[arch-commits] Commit in krb5/repos (14 files)

Stéphane Gaudreault stephane at archlinux.org
Sun Nov 6 13:03:26 UTC 2011


    Date: Sunday, November 6, 2011 @ 08:03:25
  Author: stephane
Revision: 142223

db-move: moved krb5 from [testing] to [core] (x86_64)

Added:
  krb5/repos/core-x86_64/PKGBUILD
    (from rev 142221, krb5/repos/testing-x86_64/PKGBUILD)
  krb5/repos/core-x86_64/krb5-1.9.1-2011-006.patch
    (from rev 142221, krb5/repos/testing-x86_64/krb5-1.9.1-2011-006.patch)
  krb5/repos/core-x86_64/krb5-1.9.1-canonicalize-fallback.patch
    (from rev 142221, krb5/repos/testing-x86_64/krb5-1.9.1-canonicalize-fallback.patch)
  krb5/repos/core-x86_64/krb5-1.9.1-config-script.patch
    (from rev 142221, krb5/repos/testing-x86_64/krb5-1.9.1-config-script.patch)
  krb5/repos/core-x86_64/krb5-kadmind
    (from rev 142221, krb5/repos/testing-x86_64/krb5-kadmind)
  krb5/repos/core-x86_64/krb5-kdc
    (from rev 142221, krb5/repos/testing-x86_64/krb5-kdc)
  krb5/repos/core-x86_64/krb5-kpropd
    (from rev 142221, krb5/repos/testing-x86_64/krb5-kpropd)
Deleted:
  krb5/repos/core-x86_64/PKGBUILD
  krb5/repos/core-x86_64/krb5-1.9.1-2011-006.patch
  krb5/repos/core-x86_64/krb5-1.9.1-canonicalize-fallback.patch
  krb5/repos/core-x86_64/krb5-1.9.1-config-script.patch
  krb5/repos/core-x86_64/krb5-kadmind
  krb5/repos/core-x86_64/krb5-kdc
  krb5/repos/testing-x86_64/

----------------------------------------+
 PKGBUILD                               |  174 ++++++++++++++-----------------
 krb5-1.9.1-2011-006.patch              |  150 +++++++++++++-------------
 krb5-1.9.1-canonicalize-fallback.patch |  116 ++++++++++----------
 krb5-1.9.1-config-script.patch         |   54 ++++-----
 krb5-kadmind                           |   80 +++++++-------
 krb5-kdc                               |   80 +++++++-------
 krb5-kpropd                            |   40 +++++++
 7 files changed, 363 insertions(+), 331 deletions(-)

Deleted: core-x86_64/PKGBUILD
===================================================================
--- core-x86_64/PKGBUILD	2011-11-06 13:03:24 UTC (rev 142222)
+++ core-x86_64/PKGBUILD	2011-11-06 13:03:25 UTC (rev 142223)
@@ -1,91 +0,0 @@
-# $Id$
-# Maintainer: Stéphane Gaudreault <stephane at archlinux.org>
-
-pkgname=krb5
-pkgver=1.9.1
-pkgrel=5
-pkgdesc="The Kerberos network authentication system"
-arch=('i686' 'x86_64')
-url="http://web.mit.edu/kerberos/"
-license=('custom')
-depends=('e2fsprogs' 'libldap' 'keyutils')
-makedepends=('perl')
-provides=('heimdal')
-replaces=('heimdal')
-conflicts=('heimdal')
-backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf')
-source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.9/${pkgname}-${pkgver}-signed.tar
-        krb5-kadmind
-        krb5-kdc
-        krb5-1.9.1-config-script.patch
-        krb5-1.9.1-canonicalize-fallback.patch
-        krb5-1.9.1-2011-006.patch)
-sha1sums=('e23a1795a237521493da9cf3443ac8b98a90c066'
-          '2aa229369079ed1bbb201a1ef72c47bf143f4dbe'
-          '77d2312ecd8bf12a6e72cc8fd871a8ac93b23393'
-          '7342410760cf44bfa01bb99bb4c49e12496cb46f'
-          '238c268fa6cb42fc7324ab54db9abda5cd77f833'
-          '0b0016b0e341dcf720f67925b0d451b328e02583')
-options=('!emptydirs')
-
-build() {
-   tar zxvf ${pkgname}-${pkgver}.tar.gz
-   cd "${srcdir}/${pkgname}-${pkgver}/src"
-
-   # - Make krb5-config suppress CFLAGS output when called with --libs
-   #   cf https://bugzilla.redhat.com/show_bug.cgi?id=544391
-   #
-   # - Omit extra libraries because their interfaces are not exposed to applications
-   #   by libkrb5, unless do_deps is set to 1, which indicates that the caller
-   #   wants the whole list.
-   #
-   #   Patch from upstream : 
-   #   http://anonsvn.mit.edu/viewvc/krb5/trunk/src/krb5-config.in?r1=23662&r2=25236
-   patch -Np2 -i ${srcdir}/krb5-1.9.1-config-script.patch
-
-   # FS#25515
-   patch -Np2 -i ${srcdir}/krb5-1.9.1-canonicalize-fallback.patch
-
-   # FS#25384
-   sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
-
-   # KDC denial of service vulnerabilities
-   # http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
-   patch -Np2 -i ${srcdir}/krb5-1.9.1-2011-006.patch
-
-   export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
-   export CPPFLAGS+=" -I/usr/include/et"
-   ./configure --prefix=/usr \
-               --mandir=/usr/share/man \
-               --localstatedir=/var/lib \
-               --enable-shared \
-               --with-system-et \
-               --with-system-ss \
-               --disable-rpath \
-               --without-tcl \
-               --enable-dns-for-realm \
-               --with-ldap
-   make
-}
-
-package() {
-   cd "${srcdir}/${pkgname}-${pkgver}/src"
-   make DESTDIR="${pkgdir}" EXAMPLEDIR="/usr/share/doc/${pkgname}/examples" install
-
-   # Sample KDC config file
-   install -dm 755 "${pkgdir}"/var/lib/krb5kdc
-   install -pm 644 config-files/kdc.conf "${pkgdir}"/var/lib/krb5kdc/kdc.conf
-
-   # Default configuration file
-   install -dm 755 "${pkgdir}"/etc
-   install -pm 644 config-files/krb5.conf "${pkgdir}"/etc/krb5.conf
-
-   install -dm 755 "${pkgdir}"/etc/rc.d
-   install -m 755 ../../krb5-kdc "${pkgdir}"/etc/rc.d
-   install -m 755 ../../krb5-kadmind  "${pkgdir}"/etc/rc.d
-
-   install -dm 755 "${pkgdir}"/usr/share/aclocal
-   install -m 644 util/ac_check_krb5.m4 "${pkgdir}"/usr/share/aclocal
-
-   install -Dm644 "${srcdir}"/${pkgname}-${pkgver}/NOTICE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
-}

Copied: krb5/repos/core-x86_64/PKGBUILD (from rev 142221, krb5/repos/testing-x86_64/PKGBUILD)
===================================================================
--- core-x86_64/PKGBUILD	                        (rev 0)
+++ core-x86_64/PKGBUILD	2011-11-06 13:03:25 UTC (rev 142223)
@@ -0,0 +1,83 @@
+# $Id$
+# Maintainer: Stéphane Gaudreault <stephane at archlinux.org>
+
+pkgname=krb5
+pkgver=1.9.2
+pkgrel=1
+pkgdesc="The Kerberos network authentication system"
+arch=('i686' 'x86_64')
+url="http://web.mit.edu/kerberos/"
+license=('custom')
+depends=('e2fsprogs' 'libldap' 'keyutils')
+makedepends=('perl')
+provides=('heimdal')
+replaces=('heimdal')
+conflicts=('heimdal')
+backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf')
+source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.9/${pkgname}-${pkgver}-signed.tar
+        krb5-kadmind
+        krb5-kdc
+        krb5-kpropd
+        krb5-1.9.1-config-script.patch)
+sha1sums=('aa06f778ee1f9791cd4c5cf4c9e9465769ffec92'
+          '2aa229369079ed1bbb201a1ef72c47bf143f4dbe'
+          '77d2312ecd8bf12a6e72cc8fd871a8ac93b23393'
+          '7f402078fa65bb9ff1beb6cbbbb017450df78560'
+          '7342410760cf44bfa01bb99bb4c49e12496cb46f')
+options=('!emptydirs')
+
+build() {
+   tar zxvf ${pkgname}-${pkgver}.tar.gz
+   cd "${srcdir}/${pkgname}-${pkgver}/src"
+
+   # - Make krb5-config suppress CFLAGS output when called with --libs
+   #   cf https://bugzilla.redhat.com/show_bug.cgi?id=544391
+   #
+   # - Omit extra libraries because their interfaces are not exposed to applications
+   #   by libkrb5, unless do_deps is set to 1, which indicates that the caller
+   #   wants the whole list.
+   #
+   #   Patch from upstream : 
+   #   http://anonsvn.mit.edu/viewvc/krb5/trunk/src/krb5-config.in?r1=23662&r2=25236
+   patch -Np2 -i ${srcdir}/krb5-1.9.1-config-script.patch
+
+   # FS#25384
+   sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
+
+   export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
+   export CPPFLAGS+=" -I/usr/include/et"
+   ./configure --prefix=/usr \
+               --mandir=/usr/share/man \
+               --localstatedir=/var/lib \
+               --enable-shared \
+               --with-system-et \
+               --with-system-ss \
+               --disable-rpath \
+               --without-tcl \
+               --enable-dns-for-realm \
+               --with-ldap
+   make
+}
+
+package() {
+   cd "${srcdir}/${pkgname}-${pkgver}/src"
+   make DESTDIR="${pkgdir}" EXAMPLEDIR="/usr/share/doc/${pkgname}/examples" install
+
+   # Sample KDC config file
+   install -dm 755 "${pkgdir}"/var/lib/krb5kdc
+   install -pm 644 config-files/kdc.conf "${pkgdir}"/var/lib/krb5kdc/kdc.conf
+
+   # Default configuration file
+   install -dm 755 "${pkgdir}"/etc
+   install -pm 644 config-files/krb5.conf "${pkgdir}"/etc/krb5.conf
+
+   install -dm 755 "${pkgdir}"/etc/rc.d
+   install -m 755 ../../krb5-kdc      "${pkgdir}"/etc/rc.d
+   install -m 755 ../../krb5-kadmind  "${pkgdir}"/etc/rc.d
+   install -m 755 ../../krb5-kpropd   "${pkgdir}"/etc/rc.d
+
+   install -dm 755 "${pkgdir}"/usr/share/aclocal
+   install -m 644 util/ac_check_krb5.m4 "${pkgdir}"/usr/share/aclocal
+
+   install -Dm644 "${srcdir}"/${pkgname}-${pkgver}/NOTICE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
+}

Deleted: core-x86_64/krb5-1.9.1-2011-006.patch
===================================================================
--- core-x86_64/krb5-1.9.1-2011-006.patch	2011-11-06 13:03:24 UTC (rev 142222)
+++ core-x86_64/krb5-1.9.1-2011-006.patch	2011-11-06 13:03:25 UTC (rev 142223)
@@ -1,75 +0,0 @@
-diff --git a/src/plugins/kdb/db2/lockout.c b/src/plugins/kdb/db2/lockout.c
-index b473611..50c60b7 100644
---- a/src/plugins/kdb/db2/lockout.c
-+++ b/src/plugins/kdb/db2/lockout.c
-@@ -169,6 +169,9 @@ krb5_db2_lockout_audit(krb5_context context,
-         return 0;
-     }
- 
-+    if (entry == NULL)
-+        return 0;
-+
-     if (!db_ctx->disable_lockout) {
-         code = lookup_lockout_policy(context, entry, &max_fail,
-                                      &failcnt_interval, &lockout_duration);
-@@ -176,6 +179,15 @@ krb5_db2_lockout_audit(krb5_context context,
-             return code;
-     }
- 
-+    /*
-+     * Don't continue to modify the DB for an already locked account.
-+     * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
-+     * this check is unneeded, but in rare cases, we can fail with an
-+     * integrity error or preauth failure before a policy check.)
-+     */
-+    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
-+        return 0;
-+
-     /* Only mark the authentication as successful if the entry
-      * required preauthentication, otherwise we have no idea. */
-     if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) {
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-index 552e39a..c2f44ab 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-@@ -105,6 +105,7 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
-     CHECK_LDAP_HANDLE(ldap_context);
- 
-     if (is_principal_in_realm(ldap_context, searchfor) != 0) {
-+        st = KRB5_KDB_NOENTRY;
-         krb5_set_error_message (context, st, "Principal does not belong to realm");
-         goto cleanup;
-     }
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
-index a218dc7..fd164dd 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
-@@ -165,6 +165,9 @@ krb5_ldap_lockout_audit(krb5_context context,
-         return 0;
-     }
- 
-+    if (entry == NULL)
-+        return 0;
-+
-     if (!ldap_context->disable_lockout) {
-         code = lookup_lockout_policy(context, entry, &max_fail,
-                                      &failcnt_interval,
-@@ -173,9 +176,16 @@ krb5_ldap_lockout_audit(krb5_context context,
-             return code;
-     }
- 
--    entry->mask = 0;
-+    /*
-+     * Don't continue to modify the DB for an already locked account.
-+     * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
-+     * this check is unneeded, but in rare cases, we can fail with an
-+     * integrity error or preauth failure before a policy check.)
-+     */
-+    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
-+        return 0;
- 
--    assert (!locked_check_p(context, stamp, max_fail, lockout_duration, entry));
-+    entry->mask = 0;
- 
-     /* Only mark the authentication as successful if the entry
-      * required preauthentication, otherwise we have no idea. */

Copied: krb5/repos/core-x86_64/krb5-1.9.1-2011-006.patch (from rev 142221, krb5/repos/testing-x86_64/krb5-1.9.1-2011-006.patch)
===================================================================
--- core-x86_64/krb5-1.9.1-2011-006.patch	                        (rev 0)
+++ core-x86_64/krb5-1.9.1-2011-006.patch	2011-11-06 13:03:25 UTC (rev 142223)
@@ -0,0 +1,75 @@
+diff --git a/src/plugins/kdb/db2/lockout.c b/src/plugins/kdb/db2/lockout.c
+index b473611..50c60b7 100644
+--- a/src/plugins/kdb/db2/lockout.c
++++ b/src/plugins/kdb/db2/lockout.c
+@@ -169,6 +169,9 @@ krb5_db2_lockout_audit(krb5_context context,
+         return 0;
+     }
+ 
++    if (entry == NULL)
++        return 0;
++
+     if (!db_ctx->disable_lockout) {
+         code = lookup_lockout_policy(context, entry, &max_fail,
+                                      &failcnt_interval, &lockout_duration);
+@@ -176,6 +179,15 @@ krb5_db2_lockout_audit(krb5_context context,
+             return code;
+     }
+ 
++    /*
++     * Don't continue to modify the DB for an already locked account.
++     * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
++     * this check is unneeded, but in rare cases, we can fail with an
++     * integrity error or preauth failure before a policy check.)
++     */
++    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
++        return 0;
++
+     /* Only mark the authentication as successful if the entry
+      * required preauthentication, otherwise we have no idea. */
+     if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) {
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+index 552e39a..c2f44ab 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+@@ -105,6 +105,7 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
+     CHECK_LDAP_HANDLE(ldap_context);
+ 
+     if (is_principal_in_realm(ldap_context, searchfor) != 0) {
++        st = KRB5_KDB_NOENTRY;
+         krb5_set_error_message (context, st, "Principal does not belong to realm");
+         goto cleanup;
+     }
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
+index a218dc7..fd164dd 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
+@@ -165,6 +165,9 @@ krb5_ldap_lockout_audit(krb5_context context,
+         return 0;
+     }
+ 
++    if (entry == NULL)
++        return 0;
++
+     if (!ldap_context->disable_lockout) {
+         code = lookup_lockout_policy(context, entry, &max_fail,
+                                      &failcnt_interval,
+@@ -173,9 +176,16 @@ krb5_ldap_lockout_audit(krb5_context context,
+             return code;
+     }
+ 
+-    entry->mask = 0;
++    /*
++     * Don't continue to modify the DB for an already locked account.
++     * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
++     * this check is unneeded, but in rare cases, we can fail with an
++     * integrity error or preauth failure before a policy check.)
++     */
++    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
++        return 0;
+ 
+-    assert (!locked_check_p(context, stamp, max_fail, lockout_duration, entry));
++    entry->mask = 0;
+ 
+     /* Only mark the authentication as successful if the entry
+      * required preauthentication, otherwise we have no idea. */

