diff options
author | Darren Tucker <dtucker@zip.com.au> | 2003-08-26 11:58:16 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2003-08-26 11:58:16 +1000 |
commit | 49aaf4ad522c6b599ec13f75f8a6b7eab6942143 (patch) | |
tree | ccf3984a52b32d59e3900ae8518a796df2860b58 | |
parent | 0efd155c3c184f0eaa2e1eb244eaaf066e6906e0 (diff) |
- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | Makefile.in | 5 | ||||
-rw-r--r-- | acconfig.h | 5 | ||||
-rw-r--r-- | auth-krb5.c | 3 | ||||
-rw-r--r-- | auth-pam.c | 25 | ||||
-rw-r--r-- | auth-pam.h | 3 | ||||
-rw-r--r-- | configure.ac | 28 | ||||
-rw-r--r-- | defines.h | 6 | ||||
-rw-r--r-- | gss-serv-krb5.c | 37 | ||||
-rw-r--r-- | session.c | 24 | ||||
-rw-r--r-- | ssh-gss.h | 12 | ||||
-rw-r--r-- | sshconnect1.c | 3 | ||||
-rw-r--r-- | sshconnect2.c | 3 |
13 files changed, 130 insertions, 29 deletions
@@ -10,6 +10,9 @@ | |||
10 | ssh_config.5 sshconnect2.c sshd_config sshd_config.5] | 10 | ssh_config.5 sshconnect2.c sshd_config sshd_config.5] |
11 | support GSS API user authentication; patches from Simon Wilkinson, | 11 | support GSS API user authentication; patches from Simon Wilkinson, |
12 | stripped down and tested by Jakob and myself. | 12 | stripped down and tested by Jakob and myself. |
13 | - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h | ||
14 | configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c | ||
15 | sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson. | ||
13 | 16 | ||
14 | 20030825 | 17 | 20030825 |
15 | - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from | 18 | - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from |
@@ -882,4 +885,4 @@ | |||
882 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 885 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
883 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 886 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
884 | 887 | ||
885 | $Id: ChangeLog,v 1.2907 2003/08/26 01:49:55 dtucker Exp $ | 888 | $Id: ChangeLog,v 1.2908 2003/08/26 01:58:16 dtucker Exp $ |
diff --git a/Makefile.in b/Makefile.in index cffefece6..eba34f341 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.240 2003/08/02 13:51:38 dtucker Exp $ | 1 | # $Id: Makefile.in,v 1.241 2003/08/26 01:58:16 dtucker Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -68,7 +68,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \ | |||
68 | key.o dispatch.o kex.o mac.o uuencode.o misc.o \ | 68 | key.o dispatch.o kex.o mac.o uuencode.o misc.o \ |
69 | rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \ | 69 | rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \ |
70 | kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ | 70 | kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ |
71 | entropy.o scard-opensc.o | 71 | entropy.o scard-opensc.o gss-genr.o |
72 | 72 | ||
73 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ | 73 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ |
74 | sshconnect.o sshconnect1.o sshconnect2.o | 74 | sshconnect.o sshconnect1.o sshconnect2.o |
@@ -82,6 +82,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | |||
82 | monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \ | 82 | monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \ |
83 | kexdhs.o kexgexs.o \ | 83 | kexdhs.o kexgexs.o \ |
84 | auth-krb5.o auth2-krb5.o \ | 84 | auth-krb5.o auth2-krb5.o \ |
85 | auth2-gss.o gss-serv.o gss-serv-krb5.o \ | ||
85 | loginrec.o auth-pam.o auth-sia.o md5crypt.o | 86 | loginrec.o auth-pam.o auth-sia.o md5crypt.o |
