X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=debian%2Fpatches%2F11-root-on-krb5-mounts.patch;fp=debian%2Fpatches%2F11-root-on-krb5-mounts.patch;h=a8c4d21dcb82ee9334bc451fe5c9a66e29b54716;hb=150ae7150fa0e8b2250c93c0eb406caa4bed5277;hp=0000000000000000000000000000000000000000;hpb=f9cfe7c8a02ef187e411d5019ee0b6fe266e0cb1;p=nfs-utils.git

diff --git a/debian/patches/11-root-on-krb5-mounts.patch b/debian/patches/11-root-on-krb5-mounts.patch
new file mode 100644
index 0000000..a8c4d21
--- /dev/null
+++ b/debian/patches/11-root-on-krb5-mounts.patch
@@ -0,0 +1,43 @@
+Index: nfs-utils-1.0.11~git-20060117/utils/gssd/krb5_util.c
+===================================================================
+--- nfs-utils-1.0.11~git-20060117.orig/utils/gssd/krb5_util.c
++++ nfs-utils-1.0.11~git-20060117/utils/gssd/krb5_util.c
+@@ -120,6 +120,9 @@
+ #include "gss_oids.h"
+ #include "krb5_util.h"
+ 
++#define GSSD_MACHINE_CRED_NAME "root"
++#define GSSD_MACHINE_CRED_NAME_LEN 4
++
+ /* Global list of principals/cache file names for machine credentials */
+ struct gssd_k5_kt_princ *gssd_k5_kt_princ_list = NULL;
+ 
+@@ -496,13 +499,13 @@ gssd_process_krb5_keytab(krb5_context co
+ 		printerr(2, "Processing keytab entry for principal '%s'\n",
+ 			 pname);
+ #ifdef HAVE_KRB5
+-		if ( (kte.principal->data[0].length == GSSD_SERVICE_NAME_LEN) &&
+-		     (strncmp(kte.principal->data[0].data, GSSD_SERVICE_NAME,
+-			      GSSD_SERVICE_NAME_LEN) == 0) &&
++		if ( (kte.principal->data[0].length == GSSD_MACHINE_CRED_NAME_LEN) &&
++		     (strncmp(kte.principal->data[0].data, GSSD_MACHINE_CRED_NAME,
++			      GSSD_MACHINE_CRED_NAME_LEN) == 0) &&
+ #else
+-		if ( (strlen(kte.principal->name.name_string.val[0]) == GSSD_SERVICE_NAME_LEN) &&
+-		     (strncmp(kte.principal->name.name_string.val[0], GSSD_SERVICE_NAME,
+-			      GSSD_SERVICE_NAME_LEN) == 0) &&
++		if ( (strlen(kte.principal->name.name_string.val[0]) == GSSD_MACHINE_CRED_NAME_LEN) &&
++		     (strncmp(kte.principal->name.name_string.val[0], GSSD_MACHINE_CRED_NAME,
++			      GSSD_MACHINE_CRED_NAME_LEN) == 0) &&
+ 			      
+ #endif
+ 		     (!gssd_have_realm_ple((void *)&kte.principal->realm)) ) {
+@@ -714,7 +717,7 @@ gssd_refresh_krb5_machine_creds(void)
+ 			printerr(0, "Do you have a valid keytab entry for "
+ 				    "%s/<your.host>@<YOUR.REALM> in "
+ 				    "keytab file %s ?\n",
+-				    GSSD_SERVICE_NAME, keytabfile);
++				    GSSD_MACHINE_CRED_NAME, keytabfile);
+ 			printerr(0, "Continuing without (machine) credentials "
+ 				    "- nfs4 mounts with Kerberos will fail\n");
+ 		}