WebSVN - lsh - Path Comparison - / Rev 134 and / Rev 135

Ignore whitespace Rev 134 → Rev 135

 /trunk/debian/changelog
 ,3 → 1,11
+lsh-utils (2.1-8) unstable; urgency=low
+  * Build with MIT Kerberos instead of Heimdal (Closes: #806266, #812813).
+    Note: the Kerberos password helper has limited functionality and is
+    not recommended to use.
+ -- Magnus Holmgren <holmgren@debian.org>  Sun, 07 Feb 2016 21:11:10 +0100
 lsh-utils (2.1-7) unstable; urgency=low
   * nettle3.patch: fix pointer type mismatches, mainly changing length

 /trunk/debian/control
 ,7 → 6,7
 Standards-Version: 3.9.6
 Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf, dh-systemd (>= 1.5), automake,
  libgmp-dev, zlib1g-dev | libz-dev, liboop-dev, libxau-dev, nettle-dev (>= 3.0~), nettle-bin,
- texinfo (>= 4.2), heimdal-dev, libwrap0-dev | libwrap-dev,
+ texinfo (>= 4.2), libkrb5-dev, libwrap0-dev | libwrap-dev,
  libpam0g-dev | libpam-dev, libreadline-dev, m4
 Homepage: http://www.lysator.liu.se/~nisse/lsh/

 /trunk/debian/patches/mit-kerberos.patch
 ,0 → 1,61
+Description: Modify lsh-krb-checkpw to work with MIT Kerberos instead of Heimdal.
+ Building with the latest release of Heimdal (as of February 2016)
+ fails and their maintainers want to orphan it.
+Bug: https://bugs.debian.org/812813
+--- a/configure.ac
++++ b/configure.ac
+@@ -475,7 +475,7 @@ if test x$enable_kerberos = xyes; then
+   LSH_CHECK_KRB_LIB(asn1, der_get_octet_string)
+   # Check for krb5_cc_gen_new too?
+   # krb5_verify_user_lrealm seems to be unique to heimdal
+-  LSH_CHECK_KRB_LIB(krb5, krb5_verify_user_lrealm,, [enable_kerberos=no])
++  LSH_CHECK_KRB_LIB(krb5, krb5_get_init_creds_password,, [enable_kerberos=no])
+ fi
+ AH_TEMPLATE([WITH_KERBEROS], [For kerberos])
+--- a/src/lsh-krb-checkpw.c
++++ b/src/lsh-krb-checkpw.c
+@@ -97,6 +97,8 @@ main(int argc, char **argv)
+   krb5_context context;
+   krb5_ccache ccache;
+   krb5_principal p;
++  krb5_creds creds;
++  krb5_principal server;
+   char *name;
+   char *pw;
+@@ -121,18 +123,31 @@ main(int argc, char **argv)
+   if (krb5_init_context (&context))
+     die("krb5_init_context failed.");
+-  if (krb5_make_principal(context, &p, NULL, name, NULL))
+-    die("krb5_make_principal failed.");
++  if (krb5_parse_name(context, name, &p)) {
++    die("krb5_parse_name failed.");
++  }
++
++  if (krb5_get_init_creds_password(context, &creds, p, pw,
++                                  NULL, NULL, 0, NULL, NULL)) {
++      die("krb5_get_init_creds_password failed.");
++  }
++
++  if (krb5_verify_init_creds(context, &creds, server,
++                            NULL, NULL, NULL)) {
++      die("krb5_verify_init_creds failed");
++  }
+   if (!krb5_kuserok(context, p, name))
+     die("krb5_kuserok doesn't know the user.");
++  /*
+   if (krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache))
+     die("krb5_cc_gen_new failed.");
+   if (krb5_verify_user_lrealm(context, p, ccache, pw, TRUE, NULL))
+     die("krb5_verify_user_lrealm failed.");
++  */
+   /* Authentication successful. */
+   /* TODO: Keep the credential cache in some way. Perhaps write it to

Subversion Repositories lsh

Compare Revisions

Ignore whitespace Rev 134 → Rev 135

/trunk/debian/patches/series
5,3 → 5,4
bsd_connreset_test_fail.patch
skip-argp.patch
nettle3.patch
mit-kerberos.patch