1 files changed, 113 insertions, 0 deletions
diff --git a/main/libtirpc/gssglue.patch b/main/libtirpc/gssglue.patch
new file mode 100644
index 000000000..d16f815bc
--- /dev/null
+++ b/main/libtirpc/gssglue.patch
@@ -0,0 +1,113 @@
+From 9151a39539145e1f62f8b30168d1cdeb19299dac Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Tue, 26 Mar 2013 11:13:05 -0400
+Subject: [PATCH 1/2] Switch to use standard GSSAPI by default
+
+Make libgssglue configurable still but disabled by default.
+There is no reason to use libgssglue anymore, and modern gssapi
+supports all needed features for libtirpc and its dependencies.
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ configure.ac    | 23 +++++++++++++++++++----
+ src/Makefile.am |  4 ++--
+ 2 files changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 40dce96..4a4adba 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -5,15 +5,30 @@ AC_CONFIG_SRCDIR([src/auth_des.c])
+ AC_CONFIG_MACRO_DIR([m4])
+ 
+ AC_ARG_ENABLE(gss,[  --enable-gss            Turn on gss api], [case "${enableval}" in
+-        yes) gss=true ; AC_CHECK_LIB([gssapi],[gss_init_sec_context]) ;;
++        yes) gss=true ;;
+         no)  gss=false ;;
+         *) AC_MSG_ERROR(bad value ${enableval} for --enable-gss) ;;
+       esac],[gss=false])
+ AM_CONDITIONAL(GSS, test x$gss = xtrue)
++AC_ARG_WITH(gssglue,
++		[  --with-gssglue        Use libgssglue],
++		 [case "${enableval}" in
++		  yes) gssglue=true ;;
++		  no)  gssglue=false ;;
++		  *) AC_MSG_ERROR(bad value ${enableval} for --with-gssglue) ;;
++		  esac],
++		[gssglue=false])
++AM_CONDITIONAL(USEGSSGLUE, test x$gssglue = xtrue)
+ if test x$gss = xtrue; then
+-	AC_DEFINE(HAVE_LIBGSSAPI, 1, [])
+-	PKG_CHECK_MODULES(GSSGLUE, libgssglue, [],
+-	AC_MSG_ERROR([Unable to locate information required to use libgssglue.]))
++	if test x$gssglue = xtrue; then
++		PKG_CHECK_MODULES(GSSAPI, libgssglue, [],
++		AC_MSG_ERROR([Unable to locate information required to use libgssglue.]))
++	else
++		GSSAPI_CFLAGS=`krb5-config --cflags gssapi`
++		GSSAPI_LIBS=`krb5-config --libs gssapi`
++		AC_SUBST([GSSAPI_CFLAGS])
++		AC_SUBST([GSSAPI_LIBS])
++	fi
+ fi
+ AC_ARG_ENABLE(ipv6,
+ 	[AC_HELP_STRING([--disable-ipv6], [Disable IPv6 support @<:@default=no@:>@])],
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 66350f5..2dd7768 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -58,8 +58,8 @@ libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_ref
+ ## Secure-RPC
+ if GSS
+     libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c
+-    libtirpc_la_LDFLAGS += $(GSSGLUE_LIBS)
+-    libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSGLUE_CFLAGS)
++    libtirpc_la_LDFLAGS += $(GSSAPI_LIBS)
++    libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
+ endif
+ 
+ ## libtirpc_a_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
+-- 
+1.8.1.4
+
+
+From 4072a0bb8b619cab027bb3833785768681da4ed5 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 10 Apr 2013 11:38:14 -0400
+Subject: [PATCH 2/2] gss: Fix private data giveaway
+
+When the private data is given away the gss context also needs to go,
+because the caller may destroy it, such as when the context is exported
+into a lucid context to hand it to the kernel.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/auth_gss.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/auth_gss.c b/src/auth_gss.c
+index 81ae8ae..703bc3f 100644
+--- a/src/auth_gss.c
++++ b/src/auth_gss.c
+@@ -269,6 +269,7 @@ authgss_get_private_data(AUTH *auth, struct authgss_private_data *pd)
+ 	 * send an RPCSEC_GSS_DESTROY request which might inappropriately
+ 	 * destroy the context.
+ 	 */
++        gd->ctx = GSS_C_NO_CONTEXT;
+ 	gd->gc.gc_ctx.length = 0;
+ 	gd->gc.gc_ctx.value = NULL;
+ 
+@@ -284,7 +285,8 @@ authgss_free_private_data(struct authgss_private_data *pd)
+ 	if (!pd)
+ 		return (FALSE);
+ 
+-	pd->pd_ctx = NULL;
++	if (pd->pd_ctx != GSS_C_NO_CONTEXT)
++		gss_delete_sec_context(&min_stat, &pd->pd_ctx, NULL);
+ 	gss_release_buffer(&min_stat, &pd->pd_ctx_hndl);
+ 	memset(&pd->pd_ctx_hndl, 0, sizeof(pd->pd_ctx_hndl));
+ 	pd->pd_seq_win = 0;
+-- 
+1.8.1.4
+