Bug#567708: openssh: FTPFS with heimdal < 1.3.0
On Sat, Jan 30, 2010 at 09:37:07PM +0100, Peter Marschall wrote:
> Hi,
>
> when trying to build openssh with heimdal < 13.0 it fails
> because heimdal misses the krb5_free_unparsed_name() function,
> that gets called by OpenSSH since version 5.2p1.
>
> According to https://roundup.it.su.se/jira/browse/HEIMDAL-626
> one possible solution is to simply call krb5_xfree() instead,
> as I did in the attchaed patch, that I have in use since 5.2p1
> came out (sorry I was lazy in reporting it).
>
> Perhaps te better alternative is to depend on heimdal >= 1.3.0,
> as I do not know whether the aptch works for all architectures.
[...]
> #! /bin/sh /usr/share/dpatch/dpatch-run
> ## openssh-5.3p1-heimdal.patch
> ## DP: avoid krb5_free_unparsed_name() with heimdal
> ## DP: in favour of krb5_xfree()
> # From: Peter Marschall <peter@adpm.de>
> # Subject: avoid krb5_free_unparsed_name() with heimdal
> # Description: as heimdal < 1.3.0 does not provide krb5_free_unparsed_name(),
> # use krb5_xfree() instead.
> # According to heimdal upstream the difference only matters "on windows or
> # platforms that have diffrent memory pools for different libraries" only.
> # more info on: https://roundup.it.su.se/jira/browse/HEIMDAL-626
>
>
> --- openssh-5.3p1/gss-serv-krb5.c
> +++ openssh-5.3p1/gss-serv-krb5.c 2010-01-06 13:02:03.000000000 +0100
> @@ -228,10 +228,20 @@
> debug("Name in local credentials cache differs. Not storing");
> krb5_free_principal(krb_context, principal);
> krb5_cc_close(krb_context, ccache);
> +/* kludge to make it work with heimdal < 1.3.0 */
> +#if HEIMDAL
> + krb5_xfree(name);
> +#else
> krb5_free_unparsed_name(krb_context, name);
> +#endif
> return 0;
> }
> +/* kludge to make it work with heimdal < 1.3.0 */
> +#if HEIMDAL
> + krb5_xfree(name);
> +#else
> krb5_free_unparsed_name(krb_context, name);
> +#endif
>
> /* Name matches, so lets get on with it! */
>
As far as the Debian package goes, I'd be OK with applying something
like this to make it cope with Heimdal. However, I would prefer a
slightly neater patch if possible, in two ways:
* Is there a way to detect Heimdal's version at compile-time, so that
we can use krb5_free_unparsed_name if it's available? Or is that
bad because it's marked deprecated? (Incidentally I don't
understand how the description of when the difference matters
matches up with it being deprecated, but maybe I just don't
understand Heimdal well enough.)
* Can we use something more like this as the inside of the
conditional:
#define krb5_free_unparsed_name(krb_context, name) krb5_xfree(name)
... so that the compatibility kludge is confined to the top of the
file rather than being in the middle of the logic?
CCing Simon Wilkinson (upstream for the GSSAPI patch).
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: