heimdal-kcm.patch - rel 9 - pull "m...

baggins Tue, 19 Oct 2010 14:20:31 -0700

Author: baggins                      Date: Tue Oct 19 21:20:21 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel 9
- pull "make kcm work on *nix" fixes from upstream


---- Files affected:
packages/heimdal:
   heimdal.spec (1.220 -> 1.221) , heimdal-kcm.patch (1.3 -> 1.4) 

---- Diffs:

================================================================
Index: packages/heimdal/heimdal.spec
diff -u packages/heimdal/heimdal.spec:1.220 packages/heimdal/heimdal.spec:1.221
--- packages/heimdal/heimdal.spec:1.220 Mon Oct 18 18:22:09 2010
+++ packages/heimdal/heimdal.spec       Tue Oct 19 23:20:16 2010
@@ -9,7 +9,7 @@
 Summary(pl.UTF-8):     Implementacja Heimdal systemu Kerberos V5
 Name:          heimdal
 Version:       1.4
-Release:       8
+Release:       9
 License:       Free
 Group:         Networking
 Source0:       http://www.h5l.org/dist/src/%{name}-%{version}.tar.gz
@@ -38,6 +38,7 @@
 Patch10:       %{name}-sbindir.patch
 Patch11:       %{name}-ntlm-digest.patch
 Patch12:       %{name}-krb5config-nosysdirs.patch
+Patch13:       %{name}-kcm.patch
 URL:           http://www.h5l.org/
 BuildRequires: autoconf >= 2.62
 BuildRequires: automake >= 1:1.10.3
@@ -367,6 +368,7 @@
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
 
 %build
 %{__rm} acinclude.m4 cf/{libtool,lt*}.m4
@@ -814,6 +816,10 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.221  2010/10/19 21:20:16  baggins
+- rel 9
+- pull "make kcm work on *nix" fixes from upstream
+
 Revision 1.220  2010/10/18 16:22:09  baggins
 - rel 8
 - fix missing symbol in libkrb5

