packages: openssh/openssh-heimdal.patch, openssh/openssh.spec - final, work...

Tue, 19 Apr 2011 15:45:39 -0700 

Author: baggins                      Date: Tue Apr 19 22:45:25 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- final, working solution to hardcoded kerberos credential cache,
  now sshd honours default_cc_type and default_cc_name settings in krb5.conf

---- Files affected:
packages/openssh:
   openssh-heimdal.patch (1.15 -> 1.16) , openssh.spec (1.357 -> 1.358) 

---- Diffs:

================================================================
Index: packages/openssh/openssh-heimdal.patch
diff -u packages/openssh/openssh-heimdal.patch:1.15 
packages/openssh/openssh-heimdal.patch:1.16
--- packages/openssh/openssh-heimdal.patch:1.15 Tue Apr 19 22:37:18 2011
+++ packages/openssh/openssh-heimdal.patch      Wed Apr 20 00:45:20 2011
@@ -17,8 +17,58 @@
                                       ]
                        )
                        AC_SEARCH_LIBS(dn_expand, resolv)
---- openssh-5.8p1/gss-serv-krb5.c~     2011-04-19 14:09:54.832721425 +0200
-+++ openssh-5.8p1/gss-serv-krb5.c      2011-04-19 21:54:01.818248221 +0200
+diff -ur openssh-5.8p1-orig/auth-krb5.c openssh-5.8p1/auth-krb5.c
+--- openssh-5.8p1-orig/auth-krb5.c     2011-04-20 00:30:23.632652510 +0200
++++ openssh-5.8p1/auth-krb5.c  2011-04-20 00:34:06.218117429 +0200
+@@ -88,6 +88,8 @@
+ #ifndef HEIMDAL
+       krb5_creds creds;
+       krb5_principal server;
++#else
++      const char *ccache_type, *ccache_name;
+ #endif
+       krb5_error_code problem;
+       krb5_ccache ccache = NULL;
+@@ -129,7 +131,11 @@
+       if (problem)
+               goto out;
+ 
+-      problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
++      problem = krb5_cc_set_default_name(authctxt->krb5_ctx, NULL);
++      if (problem)
++              goto out;
++      problem = krb5_cc_new_unique(authctxt->krb5_ctx,
++          krb5_cc_default_name(authctxt->krb5_ctx), NULL,
+           &authctxt->krb5_fwd_ccache);
+       if (problem)
+               goto out;
+@@ -180,12 +186,23 @@
+               goto out;
+ #endif
+ 
++#ifdef HEIMDAL
++      ccache_type = krb5_cc_get_type(authctxt->krb5_ctx, 
authctxt->krb5_fwd_ccache);
++      ccache_name = krb5_cc_get_name(authctxt->krb5_ctx, 
authctxt->krb5_fwd_ccache);
++      if (strncmp(ccache_type, "FILE", 4) == 0) {
++              authctxt->krb5_ticket_file = (char *)ccache_name;
++      }
++      len = strlen(ccache_type) + strlen(ccache_name) + 2;
++      authctxt->krb5_ccname = xmalloc(len);
++      snprintf(authctxt->krb5_ccname, len, "%s:%s", ccache_type, ccache_name);
++#else
+       authctxt->krb5_ticket_file = (char 
*)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
+ 
+       len = strlen(authctxt->krb5_ticket_file) + 6;
+       authctxt->krb5_ccname = xmalloc(len);
+       snprintf(authctxt->krb5_ccname, len, "FILE:%s",
+           authctxt->krb5_ticket_file);
++#endif
+ 
+ #ifdef USE_PAM
+       if (options.use_pam)
+diff -ur openssh-5.8p1-orig/gss-serv-krb5.c openssh-5.8p1/gss-serv-krb5.c
+--- openssh-5.8p1-orig/gss-serv-krb5.c 2011-04-20 00:30:23.632652510 +0200
++++ openssh-5.8p1/gss-serv-krb5.c      2011-04-20 00:34:06.218117429 +0200
 @@ -121,6 +121,9 @@
        krb5_principal princ;
        OM_uint32 maj_status, min_status;
@@ -29,18 +79,24 @@
  
        if (client->creds == NULL) {
                debug("No credentials stored");
-@@ -131,8 +132,8 @@
+@@ -131,8 +134,14 @@
                return;
  
