OPenAFS and OpenSSH replacing kafs

Mon Mar 1 00:27:00 EST 2004

* Ben Lindstrom [2004-02-28 18:36:03 -0600]:
> I have patches for OS/X to compile.  I'll work on finalizing this because
> some of this needs to go upstream (I plan on gutting  the krb5_init_ets()
> since it is a private API and is not needed on most systems).  I need to
> track down why extactly zlib.h hates being where it is, but this at least
> is a workaround.

The Kerberos framework includes <TargetConditionals.h> which defines
TARGET_OS_MAC, and /usr/include/zconv.h inexplicably suppresses the
"typedef unsigned char Byte;" line in that case. Looks like a simple
case of broken headers. For my builds I'll just copy zlib.h and zconv.h
to the build directory, patch the copy of zconv.h and continue. Your
solution of including zlib.h before krb5.h is probably also OK as a
workaround.

Your patches seem to be missing the SessionCreate() calls to the
Security framework (the moral equivalent to setpag() I believe).
Also, Michaud's patch was using the CCache API to manage the Kerberos
credentials when linking against the Kerberos framework. That sort of
detail could make the difference between "compiles" and "works". But
we'll see; I'll try to find time to work on this on Monday.

> 
> - Ben
> 
> Index: auth-krb5.c
> ===================================================================
> RCS file: /var/cvs/openssh/auth-krb5.c,v
> retrieving revision 1.21
> diff -u -r1.21 auth-krb5.c
> --- auth-krb5.c	22 Nov 2003 01:11:06 -0000	1.21
> +++ auth-krb5.c	24 Feb 2004 07:13:56 -0000
> @@ -54,7 +54,9 @@
>  		problem = krb5_init_context(&authctxt->krb5_ctx);
>  		if (problem)
>  			return (problem);
> +#ifndef __APPLE__ /* XXX OS/X claims to not need this */
>  		krb5_init_ets(authctxt->krb5_ctx);
> +#endif
>  	}
>  	return (0);
>  }
> Index: gss-serv-krb5.c
> ===================================================================
> RCS file: /var/cvs/openssh/gss-serv-krb5.c,v
> retrieving revision 1.5
> diff -u -r1.5 gss-serv-krb5.c
> --- gss-serv-krb5.c	23 Feb 2004 23:37:33 -0000	1.5
> +++ gss-serv-krb5.c	24 Feb 2004 07:13:59 -0000
> @@ -65,7 +65,9 @@
>  		logit("Cannot initialize krb5 context");
>  		return 0;
>  	}
> +#ifndef __APPLE__ /* Apple Claims OS/X does not need it */
>  	krb5_init_ets(krb_context);
> +#endif
> 
>  	return 1;
>  }
> Index: monitor.c
> ===================================================================
> RCS file: /var/cvs/openssh/monitor.c,v
> retrieving revision 1.64
> diff -u -r1.64 monitor.c
> --- monitor.c	6 Feb 2004 05:40:27 -0000	1.64
> +++ monitor.c	24 Feb 2004 07:14:01 -0000
> @@ -33,11 +33,12 @@
>  #include <skey.h>
>  #endif
> 
> +#include "zlib.h"
> +
>  #include "ssh.h"
>  #include "auth.h"
>  #include "kex.h"
>  #include "dh.h"
> -#include "zlib.h"
>  #include "packet.h"
>  #include "auth-options.h"
>  #include "sshpty.h"
> Index: monitor_wrap.c
> ===================================================================
> RCS file: /var/cvs/openssh/monitor_wrap.c,v
> retrieving revision 1.40
> diff -u -r1.40 monitor_wrap.c
> --- monitor_wrap.c	21 Nov 2003 12:56:47 -0000	1.40
> +++ monitor_wrap.c	24 Feb 2004 07:14:02 -0000
> @@ -30,6 +30,8 @@
>  #include <openssl/bn.h>
>  #include <openssl/dh.h>
> 
> +#include "zlib.h"
> +
>  #include "ssh.h"
>  #include "dh.h"
>  #include "kex.h"
> @@ -40,7 +42,6 @@
>  #include "packet.h"
>  #include "mac.h"
>  #include "log.h"
> -#include "zlib.h"
>  #include "monitor.h"
>  #include "monitor_wrap.h"
>  #include "xmalloc.h"
> 