================================================================
Index: packages/heimdal/heimdal-kcm.patch
diff -u /dev/null packages/heimdal/heimdal-kcm.patch:1.4
--- /dev/null   Tue Oct 19 23:20:21 2010
+++ packages/heimdal/heimdal-kcm.patch  Tue Oct 19 23:20:16 2010
@@ -0,0 +1,285 @@
+diff --git a/kcm/cache.c b/kcm/cache.c
+index 8a27ba0..d0a5b6f 100644
+--- a/kcm/cache.c
++++ b/kcm/cache.c
+@@ -428,6 +428,8 @@ kcm_release_ccache(krb5_context context, kcm_ccache c)
+ 
+     HEIMDAL_MUTEX_lock(&c->mutex);
+     if (c->refcnt == 1) {
++      kcm_free_ccache_data_internal(context, c);
++      free(c);
+     } else {
+       c->refcnt--;
+       HEIMDAL_MUTEX_unlock(&c->mutex);
+diff --git a/kcm/protocol.c b/kcm/protocol.c
+index de65599..a019edd 100644
+--- a/kcm/protocol.c
++++ b/kcm/protocol.c
+@@ -948,6 +948,13 @@ kcm_op_move_cache(krb5_context context,
+       return ret;
+     }
+ 
++    /* move to ourself is simple, done! */
++    if (strcmp(oldname, newname) == 0) {
++      free(oldname);
++      free(newname);
++      return 0;
++    }
++
+     ret = kcm_ccache_resolve_client(context, client, opcode, oldname, &oldid);
+     if (ret) {
+       free(oldname);
+diff --git a/lib/ipc/hi_locl.h b/lib/ipc/hi_locl.h
+index b9a094f..1cbab32 100644
+--- a/lib/ipc/hi_locl.h
++++ b/lib/ipc/hi_locl.h
+@@ -49,6 +49,10 @@
+ #include <krb5-types.h>
+ #include <asn1-common.h>
+ 
++#ifdef HAVE_SYS_UN_H
++#include <sys/un.h>
++#endif
++
+ #include <base64.h>
+ 
+ #include <heim-ipc.h>
+diff --git a/lib/ipc/server.c b/lib/ipc/server.c
+index e2f771c..81127b7 100644
+--- a/lib/ipc/server.c
++++ b/lib/ipc/server.c
+@@ -456,6 +456,7 @@ struct client {
+ #define INHERIT_MASK  0xffff0000
+ #define INCLUDE_ERROR_CODE (1 << 16)
+ #define ALLOW_HTTP    (1<<17)
++#define UNIX_SOCKET   (1<<18)
+     unsigned calls;
+     size_t ptr, len;
+     uint8_t *inmsg;
+@@ -465,6 +466,11 @@ struct client {
+     dispatch_source_t in;
+     dispatch_source_t out;
+ #endif
++    struct {
++      uid_t uid;
++      gid_t gid;
++      pid_t pid;
++    } unixrights;
+ };
+ 
+ #ifndef HAVE_GCD
+@@ -476,6 +482,132 @@ static void handle_read(struct client *);
+ static void handle_write(struct client *);
+ static int maybe_close(struct client *);
+ 
++/*
++ * Update peer credentials from socket.
++ *
++ * SCM_CREDS can only be updated the first time there is read data to
++ * read from the filedescriptor, so if we read do it before this
++ * point, the cred data might not be is not there yet.
++ */
++
++static int
++update_client_creds(struct client *c)
++{
++#ifdef HAVE_GETPEERUCRED
++    /* Solaris 10 */
++    {
++      ucred_t *peercred;
++      
++      if (getpeerucred(c->fd, &peercred) != 0) {
++          c->unixrights.uid = ucred_geteuid(peercred);
++          c->unixrights.gid = ucred_getegid(peercred);
++          c->unixrights.pid = 0;
++          ucred_free(peercred);
++          return 1;
++      }
++    }
++#endif
++#ifdef HAVE_GETPEEREID
++    /* FreeBSD, OpenBSD */
++    {
++      uid_t uid;
++      gid_t gid;
++
++      if (getpeereid(c->fd, &uid, &gid) == 0) {
++          c->unixrights.uid = uid;
++          c->unixrights.gid = gid;
++          c->unixrights.pid = 0;
++          return 1;
++      }
++    }
++#endif
++#ifdef SO_PEERCRED
++    /* Linux */
++    {
++      struct ucred pc;
++      socklen_t pclen = sizeof(pc);
++
++      if (getsockopt(c->fd, SOL_SOCKET, SO_PEERCRED, (void *)&pc, &pclen) == 
0) {
++          c->unixrights.uid = pc.uid;
++          c->unixrights.gid = pc.gid;
++          c->unixrights.pid = pc.pid;
++          return 1;
++      }
++    }
++#endif
++#if defined(LOCAL_PEERCRED) && defined(XUCRED_VERSION)
++    {
++      struct xucred peercred;
++      socklen_t peercredlen = sizeof(peercred);
++
++      if (getsockopt(c->fd, LOCAL_PEERCRED, 1,
++                     (void *)&peercred, &peercredlen) == 0
++          && peercred.cr_version == XUCRED_VERSION)
++      {
++          c->unixrights.uid = peercred.cr_uid;
++          c->unixrights.gid = peercred.cr_gid;
++          c->unixrights.pid = 0;
++          return 1;
++      }
++    }
++#endif
