updated gssapi diff
Douglas E. Engert
deengert at anl.gov
Wed Aug 13 04:55:30 EST 2003
Here is the updated diff for the gss-serv-krb5.c as applied against the
openssh-SNAP-20030809 so it will work with the MIT GSSAPI.
The code is substantially the same code as found in auth-krb5.c
The patch applied smoothly accept with monitor.h. which was easily corrected
by hand.)
This was compiled and tested on Solaris 5.7. with MIT krb5-1.2.8.
Simple tests using this ssh and sshd against OpenSSH-3.6.1p2 with Simon's
full mods and the sshd with the SecureCRT Windows client appear to work
as expected.
--- ,gss-serv-krb5.c Tue Aug 12 11:32:35 2003
+++ gss-serv-krb5.c Tue Aug 12 13:03:47 2003
@@ -40,6 +40,11 @@
#include <krb5.h>
+#ifndef HEIMDAL
+#include <gssapi_krb5.h>
+#define krb5_get_err_text(context,code) error_message(code)
+#endif
+
static krb5_context krb_context = NULL;
/* Initialise the krb5 library, for the stuff that GSSAPI won't do */
@@ -113,7 +118,32 @@
if (ssh_gssapi_krb5_init() == 0)
return;
- if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
+#ifdef HEIMDAL
+ problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache);
+#else
+{
+ char ccname[40];
+ int tmpfd;
+
+ snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
+
+ if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
+ logit("mkstemp(): %.100s", strerror(errno));
+ problem = errno;
+ return;
+ }
+ if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
+ logit("fchmod(): %.100s", strerror(errno));
+ close(tmpfd);
+ problem = errno;
+ return;
+ }
+ close(tmpfd);
+ problem = krb5_cc_resolve(krb_context, ccname, &ccache);
+}
+#endif
+
+ if (problem) {
logit("krb5_cc_gen_new(): %.100s",
krb5_get_err_text(krb_context, problem));
return;
More information about the openssh-unix-dev
mailing list