Bug#567708: openssh: FTPFS with heimdal < 1.3.0

To: Peter Marschall <peter@adpm.de>, 567708@bugs.debian.org
Cc: Simon Wilkinson <simon@sxw.org.uk>
Subject: Bug#567708: openssh: FTPFS with heimdal < 1.3.0
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 30 Jan 2010 23:12:54 +0000
Message-id: <20100130231254.GD4484@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 567708@bugs.debian.org
In-reply-to: <20100130203707.23400.91408.reportbug@moth.adpm.de>
References: <20100130203707.23400.91408.reportbug@moth.adpm.de>

On Sat, Jan 30, 2010 at 09:37:07PM +0100, Peter Marschall wrote:
> Hi,
> 
> when trying to build openssh with heimdal < 13.0 it fails
> because heimdal misses the krb5_free_unparsed_name() function,
> that gets called by OpenSSH since version 5.2p1.
> 
> According to https://roundup.it.su.se/jira/browse/HEIMDAL-626
> one possible solution is to simply call krb5_xfree() instead,
> as I did in the attchaed patch, that I have in use since 5.2p1
> came out (sorry I was lazy in reporting it).
> 
> Perhaps te better alternative is to depend on heimdal >= 1.3.0,
> as I do not know whether the aptch works for all architectures.
[...]
> #! /bin/sh /usr/share/dpatch/dpatch-run
> ## openssh-5.3p1-heimdal.patch
> ## DP: avoid krb5_free_unparsed_name() with heimdal
> ## DP: in favour of krb5_xfree()
> # From: Peter Marschall <peter@adpm.de>
> # Subject: avoid krb5_free_unparsed_name() with heimdal
> # Description: as heimdal < 1.3.0 does not provide krb5_free_unparsed_name(),
> #  use krb5_xfree() instead.
> #  According to heimdal upstream the difference only matters "on windows or
> #  platforms that have diffrent memory pools for different libraries" only.
> #  more info on: https://roundup.it.su.se/jira/browse/HEIMDAL-626
> 
> 
> --- openssh-5.3p1/gss-serv-krb5.c
> +++ openssh-5.3p1/gss-serv-krb5.c	2010-01-06 13:02:03.000000000 +0100
> @@ -228,10 +228,20 @@
>  		debug("Name in local credentials cache differs. Not storing");
>  		krb5_free_principal(krb_context, principal);
>  		krb5_cc_close(krb_context, ccache);
> +/* kludge to make it work with heimdal < 1.3.0 */
> +#if HEIMDAL
> +		krb5_xfree(name);
> +#else
>  		krb5_free_unparsed_name(krb_context, name);
> +#endif
>  		return 0;
>  	}
> +/* kludge to make it work with heimdal < 1.3.0 */
> +#if HEIMDAL
> +	krb5_xfree(name);
> +#else
>  	krb5_free_unparsed_name(krb_context, name);
> +#endif
>  
>  	/* Name matches, so lets get on with it! */
>  

As far as the Debian package goes, I'd be OK with applying something
like this to make it cope with Heimdal.  However, I would prefer a
slightly neater patch if possible, in two ways:

  * Is there a way to detect Heimdal's version at compile-time, so that
    we can use krb5_free_unparsed_name if it's available?  Or is that
    bad because it's marked deprecated?  (Incidentally I don't
    understand how the description of when the difference matters
    matches up with it being deprecated, but maybe I just don't
    understand Heimdal well enough.)

  * Can we use something more like this as the inside of the
    conditional:

    #define krb5_free_unparsed_name(krb_context, name) krb5_xfree(name)

    ... so that the compatibility kludge is confined to the top of the
    file rather than being in the middle of the logic?

CCing Simon Wilkinson (upstream for the GSSAPI patch).

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#567708: openssh: FTPFS with heimdal < 1.3.0
  - From: Simon Wilkinson <simon@sxw.org.uk>
- Bug#567708: openssh: FTPFS with heimdal < 1.3.0
  - From: Russ Allbery <rra@debian.org>

References:
- Bug#567708: openssh: FTPFS with heimdal < 1.3.0
  - From: Peter Marschall <peter@adpm.de>

Prev by Date: Bug#567708: openssh: FTPFS with heimdal < 1.3.0
Next by Date: Processed: forwarded
Previous by thread: Bug#567708: openssh: FTPFS with heimdal < 1.3.0
Next by thread: Bug#567708: openssh: FTPFS with heimdal < 1.3.0
Index(es):
- Date
- Thread