Bug#567708: openssh: FTPFS with heimdal < 1.3.0

Colin Watson
Sat, 30 Jan 2010 15:16:33 -0800

On Sat, Jan 30, 2010 at 09:37:07PM +0100, Peter Marschall wrote:
> Hi,
> 
> when trying to build openssh with heimdal < 13.0 it fails
> because heimdal misses the krb5_free_unparsed_name() function,
> that gets called by OpenSSH since version 5.2p1.
> 
> According to https://roundup.it.su.se/jira/browse/HEIMDAL-626
> one possible solution is to simply call krb5_xfree() instead,
> as I did in the attchaed patch, that I have in use since 5.2p1
> came out (sorry I was lazy in reporting it).
> 
> Perhaps te better alternative is to depend on heimdal >= 1.3.0,
> as I do not know whether the aptch works for all architectures.
[...]
> #! /bin/sh /usr/share/dpatch/dpatch-run
> ## openssh-5.3p1-heimdal.patch
> ## DP: avoid krb5_free_unparsed_name() with heimdal
> ## DP: in favour of krb5_xfree()
> # From: Peter Marschall <pe...@adpm.de>
> # Subject: avoid krb5_free_unparsed_name() with heimdal
> # Description: as heimdal < 1.3.0 does not provide krb5_free_unparsed_name(),
> #  use krb5_xfree() instead.
> #  According to heimdal upstream the difference only matters "on windows or
> #  platforms that have diffrent memory pools for different libraries" only.
> #  more info on: https://roundup.it.su.se/jira/browse/HEIMDAL-626
> 
> 
> --- openssh-5.3p1/gss-serv-krb5.c
> +++ openssh-5.3p1/gss-serv-krb5.c     2010-01-06 13:02:03.000000000 +0100
> @@ -228,10 +228,20 @@
>               debug("Name in local credentials cache differs. Not storing");
>               krb5_free_principal(krb_context, principal);
>               krb5_cc_close(krb_context, ccache);
> +/* kludge to make it work with heimdal < 1.3.0 */
> +#if HEIMDAL
> +             krb5_xfree(name);
> +#else
>               krb5_free_unparsed_name(krb_context, name);
> +#endif
>               return 0;
>       }
> +/* kludge to make it work with heimdal < 1.3.0 */
> +#if HEIMDAL
> +     krb5_xfree(name);
> +#else
>       krb5_free_unparsed_name(krb_context, name);
> +#endif
>  
>       /* Name matches, so lets get on with it! */
>


As far as the Debian package goes, I'd be OK with applying something
like this to make it cope with Heimdal.  However, I would prefer a
slightly neater patch if possible, in two ways:

  * Is there a way to detect Heimdal's version at compile-time, so that
    we can use krb5_free_unparsed_name if it's available?  Or is that
    bad because it's marked deprecated?  (Incidentally I don't
    understand how the description of when the difference matters
    matches up with it being deprecated, but maybe I just don't
    understand Heimdal well enough.)

  * Can we use something more like this as the inside of the
    conditional:

    #define krb5_free_unparsed_name(krb_context, name) krb5_xfree(name)

    ... so that the compatibility kludge is confined to the top of the
    file rather than being in the middle of the logic?

CCing Simon Wilkinson (upstream for the GSSAPI patch).

Thanks,

-- 
Colin Watson                                       [cjwat...@debian.org]



-- 
To UNSUBSCRIBE, email to debian-ssh-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to