diff --git a/Pass-gss_localname-through-SPNEGO.patch b/Pass-gss_localname-through-SPNEGO.patch new file mode 100644 index 0000000..37aef38 --- /dev/null +++ b/Pass-gss_localname-through-SPNEGO.patch @@ -0,0 +1,58 @@ +From 646212314a580a8cdffdacda9cb3c8f806471b08 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Sun, 26 Apr 2020 19:55:54 -0400 +Subject: [PATCH] Pass gss_localname() through SPNEGO + +ticket: 8897 (new) +(cherry picked from commit f7b8a6432bd289bdc528017be122305f95b8e285) +--- + src/lib/gssapi/spnego/gssapiP_spnego.h | 8 ++++++++ + src/lib/gssapi/spnego/spnego_mech.c | 9 ++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h +index a93763314..066ec736f 100644 +--- a/src/lib/gssapi/spnego/gssapiP_spnego.h ++++ b/src/lib/gssapi/spnego/gssapiP_spnego.h +@@ -357,6 +357,14 @@ OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit + OM_uint32 *max_input_size + ); + ++OM_uint32 KRB5_CALLCONV spnego_gss_localname ++( ++ OM_uint32 *minor_status, ++ const gss_name_t pname, ++ const gss_const_OID mech_type, ++ gss_buffer_t localname ++); ++ + OM_uint32 KRB5_CALLCONV spnego_gss_get_mic + ( + OM_uint32 *minor_status, +diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +index 8e0c3a348..8d36a05e8 100644 +--- a/src/lib/gssapi/spnego/spnego_mech.c ++++ b/src/lib/gssapi/spnego/spnego_mech.c +@@ -237,7 +237,7 @@ static struct gss_config spnego_mechanism = + spnego_gss_inquire_context, /* gss_inquire_context */ + NULL, /* gss_internal_release_oid */ + spnego_gss_wrap_size_limit, /* gss_wrap_size_limit */ +- NULL, /* gssd_pname_to_uid */ ++ spnego_gss_localname, + NULL, /* gss_userok */ + NULL, /* gss_export_name */ + spnego_gss_duplicate_name, /* gss_duplicate_name */ +@@ -2371,6 +2371,13 @@ spnego_gss_wrap_size_limit( + return (ret); + } + ++OM_uint32 KRB5_CALLCONV ++spnego_gss_localname(OM_uint32 *minor_status, const gss_name_t pname, ++ const gss_const_OID mech_type, gss_buffer_t localname) ++{ ++ return gss_localname(minor_status, pname, GSS_C_NO_OID, localname); ++} ++ + OM_uint32 KRB5_CALLCONV + spnego_gss_get_mic( + OM_uint32 *minor_status, diff --git a/krb5.spec b/krb5.spec index 37089cc..03bfa71 100644 --- a/krb5.spec +++ b/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.18.1 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 1%{?dist} +Release: 3%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz @@ -56,6 +56,7 @@ Patch13: Add-finalization-safety-check-to-com_err.patch Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch Patch15: Correctly-import-service-GSS-host-based-name.patch Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch +Patch17: Pass-gss_localname-through-SPNEGO.patch License: MIT URL: https://web.mit.edu/kerberos/www/ @@ -80,18 +81,13 @@ BuildRequires: iproute BuildRequires: libverto-devel BuildRequires: openldap-devel BuildRequires: lmdb-devel +BuildRequires: nss_wrapper +BuildRequires: socket_wrapper # Need KDFs. This is the backported version BuildRequires: openssl-devel >= 1:1.1.1d-4 BuildRequires: openssl-devel < 1:3.0.0 -%ifarch %{ix86} x86_64 -BuildRequires: yasm -%endif - -BuildRequires: nss_wrapper -BuildRequires: socket_wrapper - %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure @@ -633,6 +629,12 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Tue Apr 28 2020 Robbie Harwood - 1.18.1-3 +- Pass gss_localname() through SPNEGO + +* Tue Apr 14 2020 Robbie Harwood - 1.18-1.1 +- Drop yasm requirement since we don't use builtin crypto + * Tue Apr 14 2020 Robbie Harwood - 1.18.1-1 - New upstream version (1.18.1)