Bug#709632: gssd: Ignore a preferred_realm specified via the -R option
Package: nfs-common
Version: 1:1.2.2-4squeeze2
Severity: normal
Tags: patch
gssd ignores a preferred_realm specified via the -R command line option.
The attached patch fixes this problem and has already been sent to linux-nfs upstream.
This problem affects all Debian suites.
Will there be a fix for Squeeze and Wheezy?
-- System Information:
Debian Release: 6.0.7
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages nfs-common depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii initscripts 2.88dsf-13.1+squeeze1 scripts for initializing and shutt
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libcap2 1:2.19-3 support for getting/setting POSIX.
ii libcomerr2 1.41.12-4stable1 common error description library
ii libevent-1.4-2 1.4.13-stable-1 An asynchronous event notification
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries - k
ii libgssglue1 0.1-4 mechanism-switch gssapi library
ii libk5crypto3 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries
ii libnfsidmap2 0.23-2 An nfs idmapping library
ii librpcsecgss3 0.19-2 allows secure rpc communication us
ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii netbase 4.45 Basic TCP/IP networking system
ii portmap 6.0.0-2 RPC port mapper
ii ucf 3.0025+nmu1 Update Configuration File: preserv
nfs-common recommends no packages.
nfs-common suggests no packages.
-- no debconf information
commit 722bd62d1e6a9d38db57e919d914a371e67d804d
Author: Maximilian Wilhelm <max@rfc2324.org>
Date: Fri May 24 14:46:41 2013 +0200
Fix handling of preferred realm command line option.
The current implementation ignores any preferred realm specified on the
command line. Fix this behaviour and make sure the preferred realm is
used as first realm when trying to acquire a keytab entry.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Signed-off-by: Frederik Moellers <frederik.moellers@upb.de>
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6275dd8..fb706a8 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -852,11 +852,18 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
}
/*
- * Try the "appropriate" realm first, and if nothing found for that
- * realm, try the default realm (if it hasn't already been tried).
+ * Make sure the preferred_realm (which may have been explicitly set
+ * on the command line, is tried first. If nothing is found go on with
+ * the host and local default realm (if that hasn't already been tried).
*/
i = 0;
realm = realmnames[i];
+
+ if (strcmp (realm, preferred_realm) != 0) {
+ realm = preferred_realm;
+ i = -1;
+ }
+
while (1) {
if (realm == NULL) {
tried_all = 1;
Reply to: