OpenSSH 3.8.1p1: call for testing

sxw at inf.ed.ac.uk sxw at inf.ed.ac.uk
Fri Apr 16 19:55:54 EST 2004 

On Fri, 16 Apr 2004, Darren Tucker wrote:

> Someone with more Kerberos knowledge than me (ie any at all :-) want to 
> comment?

The patch attached to your email only fixes the problem in the MIT 
Kerberos branch of the #ifdef. Given that we currently constrain ourselves 
to 'FILE' based ccname operations, the attached patch should probably do
the trick. It's based on a similar patch that was committed to the GSSAPI 
code to fix bug #698.

In the longer run, we should probably look at unifying the auth-krb5 and 
gss-serv-krb5 code to use common credentials cache handling routines. I'm 
planning on taking a look at this at some point.

Cheers,

Simon.


-------------- next part --------------
Index: auth.h
===================================================================
RCS file: /cvs/openssh/auth.h,v
retrieving revision 1.60
diff -u -r1.60 auth.h
--- auth.h	21 Feb 2004 23:22:05 -0000	1.60
+++ auth.h	16 Apr 2004 09:49:05 -0000
@@ -66,6 +66,7 @@
 	krb5_ccache	 krb5_fwd_ccache;
 	krb5_principal	 krb5_user;
 	char		*krb5_ticket_file;
+	char		*krb5_ccname;
 #endif
 	void		*methoddata;
 };
Index: session.c
===================================================================
RCS file: /cvs/openssh/session.c,v
retrieving revision 1.275
diff -u -r1.275 session.c
--- session.c	23 Feb 2004 13:01:27 -0000	1.275
+++ session.c	16 Apr 2004 09:49:05 -0000
@@ -1085,9 +1085,9 @@
 	}
 #endif
 #ifdef KRB5
-	if (s->authctxt->krb5_ticket_file)
+	if (s->authctxt->krb5_ccname)
 		child_set_env(&env, &envsize, "KRB5CCNAME",
-		    s->authctxt->krb5_ticket_file);
+		    s->authctxt->krb5_ccname);
 #endif
 #ifdef USE_PAM
 	/*
Index: auth-krb5.c
===================================================================
RCS file: /cvs/openssh/auth-krb5.c,v
retrieving revision 1.21
diff -u -r1.21 auth-krb5.c
--- auth-krb5.c	22 Nov 2003 01:11:06 -0000	1.21
+++ auth-krb5.c	16 Apr 2004 09:49:05 -0000
@@ -70,6 +70,7 @@
 #endif
 	krb5_error_code problem;
 	krb5_ccache ccache = NULL;
+	int len;
 
 	if (!authctxt->valid)
 		return (0);
@@ -175,6 +176,9 @@
 
 	authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
 
+	len = strlen(authctxt->krb5_ticket_file) + 6;
+	authctxt->krb5_ccname = xmalloc(len);
+	snprintf(authctxt->krb5_ccname, len, "FILE:%s",authctxt->krb5_ticket_file);
  out:
 	restore_uid();

More information about the openssh-unix-dev mailing list