From f60845fde29cead9d75e812db1c04916b4c58ffd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 2 Jun 2013 08:07:31 +1000 Subject: - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c openbsd-compat/port-linux.c] Replace portable-specific instances of xfree with the equivalent calls to free. --- auth-krb5.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'auth-krb5.c') diff --git a/auth-krb5.c b/auth-krb5.c index 922c66c66..ff1462ad1 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -181,8 +181,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) out: restore_uid(); - if (platform_client != NULL) - xfree(platform_client); + free(platform_client); if (problem) { if (ccache) -- cgit v1.2.3 From 63ddc899d28cf60045b560891894b9fbf6f822e9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 20 Jul 2013 13:35:45 +1000 Subject: - djm@cvs.openbsd.org 2013/07/20 01:55:13 [auth-krb5.c gss-serv-krb5.c gss-serv.c] fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@ --- ChangeLog | 3 +++ auth-krb5.c | 21 +++++++++++++-------- gss-serv-krb5.c | 44 +++++++++++++++++++++++++------------------- gss-serv.c | 4 ++-- 4 files changed, 43 insertions(+), 29 deletions(-) (limited to 'auth-krb5.c') diff --git a/ChangeLog b/ChangeLog index dc6ea90ef..dc2f73bd9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,9 @@ [ssh-agent.c] call cleanup_handler on SIGINT when in debug mode to ensure sockets are cleaned up on manual exit; bz#2120 + - djm@cvs.openbsd.org 2013/07/20 01:55:13 + [auth-krb5.c gss-serv-krb5.c gss-serv.c] + fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@ 20130718 - (djm) OpenBSD CVS Sync diff --git a/auth-krb5.c b/auth-krb5.c index ff1462ad1..43ee9272f 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */ /* * Kerberos v5 authentication and ticket-passing routines. * @@ -79,6 +79,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) krb5_ccache ccache = NULL; int len; char *client, *platform_client; + const char *errmsg; /* get platform-specific kerberos client principal name (if it exists) */ platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); @@ -96,7 +97,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password) goto out; #ifdef HEIMDAL - problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); + problem = krb5_cc_new_unique(authctxt->krb5_ctx, + krb5_mcc_ops.prefix, NULL, &ccache); if (problem) goto out; @@ -115,8 +117,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; - problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, - &authctxt->krb5_fwd_ccache); + problem = krb5_cc_new_unique(authctxt->krb5_ctx, + krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache); if (problem) goto out; @@ -187,10 +189,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (ccache) krb5_cc_destroy(authctxt->krb5_ctx, ccache); - if (authctxt->krb5_ctx != NULL && problem!=-1) - debug("Kerberos password authentication failed: %s", - krb5_get_err_text(authctxt->krb5_ctx, problem)); - else + if (authctxt->krb5_ctx != NULL && problem!=-1) { + errmsg = krb5_get_error_message(authctxt->krb5_ctx, + problem); + debug("Kerberos password authentication failed: %s", + errmsg); + krb5_free_error_message(authctxt->krb5_ctx, errmsg); + } else debug("Kerberos password authentication failed: %d", problem); diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 5a625acb8..87f26831a 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -48,12 +48,11 @@ extern ServerOptions options; #ifdef HEIMDAL # include -#else -# ifdef HAVE_GSSAPI_KRB5_H -# include -# elif HAVE_GSSAPI_GSSAPI_KRB5_H -# include -# endif +#endif +#ifdef HAVE_GSSAPI_KRB5_H +# include +#elif HAVE_GSSAPI_GSSAPI_KRB5_H +# include #endif static krb5_context krb_context = NULL; @@ -87,14 +86,16 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) { krb5_principal princ; int retval; + const char *errmsg; if (ssh_gssapi_krb5_init() == 0) return 0; if ((retval = krb5_parse_name(krb_context, client->exportedname.value, &princ))) { - logit("krb5_parse_name(): %.100s", - krb5_get_err_text(krb_context, retval)); + errmsg = krb5_get_error_message(krb_context, retval); + logit("krb5_parse_name(): %.100s", errmsg); + krb5_free_error_message(krb_context, errmsg); return 0; } if (krb5_kuserok(krb_context, princ, name)) { @@ -120,6 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) krb5_principal princ; OM_uint32 maj_status, min_status; int len; + const char *errmsg; if (client->creds == NULL) { debug("No credentials stored"); @@ -130,30 +132,34 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) return; #ifdef HEIMDAL - if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) { - logit("krb5_cc_gen_new(): %.100s", - krb5_get_err_text(krb_context, problem)); + if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix, + NULL, &ccache)) != 0) { + errmsg = krb5_get_error_message(krb_context, problem); + logit("krb5_cc_new_unique(): %.100s", errmsg); + krb5_free_error_message(krb_context, errmsg); return; } #else if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { - logit("ssh_krb5_cc_gen(): %.100s", - krb5_get_err_text(krb_context, problem)); + errmsg = krb5_get_error_message(krb_context, problem); + logit("ssh_krb5_cc_gen(): %.100s", errmsg); + krb5_free_error_message(krb_context, errmsg); return; } #endif /* #ifdef HEIMDAL */ if ((problem = krb5_parse_name(krb_context, client->exportedname.value, &princ))) { - logit("krb5_parse_name(): %.100s", - krb5_get_err_text(krb_context, problem)); - krb5_cc_destroy(krb_context, ccache); + errmsg = krb5_get_error_message(krb_context, problem); + logit("krb5_parse_name(): %.100s", errmsg); + krb5_free_error_message(krb_context, errmsg); return; } if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) { - logit("krb5_cc_initialize(): %.100s", - krb5_get_err_text(krb_context, problem)); + errmsg = krb5_get_error_message(krb_context, problem); + logit("krb5_cc_initialize(): %.100s", errmsg); + krb5_free_error_message(krb_context, errmsg); krb5_free_principal(krb_context, princ); krb5_cc_destroy(krb_context, ccache); return; diff --git a/gss-serv.c b/gss-serv.c index c719c1306..95348e251 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -50,7 +50,7 @@ static ssh_gssapi_client gssapi_client = { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; + GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}}; ssh_gssapi_mech gssapi_null_mech = { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL}; -- cgit v1.2.3 From f3ab2c5f9cf4aed44971eded3ac9eeb1344b2be5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 4 Aug 2013 21:48:41 +1000 Subject: - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support for building with older Heimdal versions. ok djm. --- ChangeLog | 4 ++++ auth-krb5.c | 9 +++++++++ configure.ac | 9 +++++++-- openbsd-compat/bsd-misc.h | 10 +++++++++- 4 files changed, 29 insertions(+), 3 deletions(-) (limited to 'auth-krb5.c') diff --git a/ChangeLog b/ChangeLog index fdce70566..997c5b54d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20130804 + - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support + for building with older Heimdal versions. ok djm. + 20130801 - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non- blocking connecting socket will clear any stored errno that might diff --git a/auth-krb5.c b/auth-krb5.c index 43ee9272f..7c83f597f 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -97,8 +97,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password) goto out; #ifdef HEIMDAL +# ifdef HAVE_KRB5_CC_NEW_UNIQUE problem = krb5_cc_new_unique(authctxt->krb5_ctx, krb5_mcc_ops.prefix, NULL, &ccache); +# else + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); +# endif if (problem) goto out; @@ -117,8 +121,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; +# ifdef HAVE_KRB5_CC_NEW_UNIQUE problem = krb5_cc_new_unique(authctxt->krb5_ctx, krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache); +# else + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, + &authctxt->krb5_fwd_ccache); +# endif if (problem) goto out; diff --git a/configure.ac b/configure.ac index e6ec2768f..4a1b50331 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.535 2013/06/11 01:26:10 dtucker Exp $ +# $Id: configure.ac,v 1.536 2013/08/04 11:48:41 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.535 $) +AC_REVISION($Revision: 1.536 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -3806,6 +3806,11 @@ AC_ARG_WITH([kerberos5], # include #endif ]]) + saved_LIBS="$LIBS" + LIBS="$LIBS $K5LIBS" + AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) + LIBS="$saved_LIBS" + fi ] ) diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 9ebd83c3a..65c18ec2f 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.24 2013/05/29 22:29:09 dtucker Exp $ */ +/* $Id: bsd-misc.h,v 1.25 2013/08/04 11:48:41 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller @@ -114,4 +114,12 @@ pid_t getpgid(pid_t); # define endgrent() {} #endif +#ifndef HAVE_KRB5_GET_ERROR_MESSAGE +# define krb5_get_error_message krb5_get_err_text +#endif + +#ifndef HAVE_KRB5_FREE_ERROR_MESSAGE +# define krb5_free_error_message(a,b) while(0) +#endif + #endif /* _BSD_MISC_H */ -- cgit v1.2.3