86 | 87 | ||
87 | MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out | 88 | MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out |
diff --git a/acconfig.h b/acconfig.h index 0e04c65b2..c83a45619 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: acconfig.h,v 1.161 2003/08/25 01:51:19 dtucker Exp $ */ | 1 | /* $Id: acconfig.h,v 1.162 2003/08/26 01:58:16 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. | 4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. |
@@ -232,6 +232,9 @@ | |||
232 | /* Define if compiler implements __func__ */ | 232 | /* Define if compiler implements __func__ */ |
233 | #undef HAVE___func__ | 233 | #undef HAVE___func__ |
234 | 234 | ||
235 | /* Define this is you want GSSAPI support in the version 2 protocol */ | ||
236 | #undef GSSAPI | ||
237 | |||
235 | /* Define if you want Kerberos 5 support */ | 238 | /* Define if you want Kerberos 5 support */ |
236 | #undef KRB5 | 239 | #undef KRB5 |
237 | 240 | ||
diff --git a/auth-krb5.c b/auth-krb5.c index b04c6649b..b9eeb5ba6 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -42,9 +42,6 @@ RCSID("$OpenBSD: auth-krb5.c,v 1.11 2003/07/16 15:02:06 markus Exp $"); | |||
42 | #ifdef KRB5 | 42 | #ifdef KRB5 |
43 | 43 | ||
44 | #include <krb5.h> | 44 | #include <krb5.h> |
45 | #ifndef HEIMDAL | ||
46 | #define krb5_get_err_text(context,code) error_message(code) | ||
47 | #endif /* !HEIMDAL */ | ||
48 | 45 | ||
49 | extern ServerOptions options; | 46 | extern ServerOptions options; |
50 | 47 | ||
diff --git a/auth-pam.c b/auth-pam.c index c0b6ded12..08b88f0dd 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -31,7 +31,7 @@ | |||
31 | 31 | ||
32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
33 | #include "includes.h" | 33 | #include "includes.h" |
34 | RCSID("$Id: auth-pam.c,v 1.67 2003/08/25 03:08:49 djm Exp $"); | 34 | RCSID("$Id: auth-pam.c,v 1.68 2003/08/26 01:58:16 dtucker Exp $"); |
35 | 35 | ||
36 | #ifdef USE_PAM | 36 | #ifdef USE_PAM |
37 | #include <security/pam_appl.h> | 37 | #include <security/pam_appl.h> |
@@ -650,6 +650,29 @@ do_pam_chauthtok(void) | |||
650 | pam_strerror(sshpam_handle, sshpam_err)); | 650 | pam_strerror(sshpam_handle, sshpam_err)); |
651 | } | 651 | } |
652 | 652 | ||
653 | /* | ||
654 | * Set a PAM environment string. We need to do this so that the session | ||
655 | * modules can handle things like Kerberos/GSI credentials that appear | ||
656 | * during the ssh authentication process. | ||
657 | */ | ||
658 | |||
659 | int | ||
660 | do_pam_putenv(char *name, char *value) | ||
661 | { | ||
662 | char *compound; | ||
663 | int ret = 1; | ||
664 | |||
665 | #ifdef HAVE_PAM_PUTENV | ||
666 | compound = xmalloc(strlen(name)+strlen(value)+2); | ||
667 | if (compound) { | ||
668 | sprintf(compound,"%s=%s",name,value); | ||
669 | ret = pam_putenv(sshpam_handle,compound); | ||
670 | xfree(compound); | ||
671 | } | ||
672 | #endif | ||
673 | return (ret); | ||
674 | } | ||
675 | |||
653 | void | 676 | void |
654 | print_pam_messages(void) | 677 | print_pam_messages(void) |
655 | { | 678 | { |
diff --git a/auth-pam.h b/auth-pam.h index 7f7c16d2e..03868312c 100644 --- a/auth-pam.h +++ b/auth-pam.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: auth-pam.h,v 1.19 2003/08/25 03:08:49 djm Exp $ */ | 1 | /* $Id: auth-pam.h,v 1.20 2003/08/26 01:58:16 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2000 Damien Miller. All rights reserved. |
@@ -38,6 +38,7 @@ void do_pam_session(const char *, const char *); | |||
