Package init

Always-choose-highest-requested-debug-level.patch

@@ -0,0 +1,107 @@
+From d284ec7dc9fe0a824b177873078aeb36a25b7878 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Wed, 11 Apr 2018 16:15:00 -0400
+Subject: [PATCH] Always choose highest requested debug level
+
+Allowing the CLI to lower the debug level specified in a config file
+is dubious, and previously broken since we don't distinguish "default
+value" from "explicitly requested value of 0" in popt.  This resulted
+in "Debug Enabled (level: 0)" even when the log level was not actually
+0, which is confusing for users.
+
+Remove the gp_debug_args() function since it is no longer used.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+Reviewed-by: Simo Sorce <simo@redhat.com>
+Merges: #229
+(cherry picked from commit 5a714768aec776dc875237dd729c85389932a688)
+---
+ src/gp_debug.c | 34 ++++++++--------------------------
+ src/gp_debug.h |  3 +--
+ src/gssproxy.c |  2 +-
+ 3 files changed, 10 insertions(+), 29 deletions(-)
+
+diff --git a/src/gp_debug.c b/src/gp_debug.c
+index 4a141fc..a0f51f0 100644
+--- a/src/gp_debug.c
++++ b/src/gp_debug.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2011 the GSS-PROXY contributors, see COPYING for license */
++/* Copyright (C) 2011,2018 the GSS-PROXY contributors, see COPYING for license */
+ 
+ #include "config.h"
+ #include <stdbool.h>
+@@ -7,35 +7,17 @@
+ #include "gp_log.h"
+ 
+ /* global debug switch */
+-int gp_debug;
+-
+-int gp_debug_args(int level) {
+-    static int args_level = 0;
+-
+-    if (level != 0) {
+-        args_level = level;
+-    }
+-    return args_level;
+-}
++int gp_debug = 0;
+ 
+ void gp_debug_toggle(int level)
+ {
+-    static bool krb5_trace_set = false;
++    if (level <= gp_debug)
++        return;
+ 
+-    /* Command line and environment options override config file */
+-    gp_debug = gp_debug_args(0);
+-    if (gp_debug == 0) {
+-        gp_debug = level;
+-    }
+-    if (level >= 3) {
+-        if (!getenv("KRB5_TRACE")) {
+-            setenv("KRB5_TRACE", "/dev/stderr", 1);
+-            krb5_trace_set = true;
+-        }
+-    } else if (krb5_trace_set) {
+-        unsetenv("KRB5_TRACE");
+-        krb5_trace_set = false;
+-    }
++    if (level >= 3 && !getenv("KRB5_TRACE"))
++        setenv("KRB5_TRACE", "/dev/stderr", 1);
++
++    gp_debug = level;
+     GPDEBUG("Debug Enabled (level: %d)\n", level);
+ }
+ 
+diff --git a/src/gp_debug.h b/src/gp_debug.h
+index 1c2f8a3..4932bfd 100644
+--- a/src/gp_debug.h
++++ b/src/gp_debug.h
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2011 the GSS-PROXY contributors, see COPYING for license */
++/* Copyright (C) 2011,2018 the GSS-PROXY contributors, see COPYING for license */
+ 
+ #ifndef _GP_DEBUG_H_
+ #define _GP_DEBUG_H_
+@@ -10,7 +10,6 @@
+ 
+ extern int gp_debug;
+ 
+-int gp_debug_args(int level);
+ void gp_debug_toggle(int);
+ void gp_debug_printf(const char *format, ...);
+ void gp_debug_time_printf(const char *format, ...);
+diff --git a/src/gssproxy.c b/src/gssproxy.c
+index 6d36a5d..db6e89b 100644
+--- a/src/gssproxy.c
++++ b/src/gssproxy.c
+@@ -208,7 +208,7 @@ int main(int argc, const char *argv[])
+ 
+     if (opt_debug || opt_debug_level > 0) {
+         if (opt_debug_level == 0) opt_debug_level = 1;
+-        gp_debug_args(opt_debug_level);
++        gp_debug_toggle(opt_debug_level);
+     }
+ 
+     if (opt_daemon && opt_interactive) {

