thanks
Date: Tue, 08 May 2007 10:37:38 -0400
In-Reply-To: <[EMAIL PROTECTED]> (Jon DeVree's message of
"Tue, 8 May 2007 03:20:41 -0400")
Message-ID: <[EMAIL PROTECTED]>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Ah. I think I have an idea here.
First, I'd strongly recommend pam_krb5 instead of
KerberosAuthentication in sshd_config.
But I believe I can fix the problem you're seeing there too.
If you get a chance to try the following patch it would be
appreciated. If you aren't sufficiently familiar building Debian
packages I'll try to upload this reasonably soon.
Index: src/include/k5-int.h
===================================================================
--- src/include/k5-int.h (revision 19537)
+++ src/include/k5-int.h (revision 19538)
@@ -1048,9 +1048,9 @@
#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
#define krb5_gic_opt_is_extended(s) \
- (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
+ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
#define krb5_gic_opt_is_shadowed(s) \
- (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
+ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
typedef struct _krb5_gic_opt_private {
Index: src/lib/krb5/krb/gic_opt.c
===================================================================
--- src/lib/krb5/krb/gic_opt.c (revision 19537)
+++ src/lib/krb5/krb/gic_opt.c (revision 19538)
@@ -206,8 +206,18 @@
oe = krb5int_gic_opte_alloc(context);
if (NULL == oe)
return ENOMEM;
- memcpy(oe, opt, sizeof(*opt));
- /* Fix these -- overwritten by the copy */
+
+ if (opt)
+ memcpy(oe, opt, sizeof(*opt));
+
+ /*
+ * Fix the flags -- the EXTENDED flag would have been
+ * overwritten by the copy if there was one. The
+ * SHADOWED flag is necessary to ensure that the
+ * krb5_gic_opt_ext structure that was allocated
+ * here will be freed by the library because the
+ * application is unaware of its existence.
+ */
oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
KRB5_GET_INIT_CREDS_OPT_SHADOWED);
Property changes on: .
___________________________________________________________________
Name: svk:merge
- 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:20009
304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339
dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199
dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581
dc483132-0cff-0310-8789-dd5450dbe970:/trunk:18744
+ 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:20016
304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339
dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199
dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581
dc483132-0cff-0310-8789-dd5450dbe970:/trunk:18744
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
