--- a/components/krb5/patches/024-smb-compat.patch Fri May 13 18:08:27 2016 -0700
+++ b/components/krb5/patches/024-smb-compat.patch Sat May 14 15:38:32 2016 -0700
@@ -4,6 +4,7 @@
# stress testing. The CRs in order:
#
# 15580724 SUNBT6868908 Solaris acceptors should have returned KRB5KRB_AP_...
+# 15648322 SUNBT6959251 coredump in gss_release_name+0x36
# 20416772 spnego_gss_accept_sec_context issue with incorrect KRB OID
# 16005842 Should retry SMB authentication upgrade to account for network...
# 15579598 SUNBT6867208 Windows client cannot recover from KRB5KRB_AP_ERR_SKEW..
@@ -67,15 +68,13 @@
code -= ERROR_TABLE_BASE_krb5;
if (code < 0 || code > KRB_ERR_MAX)
code = 60 /* KRB_ERR_GENERIC */;
-
-diff -pur new/src/lib/gssapi/spnego/spnego_mech.c patched/src/lib/gssapi/spnego/spnego_mech.c
---- new/src/lib/gssapi/spnego/spnego_mech.c 2016-02-29 11:50:13.000000000 -0800
-+++ patched/src/lib/gssapi/spnego/spnego_mech.c 2016-03-18 21:55:31.131280297 -0700
-@@ -191,7 +190,14 @@ static const gss_OID_set_desc spnego_oid
+diff -ur krb5-1.13.3.023-mem-rcache.patch/src/lib/gssapi/spnego/spnego_mech.c krb5-1.13.3/src/lib/gssapi/spnego/spnego_mech.c
+--- krb5-1.13.3.023-mem-rcache.patch/src/lib/gssapi/spnego/spnego_mech.c
++++ krb5-1.13.3/src/lib/gssapi/spnego/spnego_mech.c
+@@ -190,6 +190,13 @@
};
const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0;
- static int make_NegHints(OM_uint32 *, gss_buffer_t *);
+/* encoded OID octet string for NTLMSSP security mechanism */
+#define GSS_MECH_NTLMSSP_OID_LENGTH 10
+#define GSS_MECH_NTLMSSP_OID "\053\006\001\004\001\202\067\002\002\012"
@@ -83,10 +82,19 @@
+ GSS_MECH_NTLMSSP_OID_LENGTH, GSS_MECH_NTLMSSP_OID
+};
+
+ static int make_NegHints(OM_uint32 *, spnego_gss_cred_id_t, gss_buffer_t *);
static int put_neg_hints(unsigned char **, gss_buffer_t, unsigned int);
static OM_uint32
- acc_ctx_hints(OM_uint32 *, gss_ctx_id_t *, spnego_gss_cred_id_t,
-@@ -1325,6 +1387,7 @@ acc_ctx_new(OM_uint32 *minor_status,
+@@ -1237,7 +1244,7 @@
+ &hintNameBuf,
+ &hintNameType);
+ if (major_status != GSS_S_COMPLETE) {
+- gss_release_name(&minor, &hintName);
++ gss_release_name(&minor, &hintKerberosName);
+ return (major_status);
+ }
+ gss_release_name(&minor, &hintKerberosName);
+@@ -1380,6 +1387,7 @@
gss_buffer_desc der_mechTypes;
gss_OID mech_wanted;
spnego_gss_ctx_id_t sc = NULL;
@@ -94,7 +102,7 @@
ret = GSS_S_DEFECTIVE_TOKEN;
der_mechTypes.length = 0;
-@@ -1348,6 +1411,24 @@ acc_ctx_new(OM_uint32 *minor_status,
+@@ -1403,6 +1411,24 @@
goto cleanup;
}
/*
@@ -119,15 +127,15 @@
* Select the best match between the list of mechs
* that the initiator requested and the list that
* the acceptor will support.
-@@ -3072,6 +3163,7 @@ static OM_uint32
+@@ -3136,6 +3162,7 @@
+ int found = 0;
+ OM_uint32 major_status = GSS_S_COMPLETE, tmpmin;
gss_OID_set mechs, goodmechs;
- gss_OID_set_desc except_attrs;
- gss_OID_desc attr_oids[2];
+ char *msinterop = getenv("MS_INTEROP");
- attr_oids[0] = *GSS_C_MA_DEPRECATED;
- attr_oids[1] = *GSS_C_MA_NOT_DFLT_MECH;
-@@ -3108,6 +3177,15 @@ get_available_mechs(OM_uint32 *minor_sta
+ major_status = gss_indicate_mechs(minor_status, &mechs);
+
+@@ -3150,6 +3177,15 @@
return (major_status);
}
@@ -143,7 +151,7 @@
for (i = 0; i < mechs->count && major_status == GSS_S_COMPLETE; i++) {
if ((mechs->elements[i].length
!= spnego_mechanism.mech_type.length) ||
-@@ -3123,6 +3201,25 @@ get_available_mechs(OM_uint32 *minor_sta
+@@ -3165,6 +3201,25 @@
}
}
@@ -169,7 +177,7 @@
/*
* If the caller wanted a list of creds returned,
* trim the list of mechanisms down to only those
-@@ -3698,9 +3795,17 @@ negotiate_mech(gss_OID_set supported, gs
+@@ -3740,9 +3795,17 @@
for (i = 0; i < received->count; i++) {
gss_OID mech_oid = &received->elements[i];