Always-use-the-encype-we-selected.patch

@@ -0,0 +1,43 @@
+From 64bf7f099fe52a214794486d16e3383ff25e8682 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Tue, 27 Feb 2018 11:59:25 -0500
+Subject: [PATCH] Always use the encype we selected
+
+The enctype is selected from the keytab or from the fallback code.
+Either way make sure to use the enctype stored in the key block.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+Reviewed-by: Robbie Harwood <rharwood@redhat.com>
+Merges: #226
+(cherry picked from commit d73c96d658059ce64ecd41ff2924071d86f2b54f)
+---
+ src/gp_export.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/gp_export.c b/src/gp_export.c
+index c9f5fd4..5e8e160 100644
+--- a/src/gp_export.c
++++ b/src/gp_export.c
+@@ -168,11 +168,10 @@ uint32_t gp_init_creds_handle(uint32_t *min, const char *svc_name,
+                                  GP_CREDS_HANDLE_KEY_ENCTYPE, 0,
+                                  &handle->key);
+         if (ret == 0) {
+-            ret = krb5_c_make_random_key(handle->context,
+-                                         GP_CREDS_HANDLE_KEY_ENCTYPE,
++            ret = krb5_c_make_random_key(handle->context, handle->key->enctype,
+                                          handle->key);
+             GPDEBUG("Service: %s, Enckey: [ephemeral], Enctype: %d\n",
+-                    svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE);
++                    svc_name, handle->key->enctype);
+         }
+         if (ret) {
+             ret_min = ret;
+@@ -254,7 +253,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
+ 
+     memset(&enc_handle, '\0', sizeof(krb5_enc_data));
+ 
+-    enc_handle.enctype = GP_CREDS_HANDLE_KEY_ENCTYPE;
++    enc_handle.enctype = key->enctype;
+     enc_handle.ciphertext.data = in->octet_string_val;
+     enc_handle.ciphertext.length = in->octet_string_len;
+ 

Clarify-debug-and-debug_level-in-man-pages.patch

@@ -0,0 +1,74 @@
+From d71d354f1020a7deac57f26cc7c2cafb3fa675a3 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Wed, 11 Apr 2018 16:01:21 -0400
+Subject: [PATCH] Clarify debug and debug_level in man pages
+
+In particular, add debug_level to gssproxy(5) since it was previously
+accepted but not documented.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+Reviewed-by: Simo Sorce <simo@redhat.com>
+Merges: #229
+(cherry picked from commit e0e96e46be03102903533a9816b4deefe1adfaf8)
+---
+ man/gssproxy.8.xml      | 24 +++++++++++++++++++++++-
+ man/gssproxy.conf.5.xml |  5 ++++-
+ 2 files changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/man/gssproxy.8.xml b/man/gssproxy.8.xml
+index 1df4b0d..21f7e6a 100644
+--- a/man/gssproxy.8.xml
++++ b/man/gssproxy.8.xml
+@@ -118,13 +118,35 @@
+                     </para>
+                 </listitem>
+             </varlistentry>
++
+             <varlistentry>
+                 <term>
+                     <option>-d</option>,<option>--debug</option>
+                 </term>
+                 <listitem>
+                     <para>
+-                        Turn on debugging.
++                        Turn on debugging.  This option is identical to
++                        --debug-level=1.
++                    </para>
++                </listitem>
++            </varlistentry>
++
++            <varlistentry>
++                <term>
++                    <option>--debug-level=</option>
++                </term>
++                <listitem>
++                    <para>
++                        Turn on debugging at the specified level.  0
++                        corresponds to no logging, while 1 turns on basic
++                        debug logging.  Level 2 increases verbosity, including
++                        more detailed credential verification.
++                    </para>
++                    <para>
++                        At level 3 and above, KRB5_TRACE output is logged.  If
++                        KRB5_TRACE was already set in the execution
++                        environment, trace output is sent to its value
++                        instead.
+                     </para>
+                 </listitem>
+             </varlistentry>
+diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml
+index de846b4..21c9653 100644
+--- a/man/gssproxy.conf.5.xml
++++ b/man/gssproxy.conf.5.xml
+@@ -192,7 +192,10 @@
+                 <varlistentry>
+                     <term>debug (boolean)</term>
+                     <listitem>
+-                        <para>Enable debugging to syslog.</para>
++                        <para>
++                            Enable debugging to syslog.  Setting to true is
++                            identical to setting debug_level to 1.
++                        </para>
+                         <para>Default: debug = false</para>
+                     </listitem>
+                 </varlistentry>