Deleted: core-x86_64/krb5-1.9.1-canonicalize-fallback.patch
===================================================================
--- core-x86_64/krb5-1.9.1-canonicalize-fallback.patch	2011-11-06 13:03:24 UTC (rev 142222)
+++ core-x86_64/krb5-1.9.1-canonicalize-fallback.patch	2011-11-06 13:03:25 UTC (rev 142223)
@@ -1,58 +0,0 @@
-diff -Naur krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c krb5-1.9.1/src/lib/krb5/krb/get_creds.c
---- krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c	2011-02-09 16:55:36.000000000 -0500
-+++ krb5-1.9.1/src/lib/krb5/krb/get_creds.c	2011-09-26 18:42:01.465190278 -0400
-@@ -470,13 +470,10 @@
- 
- /***** STATE_REFERRALS *****/
- 
--/*
-- * Possibly retry a request in the fallback realm after a referral request
-- * failure in the local realm.  Expects ctx->reply_code to be set to the error
-- * from a referral request.
-- */
-+/* Possibly try a non-referral request after a referral request failure.
-+ * Expects ctx->reply_code to be set to the error from a referral request. */
- static krb5_error_code
--try_fallback_realm(krb5_context context, krb5_tkt_creds_context ctx)
-+try_fallback(krb5_context context, krb5_tkt_creds_context ctx)
- {
-     krb5_error_code code;
-     char **hrealms;
-@@ -485,9 +482,10 @@
-     if (ctx->referral_count > 1)
-         return ctx->reply_code;
- 
--    /* Only fall back if the original request used the referral realm. */
-+    /* If the request used a specified realm, make a non-referral request to
-+     * that realm (in case it's a KDC which rejects KDC_OPT_CANONICALIZE). */
-     if (!krb5_is_referral_realm(&ctx->req_server->realm))
--        return ctx->reply_code;
-+        return begin_non_referral(context, ctx);
- 
-     if (ctx->server->length < 2) {
-         /* We need a type/host format principal to find a fallback realm. */
-@@ -500,10 +498,10 @@
-     if (code != 0)
-         return code;
- 
--    /* Give up if the fallback realm isn't any different. */
-+    /* If the fallback realm isn't any different, use the existing TGT. */
-     if (data_eq_string(ctx->server->realm, hrealms[0])) {
-         krb5_free_host_realm(context, hrealms);
--        return ctx->reply_code;
-+        return begin_non_referral(context, ctx);
-     }
- 
-     /* Rewrite server->realm to be the fallback realm. */
-@@ -540,9 +538,9 @@
-     krb5_error_code code;
-     const krb5_data *referral_realm;
- 
--    /* Possibly retry with the fallback realm on error. */
-+    /* Possibly try a non-referral fallback request on error. */
-     if (ctx->reply_code != 0)
--        return try_fallback_realm(context, ctx);
-+        return try_fallback(context, ctx);
- 
-     if (krb5_principal_compare(context, ctx->reply_creds->server,
-                                ctx->server)) {