38 | void do_pam_setcred(int ); | 38 | void do_pam_setcred(int ); |
39 | int is_pam_password_change_required(void); | 39 | int is_pam_password_change_required(void); |
40 | void do_pam_chauthtok(void); | 40 | void do_pam_chauthtok(void); |
41 | int do_pam_putenv(char *, char *); | ||
41 | void print_pam_messages(void); | 42 | void print_pam_messages(void); |
42 | char ** fetch_pam_environment(void); | 43 | char ** fetch_pam_environment(void); |
43 | void free_pam_environment(char **); | 44 | void free_pam_environment(char **); |
diff --git a/configure.ac b/configure.ac index 600155ccd..bbc00e703 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.142 2003/08/25 03:27:40 dtucker Exp $ | 1 | # $Id: configure.ac,v 1.143 2003/08/26 01:58:16 dtucker Exp $ |
2 | 2 | ||
3 | AC_INIT | 3 | AC_INIT |
4 | AC_CONFIG_SRCDIR([ssh.c]) | 4 | AC_CONFIG_SRCDIR([ssh.c]) |
@@ -831,6 +831,7 @@ AC_ARG_WITH(pam, | |||
831 | AC_CHECK_LIB(dl, dlopen, , ) | 831 | AC_CHECK_LIB(dl, dlopen, , ) |
832 | AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) | 832 | AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) |
833 | AC_CHECK_FUNCS(pam_getenvlist) | 833 | AC_CHECK_FUNCS(pam_getenvlist) |
834 | AC_CHECK_FUNCS(pam_putenv) | ||
834 | 835 | ||
835 | disable_shadow=yes | 836 | disable_shadow=yes |
836 | PAM_MSG="yes" | 837 | PAM_MSG="yes" |
@@ -1946,6 +1947,31 @@ AC_ARG_WITH(kerberos5, | |||
1946 | fi | 1947 | fi |
1947 | AC_SEARCH_LIBS(dn_expand, resolv) | 1948 | AC_SEARCH_LIBS(dn_expand, resolv) |
1948 | 1949 | ||
1950 | AC_CHECK_LIB(gssapi,gss_init_sec_context, | ||
1951 | [ AC_DEFINE(GSSAPI) | ||
1952 | K5LIBS="-lgssapi $K5LIBS" ], | ||
1953 | [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context, | ||
1954 | [ AC_DEFINE(GSSAPI) | ||
1955 | K5LIBS="-lgssapi_krb5 $K5LIBS" ], | ||
1956 | AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), | ||
1957 | $K5LIBS) | ||
1958 | ], | ||
1959 | $K5LIBS) | ||
1960 | |||
1961 | AC_CHECK_HEADER(gssapi.h, , | ||
1962 | [ unset ac_cv_header_gssapi_h | ||
1963 | CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" | ||
1964 | AC_CHECK_HEADERS(gssapi.h, , | ||
1965 | AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) | ||
1966 | ) | ||
1967 | ] | ||
1968 | ) | ||
1969 | |||
1970 | oldCPP="$CPPFLAGS" | ||
1971 | CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" | ||
1972 | AC_CHECK_HEADER(gssapi_krb5.h, , | ||
1973 | [ CPPFLAGS="$oldCPP" ]) | ||
1974 | |||
1949 | KRB5=yes | 1975 | KRB5=yes |
1950 | fi | 1976 | fi |
1951 | ] | 1977 | ] |
@@ -25,7 +25,7 @@ | |||
25 | #ifndef _DEFINES_H | 25 | #ifndef _DEFINES_H |
26 | #define _DEFINES_H | 26 | #define _DEFINES_H |
27 | 27 | ||
28 | /* $Id: defines.h,v 1.101 2003/08/21 06:49:41 dtucker Exp $ */ | 28 | /* $Id: defines.h,v 1.102 2003/08/26 01:58:16 dtucker Exp $ */ |
29 | 29 | ||
30 | 30 | ||
31 | /* Constants */ | 31 | /* Constants */ |
@@ -521,6 +521,10 @@ struct winsize { | |||
521 | # define __func__ "" | 521 | # define __func__ "" |
522 | #endif | 522 | #endif |
523 | 523 | ||
524 | #if defined(KRB5) && !defined(HEIMDAL) | ||
525 | # define krb5_get_err_text(context,code) error_message(code) | ||
526 | #endif | ||
527 | |||
524 | /* | 528 | /* |
525 | * Define this to use pipes instead of socketpairs for communicating with the | 529 | * Define this to use pipes instead of socketpairs for communicating with the |
526 | * client program. Socketpairs do not seem to work on all systems. | 530 | * client program. Socketpairs do not seem to work on all systems. |
