rpms/krb5/devel krb5-1.6.2-dirsrv-accountlock.patch, NONE, 1.1 krb5.spec, 1.154, 1.155
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Mon Feb 18 18:45:15 UTC 2008
Author: nalin
Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25146
Modified Files:
krb5.spec
Added Files:
krb5-1.6.2-dirsrv-accountlock.patch
Log Message:
- drop netdb patch
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora,
Netscape, Red Hat Directory Server (Simo Sorce)
krb5-1.6.2-dirsrv-accountlock.patch:
--- NEW FILE krb5-1.6.2-dirsrv-accountlock.patch ---
diff -ur krb5-1.6.2.orig/src/aclocal.m4 krb5-1.6.2/src/aclocal.m4
--- krb5-1.6.2.orig/src/aclocal.m4 2007-11-20 11:39:51.000000000 -0500
+++ krb5-1.6.2/src/aclocal.m4 2007-11-20 12:09:56.000000000 -0500
@@ -1798,6 +1798,12 @@
yes | no) ;;
*) AC_MSG_ERROR(Invalid option value --with-edirectory="$withval") ;;
esac], with_edirectory=no)dnl
+AC_ARG_WITH([dirsrv],
+[ --with-dirsrv compile Red Hat/Fedora/Netscape Directory Server database backend module],
+[case "$withval" in
+ yes | no) ;;
+ *) AC_MSG_ERROR(Invalid option value --with-dirsrv="$withval") ;;
+esac], with_dirsrv=no)dnl
if test $with_ldap = yes; then
if test $with_edirectory = yes; then
@@ -1809,6 +1815,10 @@
AC_MSG_NOTICE(enabling eDirectory database backend module support)
OPENLDAP_PLUGIN=yes
AC_DEFINE(HAVE_EDIRECTORY,1,[Define if LDAP KDB interface should assume eDirectory.])
+elif test $with_dirsrv = yes; then
+ AC_MSG_NOTICE(enabling Red Hat/Fedora/Netscape Directory Server database backend module support)
+ OPENLDAP_PLUGIN=yes
+ AC_DEFINE(HAVE_DIRSRV,1,[Define if LDAP KDB interface should assume RHDS/FDS/NDS.])
else
: # neither enabled
dnl AC_MSG_NOTICE(disabling ldap backend module support)
diff -ur krb5-1.6.2.orig/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c krb5-1.6.2/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
--- krb5-1.6.2.orig/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2006-12-21 23:28:09.000000000 -0500
+++ krb5-1.6.2/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2007-11-20 12:04:10.000000000 -0500
@@ -2141,6 +2141,22 @@
}
}
#endif
+#ifdef HAVE_DIRSRV
+ {
+ krb5_timestamp expiretime=0;
+ char *is_login_disabled=NULL;
+
+ /* LOGIN DISABLED */
+ if ((st=krb5_ldap_get_string(ld, ent, "nsaccountlock", &is_login_disabled,
+ &attr_present)) != 0)
+ goto cleanup;
+ if (attr_present == TRUE) {
+ if (strcasecmp(is_login_disabled, "TRUE")== 0)
+ entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+ free (is_login_disabled);
+ }
+ }
+#endif
if ((st=krb5_read_tkt_policy (context, ldap_context, entry, tktpolname)) !=0)
goto cleanup;
diff -ur krb5-1.6.2.orig/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c krb5-1.6.2/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
--- krb5-1.6.2.orig/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c 2007-01-03 19:27:26.000000000 -0500
+++ krb5-1.6.2/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c 2007-11-20 12:00:27.000000000 -0500
@@ -57,6 +57,9 @@
"loginexpirationtime",
"logindisabled",
#endif
+#ifdef HAVE_DIRSRV
+ "nsaccountlock",
+#endif
"loginexpirationtime",
"logindisabled",
"modifytimestamp",
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.154
retrieving revision 1.155
diff -u -r1.154 -r1.155
--- krb5.spec 13 Feb 2008 23:10:32 -0000 1.154
+++ krb5.spec 18 Feb 2008 18:44:39 -0000 1.155
@@ -1,5 +1,6 @@
%define WITH_LDAP 1
%define WITH_OPENSSL 1
+%define WITH_DIRSRV 1
%define krb5prefix %{_prefix}/kerberos
@@ -15,7 +16,7 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.6.3
-Release: 6%{?dist}
+Release: 7%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -94,7 +95,7 @@
Patch68: krb5-trunk-spnego_delegation.patch
Patch69: krb5-trunk-seqnum.patch
Patch70: krb5-trunk-kpasswd_tcp2.patch
-Patch71: krb5-1.6.3-netdb.patch
+Patch71: krb5-1.6.2-dirsrv-accountlock.patch
License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/
@@ -225,6 +226,12 @@
certificate.
%changelog
+* Mon Feb 18 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-7
+- drop netdb patch
+- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
+ the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora,
+ Netscape, Red Hat Directory Server (Simo Sorce)
+
* Wed Feb 13 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-6
- patch to avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV
@@ -1294,7 +1301,7 @@
%patch68 -p0 -b .spnego_delegation
%patch69 -p0 -b .seqnum
#%patch70 -p0 -b .kpasswd_tcp2
-%patch71 -p1 -b .netdb
+%patch71 -p1 -b .dirsrv-accountlock
cp src/krb524/README README.krb524
gzip doc/*.ps
@@ -1350,12 +1357,6 @@
%ifarch %{ix86} s390 ppc sparc
DEFINES="-D_FILE_OFFSET_BITS=64" ; export DEFINES
%endif
-# Enable or disable the LDAP plugin.
-%if %{WITH_LDAP}
-OPENLDAP_PLUGIN=yes
-%else
-OPENLDAP_PLUGIN=""
-%endif
# Enable or disable the PKINIT plugin. The configure script only checks for
# the version of OpenSSL being okay, so for now we have to use that to control
# whether or not it tries to build the module.
@@ -1371,7 +1372,6 @@
CC=%{__cc} \
CFLAGS="$CFLAGS" \
CPPFLAGS="$CPPFLAGS" \
- OPENLDAP_PLUGIN="$OPENLDAP_PLUGIN" \
SS_LIB="-lss -lcurses" \
--enable-shared \
%if %{build_static}
@@ -1388,6 +1388,13 @@
--with-netlib=-lresolv \
--without-tcl \
--enable-dns \
+%if %{WITH_LDAP}
+%if %{WITH_DIRSRV}
+ --with-dirsrv \
+%else
+ --with-ldap \
+%endif
+%endif
--with-pam \
--with-pam-login-service=%{login_pam_service} \
--with-selinux
More information about the fedora-extras-commits
mailing list