Copied: krb5/repos/core-x86_64/krb5-1.9.1-canonicalize-fallback.patch (from rev 142221, krb5/repos/testing-x86_64/krb5-1.9.1-canonicalize-fallback.patch)
===================================================================
--- core-x86_64/krb5-1.9.1-canonicalize-fallback.patch	                        (rev 0)
+++ core-x86_64/krb5-1.9.1-canonicalize-fallback.patch	2011-11-06 13:03:25 UTC (rev 142223)
@@ -0,0 +1,58 @@
+diff -Naur krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c krb5-1.9.1/src/lib/krb5/krb/get_creds.c
+--- krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c	2011-02-09 16:55:36.000000000 -0500
++++ krb5-1.9.1/src/lib/krb5/krb/get_creds.c	2011-09-26 18:42:01.465190278 -0400
+@@ -470,13 +470,10 @@
+ 
+ /***** STATE_REFERRALS *****/
+ 
+-/*
+- * Possibly retry a request in the fallback realm after a referral request
+- * failure in the local realm.  Expects ctx->reply_code to be set to the error
+- * from a referral request.
+- */
++/* Possibly try a non-referral request after a referral request failure.
++ * Expects ctx->reply_code to be set to the error from a referral request. */
+ static krb5_error_code
+-try_fallback_realm(krb5_context context, krb5_tkt_creds_context ctx)
++try_fallback(krb5_context context, krb5_tkt_creds_context ctx)
+ {
+     krb5_error_code code;
+     char **hrealms;
+@@ -485,9 +482,10 @@
+     if (ctx->referral_count > 1)
+         return ctx->reply_code;
+ 
+-    /* Only fall back if the original request used the referral realm. */
++    /* If the request used a specified realm, make a non-referral request to
++     * that realm (in case it's a KDC which rejects KDC_OPT_CANONICALIZE). */
+     if (!krb5_is_referral_realm(&ctx->req_server->realm))
+-        return ctx->reply_code;
++        return begin_non_referral(context, ctx);
+ 
+     if (ctx->server->length < 2) {
+         /* We need a type/host format principal to find a fallback realm. */
+@@ -500,10 +498,10 @@
+     if (code != 0)
+         return code;
+ 
+-    /* Give up if the fallback realm isn't any different. */
++    /* If the fallback realm isn't any different, use the existing TGT. */
+     if (data_eq_string(ctx->server->realm, hrealms[0])) {
+         krb5_free_host_realm(context, hrealms);
+-        return ctx->reply_code;
++        return begin_non_referral(context, ctx);
+     }
+ 
+     /* Rewrite server->realm to be the fallback realm. */
+@@ -540,9 +538,9 @@
+     krb5_error_code code;
+     const krb5_data *referral_realm;
+ 
+-    /* Possibly retry with the fallback realm on error. */
++    /* Possibly try a non-referral fallback request on error. */
+     if (ctx->reply_code != 0)
+-        return try_fallback_realm(context, ctx);
++        return try_fallback(context, ctx);
+ 
+     if (krb5_principal_compare(context, ctx->reply_creds->server,
+                                ctx->server)) {

Deleted: core-x86_64/krb5-1.9.1-config-script.patch
===================================================================
--- core-x86_64/krb5-1.9.1-config-script.patch	2011-11-06 13:03:24 UTC (rev 142222)
+++ core-x86_64/krb5-1.9.1-config-script.patch	2011-11-06 13:03:25 UTC (rev 142223)
@@ -1,27 +0,0 @@
-diff -Naur krb5-1.9.1.ori/src/krb5-config.in krb5-1.9.1/src/krb5-config.in
---- krb5-1.9.1.ori/src/krb5-config.in	2010-01-19 13:44:57.000000000 -0500
-+++ krb5-1.9.1/src/krb5-config.in	2011-09-26 18:27:09.018487087 -0400
-@@ -186,7 +186,7 @@
- 	    -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
- 	    -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
- 	    -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
--	    -e 's#\$(CFLAGS)#'"$CFLAGS"'#'`
-+	    -e 's#\$(CFLAGS)##'`
- 
-     if test $library = 'kdb'; then
- 	lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
-@@ -214,9 +214,13 @@
-     fi
- 
-     if test $library = 'krb5'; then
--	lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
-+	lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err"
-     fi
- 
-+    # If we ever support a flag to generate output suitable for static
-+    # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
-+    # here.
-+
-     echo $lib_flags
- fi
- 