++#if defined(SOCKCREDSIZE) && defined(SCM_CREDS)
++    /* NetBSD */
++    if (c->unixrights.uid == -1) {
++      struct msghdr msg;
++      socklen_t crmsgsize;
++      void *crmsg;
++      struct cmsghdr *cmp;
++      struct sockcred *sc;
++      
++      memset(&msg, 0, sizeof(msg));
++      crmsgsize = CMSG_SPACE(SOCKCREDSIZE(NGROUPS));
++      if (crmsgsize == 0)
++          return 1 ;
++
++      crmsg = malloc(crmsgsize);
++      if (crmsg == NULL)
++          goto failed_scm_creds;
++
++      memset(crmsg, 0, crmsgsize);
++      
++      msg.msg_control = crmsg;
++      msg.msg_controllen = crmsgsize;
++      
++      if (recvmsg(c->fd, &msg, 0) < 0) {
++          free(crmsg);
++          goto failed_scm_creds;
++      }       
++      
++      if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) {
++          free(crmsg);
++          goto failed_scm_creds;
++      }       
++      
++      cmp = CMSG_FIRSTHDR(&msg);
++      if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) {
++          free(crmsg);
++          goto failed_scm_creds;
++      }       
++      
++      sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
++      
++      c->unixrights.uid = sc->sc_euid;
++      c->unixrights.gid = sc->sc_egid;
++      c->unixrights.pid = 0;
++      
++      free(crmsg);
++      return 1;
++    } else {
++      /* we already got the cred, just return it */
++      return 1;
++    }
++ failed_scm_creds:
++#endif
++    return 0;
++}
++
++
+ static struct client *
+ add_new_socket(int fd,
+              int flags,
+@@ -569,6 +701,7 @@ maybe_close(struct client *c)
+ struct socket_call {
+     heim_idata in;
+     struct client *c;
++    heim_icred cred;
+ };
+ 
+ static void
+@@ -616,7 +749,8 @@ socket_complete(heim_sipc_call ctx, int returnvalue, 
heim_idata *reply)
+     }
+ 
+     c->calls--;
+-
++    if (sc->cred)
++      heim_ipc_free_cred(sc->cred);
+     free(sc->in.data);
+     sc->c = NULL; /* so we can catch double complete */
+     free(sc);
+@@ -782,7 +916,7 @@ handle_read(struct client *c)
+               c->flags &= ~WAITING_READ;
+               return;
+           }
+-          if (dlen < c->ptr - sizeof(dlen)) {
++          if (dlen > c->ptr - sizeof(dlen)) {
+               break;
+           }
+       
+@@ -799,8 +933,15 @@ handle_read(struct client *c)
+       }
+       
+       c->calls++;
++
++      if ((c->flags & UNIX_SOCKET) != 0) {
++          if (update_client_creds(c))
++              _heim_ipc_create_cred(c->unixrights.uid, c->unixrights.gid, 
++                                    c->unixrights.pid, -1, &cs->cred);
++      }
++
+       c->callback(c->userctx, &cs->in,
+-                  NULL, socket_complete,
++                  cs->cred, socket_complete,
+                   (heim_sipc_call)cs);
+     }
+ }
+@@ -924,6 +1065,11 @@ heim_sipc_stream_listener(int fd, int type,
+ 
+     ct->mech = c;
+     ct->release = socket_release;
++
++    c->unixrights.uid = (uid_t) -1;
++    c->unixrights.gid = (gid_t) -1;
++    c->unixrights.pid = (pid_t) 0;
++
+     *ctx = ct;
+     return 0;
+ }
+@@ -934,7 +1080,7 @@ heim_sipc_service_unix(const char *service,
+                      void *user, heim_sipc *ctx)
+ {
+     struct sockaddr_un un;
+-    int fd;
++    int fd, ret;
+ 
+     un.sun_family = AF_UNIX;
+ 
+@@ -966,8 +1112,14 @@ heim_sipc_service_unix(const char *service,
+ 
+     chmod(un.sun_path, 0666);
+ 
+-    return heim_sipc_stream_listener(fd, HEIM_SIPC_TYPE_IPC,
+-                                   callback, user, ctx);
++    ret = heim_sipc_stream_listener(fd, HEIM_SIPC_TYPE_IPC,
++                                  callback, user, ctx);
++    if (ret == 0) {
++      struct client *c = (*ctx)->mech;
++      c->flags |= UNIX_SOCKET;
++    }
++
++    return ret;
+ }
+ 
+ /**
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/heimdal/heimdal.spec?r1=1.220&r2=1.221&f=u
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/heimdal/heimdal-kcm.patch?r1=1.3&r2=1.4&f=u

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

packages: heimdal/heimdal.spec, heimdal/heimdal-kcm.patch - rel 9 - pull "m...

Reply via email to