Don-t-leak-sock_ctx-if-verto_add_io-fails.patch

@@ -0,0 +1,23 @@
+From 322a7e578cc1f3b54bfb317dd57442231a8f7cf7 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 2 Aug 2018 16:02:50 -0400
+Subject: [PATCH] Don't leak sock_ctx if verto_add_io() fails
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit 459152be1e701af6aafdecffc1af21156b43bf78)
+---
+ src/gssproxy.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/gssproxy.c b/src/gssproxy.c
+index db6e89b..93c1c1e 100644
+--- a/src/gssproxy.c
++++ b/src/gssproxy.c
+@@ -46,6 +46,7 @@ static verto_ev *setup_socket(char *sock_name, verto_ctx *vctx)
+ 
+     ev = verto_add_io(vctx, vflags, accept_sock_conn, sock_ctx->fd);
+     if (!ev) {
++        free(sock_ctx);
+         return NULL;
+     }
+ 

gssproxy.spec

@@ -0,0 +1,91 @@
+%global servicename gssproxy
+%global pubconfpath %{_sysconfdir}/gssproxy
+%global gpstatedir %{_localstatedir}/lib/gssproxy
+
+Name:		gssproxy
+Version:	0.8.0
+Release:	8
+Summary:	GSSAPI Proxy
+License:	MIT
+URL:		https://pagure.io/gssproxy
+Source0:	%{name}-%{version}.tar.gz
+
+Patch0: Always-use-the-encype-we-selected.patch
+Patch1: Clarify-debug-and-debug_level-in-man-pages.patch
+Patch2: Always-choose-highest-requested-debug-level.patch
+Patch3: Don-t-leak-sock_ctx-if-verto_add_io-fails.patch
+
+Requires: krb5 keyutils libverto-module-base libini_config systemd
+
+Conflicts: selinux-policy < 3.13.1-283.5
+
+BuildRequires: autoconf automake libtool m4 libxslt libxml2 docbook-style-xsl doxygen findutils systemd-units git popt-devel
+BuildRequires: gettext-devel pkgconfig krb5-devel >= 1.12.0 libselinux-devel keyutils-libs-devel libini_config-devel >= 1.2.0 libverto-devel
+
+%description
+This is a proxy for GSSAPI which deals with credential handling
+
+%package        help
+Summary:        Help files for %{name}
+%description    help
+Help files for %{name}.
+
+%prep
+%autosetup -n  %{name}-%{version} -p1
+
+%build
+autoreconf -f -i
+%configure \
+    --with-pubconf-path=%{pubconfpath} \
+    --with-initscript=systemd \
+    --disable-static \
+    --disable-rpath \
+    --with-gpp-default-behavior=REMOTE_FIRST
+
+make %{?_smp_mflags} all
+make test_proxymech
+
+%install
+rm -rf %{buildroot}
+%make_install
+rm -f %{buildroot}%{_libdir}/gssproxy/proxymech.la
+install -d -m755 %{buildroot}%{_sysconfdir}/gssproxy
+install -m644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf
+install -m644 examples/99-nfs-client.conf %{buildroot}%{_sysconfdir}/gssproxy/99-nfs-client.conf
+install -D -m644 examples/mech %{buildroot}%{_sysconfdir}/gss/mech.d/gssproxy.conf
+mkdir -p %{buildroot}%{gpstatedir}/rcache
+
+%post
+%systemd_post gssproxy.service
+
+%preun
+%systemd_preun gssproxy.service
+
+%postun
+%systemd_postun_with_restart gssproxy.service
+
+%files
+%license COPYING
+%{_unitdir}/gssproxy.service
+%{_sbindir}/gssproxy
+%attr(755,root,root) %dir %{pubconfpath}
+%attr(755,root,root) %dir %{gpstatedir}
+%attr(700,root,root) %dir %{gpstatedir}/clients
+%attr(700,root,root) %dir %{gpstatedir}/rcache
+%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/gssproxy.conf
+%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/99-nfs-client.conf
+%attr(0644,root,root) %config(noreplace) /%{_sysconfdir}/gss/mech.d/gssproxy.conf
+%dir %{_libdir}/gssproxy
+%{_libdir}/gssproxy/proxymech.so
+
+%files help
+%{_mandir}/man5/gssproxy.conf.5*
+%{_mandir}/man8/gssproxy.8*
+%{_mandir}/man8/gssproxy-mech.8*
+
+%changelog
+* Fri Sep 27 2018 openEuler Buildteam <buildteam@openeuler.org> 0.8.0-8
+- Package init
+
+* Mon Sep 10 2018 openEuler Buildteam <buildteam@openeuler.org> 0.8.0-7
+- Package init