#567708 openssh: FTPFS with heimdal < 1.3.0

#567708#5
Date:
2010-01-30 20:37:07 UTC
From:
To:
Hi,

when trying to build openssh with heimdal < 13.0 it fails
because heimdal misses the krb5_free_unparsed_name() function,
that gets called by OpenSSH since version 5.2p1.

According to https://roundup.it.su.se/jira/browse/HEIMDAL-626
one possible solution is to simply call krb5_xfree() instead,
as I did in the attchaed patch, that I have in use since 5.2p1
came out (sorry I was lazy in reporting it).

Perhaps te better alternative is to depend on heimdal >= 1.3.0,
as I do not know whether the aptch works for all architectures.

Thanks for maintaining openssh in Debian
Peter

#567708#10
Date:
2010-01-30 23:12:54 UTC
From:
To:
[...]

As far as the Debian package goes, I'd be OK with applying something
like this to make it cope with Heimdal.  However, I would prefer a
slightly neater patch if possible, in two ways:

  * Is there a way to detect Heimdal's version at compile-time, so that
    we can use krb5_free_unparsed_name if it's available?  Or is that
    bad because it's marked deprecated?  (Incidentally I don't
    understand how the description of when the difference matters
    matches up with it being deprecated, but maybe I just don't
    understand Heimdal well enough.)

  * Can we use something more like this as the inside of the
    conditional:

    #define krb5_free_unparsed_name(krb_context, name) krb5_xfree(name)

    ... so that the compatibility kludge is confined to the top of the
    file rather than being in the middle of the logic?

CCing Simon Wilkinson (upstream for the GSSAPI patch).

Thanks,

#567708#15
Date:
2010-01-30 23:22:20 UTC
From:
To:
I'll fix this upstream, I think the best thing to do is to have a configure test for krb5_free_unparsed_name, and use krb5_xfree if it's not available.

However, I'm a little concerned that when Love added the new function, he's marked it deprecated. I've emailed him to find out if there's something that should be used instead.

However, if I don't get to this in time for your release schedule, using krb5_xfree on Heimdal will be fine.

Cheers,

Simon.

#567708#20
Date:
2010-01-30 23:35:06 UTC
From:
To:
Thanks.

Likewise ...

I don't think we have a release schedule concern here.  We're building
with MIT Kerberos by default, but Heimdal is permitted as an alternate
build-dependency for people building things for themselves.

#567708#27
Date:
2010-01-31 02:29:29 UTC
From:
To:
Simon Wilkinson <simon@sxw.org.uk> writes:

I suspect it's deprecated just because Heimdal has a different memory
management API technique than MIT Kerberos.  MIT adds free functions for
every type of allocated memory, whereas Heimdal collects the random simple
frees into krb5_xfree, which simplifies the interface somewhat.  If you're
writing solely to Heimdal's API, there's no reason to use the more
specific function.

#567708#32
Date:
2010-01-31 02:31:13 UTC
From:
To:
Colin Watson <cjwatson@debian.org> writes:

The description of when the difference matters is, I believe, actually the
description of why the free function exists at all instead of calling
free().  Since the return value is a simple char *, the obvious thing to
do would be for the caller to just call free().  This isn't done because,
on Windows, the free() has to be done by the same object that did the
memory allocation, so you need a library API for the free.

I don't think that comment was intended to have anything to do with the
difference between krb5_free_unparsed_name and krb5_xfree.