openssh-heimdal.patch

   1 --- openssh-5.9p1/configure.ac~ 2011-08-18 06:48:24.000000000 +0200
   2 +++ openssh-5.9p1/configure.ac  2011-09-06 19:00:46.856319713 +0200
   3 @@ -3424,13 +3424,13 @@
   4                                         [ AC_MSG_RESULT([yes])
   5                                          AC_DEFINE([HEIMDAL])
   6                                          K5LIBS="-lkrb5"
   7 -                                        K5LIBS="$K5LIBS -lcom_err -lasn1"
   8 +                                        K5LIBS="$K5LIBS -lasn1"
   9                                          AC_CHECK_LIB([roken], [net_write],
  10                                            [K5LIBS="$K5LIBS -lroken"])
  11                                          AC_CHECK_LIB([des], [des_cbc_encrypt],
  12                                            [K5LIBS="$K5LIBS -ldes"])
  13                                        ], [ AC_MSG_RESULT([no])
  14 -                                        K5LIBS="-lkrb5 -lk5crypto -lcom_err"
  15 +                                        K5LIBS="-lkrb5 -lk5crypto"
  16
  17                         ])
  18                         AC_SEARCH_LIBS([dn_expand], [resolv])
  19 diff -ur openssh-5.8p1-orig/auth-krb5.c openssh-5.8p1/auth-krb5.c
  20 --- openssh-5.8p1-orig/auth-krb5.c      2011-04-20 00:30:23.632652510 +0200
  21 +++ openssh-5.8p1/auth-krb5.c   2011-04-20 00:34:06.218117429 +0200
  22 @@ -88,6 +88,8 @@
  23  #ifndef HEIMDAL
  24         krb5_creds creds;
  25         krb5_principal server;
  26 +#else
  27 +       const char *ccache_type, *ccache_name;
  28  #endif
  29         krb5_error_code problem;
  30         krb5_ccache ccache = NULL;
  31 @@ -129,7 +131,11 @@
  32         if (problem)
  33                 goto out;
  34
  35 -       problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
  36 +       problem = krb5_cc_set_default_name(authctxt->krb5_ctx, NULL);
  37 +       if (problem)
  38 +               goto out;
  39 +       problem = krb5_cc_new_unique(authctxt->krb5_ctx,
  40 +           krb5_cc_default_name(authctxt->krb5_ctx), NULL,
  41             &authctxt->krb5_fwd_ccache);
  42         if (problem)
  43                 goto out;
  44 @@ -180,12 +186,23 @@
  45                 goto out;
  46  #endif
  47
  48 +#ifdef HEIMDAL
  49 +       ccache_type = krb5_cc_get_type(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
  50 +       ccache_name = krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
  51 +       if (strncmp(ccache_type, "FILE", 4) == 0) {
  52 +               authctxt->krb5_ticket_file = (char *)ccache_name;
  53 +       }
  54 +       len = strlen(ccache_type) + strlen(ccache_name) + 2;
  55 +       authctxt->krb5_ccname = xmalloc(len);
  56 +       snprintf(authctxt->krb5_ccname, len, "%s:%s", ccache_type, ccache_name);
  57 +#else
  58         authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
  59
  60         len = strlen(authctxt->krb5_ticket_file) + 6;
  61         authctxt->krb5_ccname = xmalloc(len);
  62         snprintf(authctxt->krb5_ccname, len, "FILE:%s",
  63             authctxt->krb5_ticket_file);
  64 +#endif
  65
  66  #ifdef USE_PAM
  67         if (options.use_pam)
  68 diff -ur openssh-5.8p1-orig/gss-serv-krb5.c openssh-5.8p1/gss-serv-krb5.c
  69 --- openssh-5.8p1-orig/gss-serv-krb5.c  2011-04-20 00:30:23.632652510 +0200
  70 +++ openssh-5.8p1/gss-serv-krb5.c       2011-04-20 00:34:06.218117429 +0200
  71 @@ -121,6 +121,9 @@
  72         krb5_principal princ;
  73         OM_uint32 maj_status, min_status;
  74         int len;
  75 +#ifdef HEIMDAL
  76 +       const char *ccache_type, *ccache_name;
  77 +#endif
  78
  79         if (client->creds == NULL) {
  80                 debug("No credentials stored");
  81 @@ -131,8 +134,14 @@
  82                 return;
  83
  84  #ifdef HEIMDAL
  85 -       if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
  86 -               logit("krb5_cc_gen_new(): %.100s",
  87 +       if ((problem = krb5_cc_set_default_name(krb_context, NULL))) {
  88 +               logit("krb5_cc_set_default_name(): %.100s",
  89 +                   krb5_get_err_text(krb_context, problem));
  90 +               return;
  91 +       }
  92 +       if ((problem = krb5_cc_new_unique(krb_context,
  93 +                       krb5_cc_default_name(krb_context), NULL, &ccache))) {
  94 +               logit("krb5_cc_new_unique(): %.100s",
  95                     krb5_get_err_text(krb_context, problem));
  96                 return;
  97         }
  98 @@ -169,11 +178,23 @@
  99                 return;
 100         }
 101
 102 +#ifdef HEIMDAL
 103 +       ccache_type = krb5_cc_get_type(krb_context, ccache);
 104 +       ccache_name = krb5_cc_get_name(krb_context, ccache);
 105 +       if (strncmp(ccache_type, "FILE", 4) == 0) {
 106 +               client->store.filename = xstrdup(ccache_name);
 107 +       }
 108 +       client->store.envvar = "KRB5CCNAME";
 109 +       len = strlen(ccache_type) + strlen(ccache_name) + 2;
 110 +       client->store.envval = xmalloc(len);
 111 +       snprintf(client->store.envval, len, "%s:%s", ccache_type, ccache_name);
 112 +#else
 113         client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
 114         client->store.envvar = "KRB5CCNAME";
 115         len = strlen(client->store.filename) + 6;
 116         client->store.envval = xmalloc(len);
 117         snprintf(client->store.envval, len, "FILE:%s", client->store.filename);
 118 +#endif
 119
 120  #ifdef USE_PAM
 121         if (options.use_pam)