[csw-devel] SF.net SVN: gar:[16204] csw/mgar/pkg/krb5-lib/trunk

Thu Nov 17 11:12:47 CET 2011

Revision: 16204
          http://gar.svn.sourceforge.net/gar/?rev=16204&view=rev
Author:   wahwah
Date:     2011-11-17 10:12:46 +0000 (Thu, 17 Nov 2011)
Log Message:
-----------
krb5-lib/trunk: An experimental patch

Modified Paths:
--------------
    csw/mgar/pkg/krb5-lib/trunk/Makefile

Added Paths:
-----------
    csw/mgar/pkg/krb5-lib/trunk/files/0005-krb5_set_password_using_ccache.patch

Modified: csw/mgar/pkg/krb5-lib/trunk/Makefile
===================================================================

--- csw/mgar/pkg/krb5-lib/trunk/Makefile	2011-11-16 19:00:42 UTC (rev 16203)
+++ csw/mgar/pkg/krb5-lib/trunk/Makefile	2011-11-17 10:12:46 UTC (rev 16204)
@@ -25,7 +25,8 @@
 # PATCHFILES += 0003-local-libraries-first-when-linking.patch
 PATCHFILES += 0004-libkdb_ldap-isblank-define.patch
 PATCHFILES += 0005-Add-strings.h-to-setenv.c-for-strlen-and-other-stuff.patch
-PATCHFILES += krb5-1.9.2-krb5_set_password_using_ccache.patch
+# PATCHFILES += krb5-1.9.2-krb5_set_password_using_ccache.patch
+PATCHFILES += 0005-krb5_set_password_using_ccache.patch
 
 BUILD_DEP_PKGS = CSWtcl
 

Added: csw/mgar/pkg/krb5-lib/trunk/files/0005-krb5_set_password_using_ccache.patch
===================================================================
--- csw/mgar/pkg/krb5-lib/trunk/files/0005-krb5_set_password_using_ccache.patch	                        (rev 0)
+++ csw/mgar/pkg/krb5-lib/trunk/files/0005-krb5_set_password_using_ccache.patch	2011-11-17 10:12:46 UTC (rev 16204)
@@ -0,0 +1,54 @@
+From 5add46d3f22a770dff0dbf4267df5d79a25ac32b Mon Sep 17 00:00:00 2001
+From: Maciej Blizinski <maciej at opencsw.org>
+Date: Thu, 17 Nov 2011 11:08:47 +0100
+Subject: [PATCH] krb5_set_password_using_ccache
+
+---
+ src/include/k5-trace.h       |    3 +++
+ src/lib/krb5/krb/get_creds.c |    9 ++++++++-
+ 2 files changed, 11 insertions(+), 1 deletions(-)
+
+diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h
+index b85e59c..d14caa3 100644
+--- a/src/include/k5-trace.h
++++ b/src/include/k5-trace.h
+@@ -330,6 +330,9 @@
+     TRACE(c, (c, "TGS request result: {kerr}", code))
+ #define TRACE_TKT_CREDS_RETRY_TCP(c) \
+     TRACE(c, (c, "Request or response is too big for UDP; retrying with TCP"))
++#define TRACE_TKT_CREDS_SAME_REALM_TGT(c, realm)                        \
++    TRACE(c, (c, "Received TGT referral back to same realm ({data}); trying " \
++              "again without referrals", realm))
+ #define TRACE_TKT_CREDS_SERVICE_REQ(c, princ, referral) \
+     TRACE(c, (c, "Requesting tickets for {princ}, referrals {str}", princ, \
+               (referral) ? "on" : "off"))
+diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
+index d72fa8a..450e7d8 100644
+--- a/src/lib/krb5/krb/get_creds.c
++++ b/src/lib/krb5/krb/get_creds.c
+@@ -566,6 +566,14 @@ step_referrals(krb5_context context, krb5_tkt_creds_context ctx)
+         return begin_non_referral(context, ctx);
+     }
+ 
++    /* Active Directory may return a TGT to the local realm.  Try a
++     * non-referral query if we see this. */
++    referral_realm = &ctx->reply_creds->server->data[1];
++    if (data_eq(*referral_realm, ctx->cur_tgt->server->data[1])) {
++        TRACE_TKT_CREDS_SAME_REALM_TGT(context, referral_realm);
++        return begin_non_referral(context, ctx);
++    }
++
+     if (ctx->referral_count == 1) {
+         /* Cache the referral TGT only if it's from the local realm.
+          * Make sure to note the associated authdata, if any. */
+@@ -586,7 +594,6 @@ step_referrals(krb5_context context, krb5_tkt_creds_context ctx)
+         return KRB5_KDC_UNREACH;
+ 
+     /* Check for referral loops. */
+-    referral_realm = &ctx->reply_creds->server->data[1];
+     if (seen_realm_before(context, ctx, referral_realm))
+         return KRB5_KDC_UNREACH;
+     code = remember_realm(context, ctx, referral_realm);
+-- 
+1.7.6.1
+

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