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index d86872258..f48e09911 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c | |||
@@ -38,7 +38,11 @@ | |||
38 | 38 | ||
39 | extern ServerOptions options; | 39 | extern ServerOptions options; |
40 | 40 | ||
41 | #ifdef HEIMDAL | ||
41 | #include <krb5.h> | 42 | #include <krb5.h> |
43 | #else | ||
44 | #include <gssapi_krb5.h> | ||
45 | #endif | ||
42 | 46 | ||
43 | static krb5_context krb_context = NULL; | 47 | static krb5_context krb_context = NULL; |
44 | 48 | ||
@@ -113,11 +117,39 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
113 | if (ssh_gssapi_krb5_init() == 0) | 117 | if (ssh_gssapi_krb5_init() == 0) |
114 | return; | 118 | return; |
115 | 119 | ||
120 | #ifdef HEIMDAL | ||
116 | if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) { | 121 | if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) { |
117 | logit("krb5_cc_gen_new(): %.100s", | 122 | logit("krb5_cc_gen_new(): %.100s", |
118 | krb5_get_err_text(krb_context, problem)); | 123 | krb5_get_err_text(krb_context, problem)); |
119 | return; | 124 | return; |
120 | } | 125 | } |
126 | #else | ||
127 | { | ||
128 | int tmpfd; | ||
129 | char ccname[40]; | ||
130 | |||
131 | snprintf(ccname, sizeof(ccname), | ||
132 | "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid()); | ||
133 | |||
134 | if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) { | ||
135 | logit("mkstemp(): %.100s", strerror(errno)); | ||
136 | problem = errno; | ||
137 | return; | ||
138 | } | ||
139 | if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) { | ||
140 | logit("fchmod(): %.100s", strerror(errno)); | ||
141 | close(tmpfd); | ||
142 | problem = errno; | ||
143 | return; | ||
144 | } | ||
145 | close(tmpfd); | ||
146 | if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) { | ||
147 | logit("krb5_cc_resolve(): %.100s", | ||
148 | krb5_get_err_text(krb_context, problem)); | ||
149 | return; | ||
150 | } | ||
151 | } | ||
152 | #endif /* #ifdef HEIMDAL */ | ||
121 | 153 | ||
122 | if ((problem = krb5_parse_name(krb_context, | 154 | if ((problem = krb5_parse_name(krb_context, |
123 | client->exportedname.value, &princ))) { | 155 | client->exportedname.value, &princ))) { |
@@ -148,6 +180,11 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
148 | client->store.envvar = "KRB5CCNAME"; | 180 | client->store.envvar = "KRB5CCNAME"; |
149 | client->store.envval = xstrdup(client->store.filename); | 181 | client->store.envval = xstrdup(client->store.filename); |
150 | 182 | ||
183 | #ifdef USE_PAM | ||
184 | if (options.use_pam) | ||
185 | do_pam_putenv(client->store.envvar,client->store.envval); | ||
186 | #endif | ||
187 | |||
151 | krb5_cc_close(krb_context, ccache); | 188 | krb5_cc_close(krb_context, ccache); |
152 | 189 | ||
153 | return; | 190 | return; |
@@ -418,6 +418,12 @@ do_exec_no_pty(Session *s, const char *command) | |||
418 | 418 | ||
419 | session_proctitle(s); | 419 | session_proctitle(s); |
420 | 420 | ||
421 | #ifdef GSSAPI | ||
422 | temporarily_use_uid(s->pw); | ||
423 | ssh_gssapi_storecreds(); | ||
424 | restore_uid(); | ||
425 | #endif | ||
426 | |||
421 | #if defined(USE_PAM) | 427 | #if defined(USE_PAM) |
422 | if (options.use_pam) { | 428 | if (options.use_pam) { |
423 | do_pam_session(s->pw->pw_name, NULL); | 429 | do_pam_session(s->pw->pw_name, NULL); |
@@ -428,12 +434,6 @@ do_exec_no_pty(Session *s, const char *command) | |||
428 | } | 434 | } |