Copied: krb5/repos/core-x86_64/krb5-1.9.1-config-script.patch (from rev 142221, krb5/repos/testing-x86_64/krb5-1.9.1-config-script.patch)
===================================================================
--- core-x86_64/krb5-1.9.1-config-script.patch	                        (rev 0)
+++ core-x86_64/krb5-1.9.1-config-script.patch	2011-11-06 13:03:25 UTC (rev 142223)
@@ -0,0 +1,27 @@
+diff -Naur krb5-1.9.1.ori/src/krb5-config.in krb5-1.9.1/src/krb5-config.in
+--- krb5-1.9.1.ori/src/krb5-config.in	2010-01-19 13:44:57.000000000 -0500
++++ krb5-1.9.1/src/krb5-config.in	2011-09-26 18:27:09.018487087 -0400
+@@ -186,7 +186,7 @@
+ 	    -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
+ 	    -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
+ 	    -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
+-	    -e 's#\$(CFLAGS)#'"$CFLAGS"'#'`
++	    -e 's#\$(CFLAGS)##'`
+ 
+     if test $library = 'kdb'; then
+ 	lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
+@@ -214,9 +214,13 @@
+     fi
+ 
+     if test $library = 'krb5'; then
+-	lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
++	lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err"
+     fi
+ 
++    # If we ever support a flag to generate output suitable for static
++    # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
++    # here.
++
+     echo $lib_flags
+ fi
+ 

Deleted: core-x86_64/krb5-kadmind
===================================================================
--- core-x86_64/krb5-kadmind	2011-11-06 13:03:24 UTC (rev 142222)
+++ core-x86_64/krb5-kadmind	2011-11-06 13:03:25 UTC (rev 142223)
@@ -1,40 +0,0 @@
-#!/bin/bash
-
-# general config
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-PID=`pidof -o %PPID /usr/sbin/kadmind`
-case "$1" in
-    start)
-        stat_busy "Starting Kerberos Admin Daemon"
-        if [ -z "$PID" ]; then
-           /usr/sbin/kadmind
-        fi
-        if [ ! -z "$PID" -o $? -gt 0 ]; then
-            stat_fail
-        else
-            add_daemon krb5-kadmind
-            stat_done
-        fi
-        ;;
-    stop)
-        stat_busy "Stopping Kerberos Admin Daemon"
-	    [ ! -z "$PID" ] && kill $PID &> /dev/null
-        if [ $? -gt 0 ]; then
-            stat_fail
-        else
-            rm_daemon krb5-kadmind
-            stat_done
-        fi
-        ;;
-    restart)
-        $0 stop
-	sleep 1
-        $0 start
-        ;;
-    *)
-        echo "usage: $0 {start|stop|restart}"
-	;;
-esac
-exit 0

Copied: krb5/repos/core-x86_64/krb5-kadmind (from rev 142221, krb5/repos/testing-x86_64/krb5-kadmind)
===================================================================
--- core-x86_64/krb5-kadmind	                        (rev 0)
+++ core-x86_64/krb5-kadmind	2011-11-06 13:03:25 UTC (rev 142223)
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# general config
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+PID=`pidof -o %PPID /usr/sbin/kadmind`
+case "$1" in
+    start)
+        stat_busy "Starting Kerberos Admin Daemon"
+        if [ -z "$PID" ]; then
+           /usr/sbin/kadmind
+        fi
+        if [ ! -z "$PID" -o $? -gt 0 ]; then
+            stat_fail
+        else
+            add_daemon krb5-kadmind
+            stat_done
+        fi
+        ;;
+    stop)
+        stat_busy "Stopping Kerberos Admin Daemon"
+	    [ ! -z "$PID" ] && kill $PID &> /dev/null
+        if [ $? -gt 0 ]; then
+            stat_fail
+        else
+            rm_daemon krb5-kadmind
+            stat_done
+        fi
+        ;;
+    restart)
+        $0 stop
+	sleep 1
+        $0 start
+        ;;
+    *)
+        echo "usage: $0 {start|stop|restart}"
+	;;
+esac
+exit 0