  #ifdef HEIMDAL
 -      if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
 -              logit("krb5_cc_gen_new(): %.100s",
-+      if ((problem = krb5_cc_new_unique(krb_context, NULL, NULL, &ccache))) {
++      if ((problem = krb5_cc_set_default_name(krb_context, NULL))) {
++              logit("krb5_cc_set_default_name(): %.100s",
++                  krb5_get_err_text(krb_context, problem));
++              return;
++      }
++      if ((problem = krb5_cc_new_unique(krb_context,
++                      krb5_cc_default_name(krb_context), NULL, &ccache))) {
 +              logit("krb5_cc_new_unique(): %.100s",
                    krb5_get_err_text(krb_context, problem));
                return;
        }
-@@ -169,11 +170,23 @@
+@@ -169,11 +178,23 @@
                return;
        }
  
@@ -60,50 +116,6 @@
        len = strlen(client->store.filename) + 6;
        client->store.envval = xmalloc(len);
        snprintf(client->store.envval, len, "FILE:%s", client->store.filename);
-+#endif
- 
- #ifdef USE_PAM
-       if (options.use_pam)
---- openssh-5.8p1/auth-krb5.c.orig     2009-12-21 00:49:22.000000000 +0100
-+++ openssh-5.8p1/auth-krb5.c  2011-04-19 22:16:14.622268002 +0200
-@@ -74,6 +88,8 @@
- #ifndef HEIMDAL
-       krb5_creds creds;
-       krb5_principal server;
-+#else
-+      const char *ccache_type, *ccache_name;
- #endif
-       krb5_error_code problem;
-       krb5_ccache ccache = NULL;
-@@ -115,7 +130,7 @@
-       if (problem)
-               goto out;
- 
--      problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
-+      problem = krb5_cc_new_unique(authctxt->krb5_ctx, NULL, NULL,
-           &authctxt->krb5_fwd_ccache);
-       if (problem)
-               goto out;
-@@ -166,12 +181,23 @@
-               goto out;
- #endif
- 
-+#ifdef HEIMDAL
-+      ccache_type = krb5_cc_get_type(authctxt->krb5_ctx, 
authctxt->krb5_fwd_ccache);
-+      ccache_name = krb5_cc_get_name(authctxt->krb5_ctx, 
authctxt->krb5_fwd_ccache);
-+      if (strncmp(ccache_type, "FILE", 4) == 0) {
-+              authctxt->krb5_ticket_file = (char *)ccache_name;
-+      }
-+      len = strlen(ccache_type) + strlen(ccache_name) + 2;
-+      authctxt->krb5_ccname = xmalloc(len);
-+      snprintf(authctxt->krb5_ccname, len, "%s:%s", ccache_type, ccache_name);
-+#else
-       authctxt->krb5_ticket_file = (char 
*)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
- 
-       len = strlen(authctxt->krb5_ticket_file) + 6;
-       authctxt->krb5_ccname = xmalloc(len);
-       snprintf(authctxt->krb5_ccname, len, "FILE:%s",
-           authctxt->krb5_ticket_file);
 +#endif
  
  #ifdef USE_PAM

================================================================
Index: packages/openssh/openssh.spec
diff -u packages/openssh/openssh.spec:1.357 packages/openssh/openssh.spec:1.358
--- packages/openssh/openssh.spec:1.357 Tue Apr 19 22:19:14 2011
+++ packages/openssh/openssh.spec       Wed Apr 20 00:45:20 2011
@@ -30,7 +30,7 @@
 Summary(uk.UTF-8):     OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
 Name:          openssh
 Version:       5.8p1
-Release:       4.1
+Release:       5
 Epoch:         2
 License:       BSD
 Group:         Applications/Networking
@@ -764,6 +764,10 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.358  2011/04/19 22:45:20  baggins
+- final, working solution to hardcoded kerberos credential cache,
+  now sshd honours default_cc_type and default_cc_name settings in krb5.conf
+
 Revision 1.357  2011/04/19 20:19:14  baggins
 - don't hardcode credential cache type and name for heimdal (breaks KCM)
 
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssh/openssh-heimdal.patch?r1=1.15&r2=1.16&f=u
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssh/openssh.spec?r1=1.357&r2=1.358&f=u

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to