429 | #endif /* USE_PAM */ | 435 | #endif /* USE_PAM */ |
430 | 436 | ||
431 | #ifdef GSSAPI | ||
432 | temporarily_use_uid(s->pw); | ||
433 | ssh_gssapi_storecreds(); | ||
434 | restore_uid(); | ||
435 | #endif | ||
436 | |||
437 | /* Fork the child. */ | 437 | /* Fork the child. */ |
438 | if ((pid = fork()) == 0) { | 438 | if ((pid = fork()) == 0) { |
439 | fatal_remove_all_cleanups(); | 439 | fatal_remove_all_cleanups(); |
@@ -553,6 +553,12 @@ do_exec_pty(Session *s, const char *command) | |||
553 | ptyfd = s->ptyfd; | 553 | ptyfd = s->ptyfd; |
554 | ttyfd = s->ttyfd; | 554 | ttyfd = s->ttyfd; |
555 | 555 | ||
556 | #ifdef GSSAPI | ||
557 | temporarily_use_uid(s->pw); | ||
558 | ssh_gssapi_storecreds(); | ||
559 | restore_uid(); | ||
560 | #endif | ||
561 | |||
556 | #if defined(USE_PAM) | 562 | #if defined(USE_PAM) |
557 | if (options.use_pam) { | 563 | if (options.use_pam) { |
558 | do_pam_session(s->pw->pw_name, s->tty); | 564 | do_pam_session(s->pw->pw_name, s->tty); |
@@ -560,12 +566,6 @@ do_exec_pty(Session *s, const char *command) | |||
560 | } | 566 | } |
561 | #endif | 567 | #endif |
562 | 568 | ||
563 | #ifdef GSSAPI | ||
564 | temporarily_use_uid(s->pw); | ||
565 | ssh_gssapi_storecreds(); | ||
566 | restore_uid(); | ||
567 | #endif | ||
568 | |||
569 | /* Fork the child. */ | 569 | /* Fork the child. */ |
570 | if ((pid = fork()) == 0) { | 570 | if ((pid = fork()) == 0) { |
571 | fatal_remove_all_cleanups(); | 571 | fatal_remove_all_cleanups(); |
@@ -31,6 +31,18 @@ | |||
31 | 31 | ||
32 | #include <gssapi.h> | 32 | #include <gssapi.h> |
33 | 33 | ||
34 | #ifdef KRB5 | ||
35 | #ifndef HEIMDAL | ||
36 | #include <gssapi_generic.h> | ||
37 | |||
38 | /* MIT Kerberos doesn't seem to define GSS_NT_HOSTBASED_SERVICE */ | ||
39 | |||
40 | #ifndef GSS_C_NT_HOSTBASED_SERVICE | ||
41 | #define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name | ||
42 | #endif /* GSS_C_NT_... */ | ||
43 | #endif /* !HEIMDAL */ | ||
44 | #endif /* KRB5 */ | ||
45 | |||
34 | /* draft-ietf-secsh-gsskeyex-06 */ | 46 | /* draft-ietf-secsh-gsskeyex-06 */ |
35 | #define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60 | 47 | #define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60 |
36 | #define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61 | 48 | #define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61 |
diff --git a/sshconnect1.c b/sshconnect1.c index 5e1802b10..5935e8b77 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -20,9 +20,6 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.55 2003/08/13 08:46:31 markus Exp $"); | |||
20 | 20 | ||
21 | #ifdef KRB5 | 21 | #ifdef KRB5 |
22 | #include <krb5.h> | 22 | #include <krb5.h> |
23 | #ifndef HEIMDAL | ||
24 | #define krb5_get_err_text(context,code) error_message(code) | ||
25 | #endif /* !HEIMDAL */ | ||
26 | #endif | 23 | #endif |
27 | 24 | ||
28 | #include "ssh.h" | 25 | #include "ssh.h" |
diff --git a/sshconnect2.c b/sshconnect2.c index c71ad506b..549853907 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -27,9 +27,6 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.121 2003/08/22 10:56:09 markus Exp $"); | |||
27 | 27 | ||
28 | #ifdef KRB5 | 28 | #ifdef KRB5 |
29 | #include <krb5.h> | 29 | #include <krb5.h> |
30 | #ifndef HEIMDAL | ||
31 | #define krb5_get_err_text(context,code) error_message(code) | ||
32 | #endif /* !HEIMDAL */ | ||
33 | #endif | 30 | #endif |
34 | 31 | ||
35 | #include "openbsd-compat/sys-queue.h" | 32 | #include "openbsd-compat/sys-queue.h" |