
@@ -1055,27 +1026,6 @@
"gss_acquire_cred() failed"));
return HTTP_INTERNAL_SERVER_ERROR;
}
-
-#ifndef HEIMDAL
- /*
- * With MIT Kerberos 5 1.3.x the gss_cred_id_t is the same as
- * krb5_gss_cred_id_t and krb5_gss_cred_id_rec contains a pointer to
- * the replay cache.
- * This allows us to override the replay cache function vector with
- * our own one.
- * Note that this is a dirty hack to get things working and there may
- * well be unknown side-effects.
- */
- {
- krb5_gss_cred_id_t gss_creds = (krb5_gss_cred_id_t) *server_creds;
-
- if (gss_creds && gss_creds->rcache && gss_creds->rcache->ops &&
- gss_creds->rcache->ops->type &&
- memcmp(gss_creds->rcache->ops->type, "dfl", 3) == 0)
- /* Override the rcache operations */
- gss_creds->rcache->ops = &mod_auth_kerb_rc_ops;
- }
-#endif
return 0;
}
@@ -1455,6 +1405,8 @@
apr_pool_t *ptemp, server_rec *s)
{
ap_add_version_component(p, "mod_auth_kerb/" MODAUTHKERB_VERSION);
+ if (getenv("KRB5RCACHETYPE") == NULL)
+ putenv("KRB5RCACHETYPE=none");
return OK;
}
More information about the fedora-cvs-commits
mailing list