Deleted: core-x86_64/krb5-kdc
===================================================================
--- core-x86_64/krb5-kdc	2011-11-06 13:03:24 UTC (rev 142222)
+++ core-x86_64/krb5-kdc	2011-11-06 13:03:25 UTC (rev 142223)
@@ -1,40 +0,0 @@
-#!/bin/bash
-
-# general config
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-PID=`pidof -o %PPID /usr/sbin/krb5kdc`
-case "$1" in
-    start)
-        stat_busy "Starting Kerberos Authentication"
-        if [ -z "$PID" ]; then
-           /usr/sbin/krb5kdc
-        fi
-        if [ ! -z "$PID" -o $? -gt 0 ]; then
-            stat_fail
-        else
-            add_daemon krb5-kdc
-            stat_done
-        fi
-        ;;
-    stop)
-        stat_busy "Stopping Kerberos Authentication"
-	    [ ! -z "$PID" ] && kill $PID &> /dev/null
-        if [ $? -gt 0 ]; then
-            stat_fail
-        else
-            rm_daemon krb5-kdc
-            stat_done
-        fi
-        ;;
-    restart)
-        $0 stop
-	sleep 1
-        $0 start
-        ;;
-    *)
-        echo "usage: $0 {start|stop|restart}"
-	;;
-esac
-exit 0

Copied: krb5/repos/core-x86_64/krb5-kdc (from rev 142221, krb5/repos/testing-x86_64/krb5-kdc)
===================================================================
--- core-x86_64/krb5-kdc	                        (rev 0)
+++ core-x86_64/krb5-kdc	2011-11-06 13:03:25 UTC (rev 142223)
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# general config
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+PID=`pidof -o %PPID /usr/sbin/krb5kdc`
+case "$1" in
+    start)
+        stat_busy "Starting Kerberos Authentication"
+        if [ -z "$PID" ]; then
+           /usr/sbin/krb5kdc
+        fi
+        if [ ! -z "$PID" -o $? -gt 0 ]; then
+            stat_fail
+        else
+            add_daemon krb5-kdc
+            stat_done
+        fi
+        ;;
+    stop)
+        stat_busy "Stopping Kerberos Authentication"
+	    [ ! -z "$PID" ] && kill $PID &> /dev/null
+        if [ $? -gt 0 ]; then
+            stat_fail
+        else
+            rm_daemon krb5-kdc
+            stat_done
+        fi
+        ;;
+    restart)
+        $0 stop
+	sleep 1
+        $0 start
+        ;;
+    *)
+        echo "usage: $0 {start|stop|restart}"
+	;;
+esac
+exit 0

Copied: krb5/repos/core-x86_64/krb5-kpropd (from rev 142221, krb5/repos/testing-x86_64/krb5-kpropd)
===================================================================
--- core-x86_64/krb5-kpropd	                        (rev 0)
+++ core-x86_64/krb5-kpropd	2011-11-06 13:03:25 UTC (rev 142223)
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# general config
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+PID=`pidof -o %PPID /usr/sbin/kpropd`
+case "$1" in
+    start)
+        stat_busy "Starting Kerberos Database Propagation Daemon"
+        if [ -z "$PID" ]; then
+           /usr/sbin/kpropd -S
+        fi
+        if [ ! -z "$PID" -o $? -gt 0 ]; then
+            stat_fail
+        else
+            add_daemon kpropd
+            stat_done
+        fi
+        ;;
+    stop)
+        stat_busy "Stopping Kerberos Database Propagation Daemon"
+	    [ ! -z "$PID" ] && kill $PID &> /dev/null
+        if [ $? -gt 0 ]; then
+            stat_fail
+        else
+            rm_daemon kpropd
+            stat_done
+        fi
+        ;;
+    restart)
+        $0 stop
+	sleep 1
+        $0 start
+        ;;
+    *)
+        echo "usage: $0 {start|stop|restart}"
+	;;
+esac
+exit 0




More information about the arch-commits mailing list