Hi, when trying to build openssh with heimdal < 13.0 it fails because heimdal misses the krb5_free_unparsed_name() function, that gets called by OpenSSH since version 5.2p1. According to https://roundup.it.su.se/jira/browse/HEIMDAL-626 one possible solution is to simply call krb5_xfree() instead, as I did in the attchaed patch, that I have in use since 5.2p1 came out (sorry I was lazy in reporting it). Perhaps te better alternative is to depend on heimdal >= 1.3.0, as I do not know whether the aptch works for all architectures. Thanks for maintaining openssh in Debian Peter
[...]
As far as the Debian package goes, I'd be OK with applying something
like this to make it cope with Heimdal. However, I would prefer a
slightly neater patch if possible, in two ways:
* Is there a way to detect Heimdal's version at compile-time, so that
we can use krb5_free_unparsed_name if it's available? Or is that
bad because it's marked deprecated? (Incidentally I don't
understand how the description of when the difference matters
matches up with it being deprecated, but maybe I just don't
understand Heimdal well enough.)
* Can we use something more like this as the inside of the
conditional:
#define krb5_free_unparsed_name(krb_context, name) krb5_xfree(name)
... so that the compatibility kludge is confined to the top of the
file rather than being in the middle of the logic?
CCing Simon Wilkinson (upstream for the GSSAPI patch).
Thanks,
I'll fix this upstream, I think the best thing to do is to have a configure test for krb5_free_unparsed_name, and use krb5_xfree if it's not available. However, I'm a little concerned that when Love added the new function, he's marked it deprecated. I've emailed him to find out if there's something that should be used instead. However, if I don't get to this in time for your release schedule, using krb5_xfree on Heimdal will be fine. Cheers, Simon.
Thanks. Likewise ... I don't think we have a release schedule concern here. We're building with MIT Kerberos by default, but Heimdal is permitted as an alternate build-dependency for people building things for themselves.
Simon Wilkinson <simon@sxw.org.uk> writes: I suspect it's deprecated just because Heimdal has a different memory management API technique than MIT Kerberos. MIT adds free functions for every type of allocated memory, whereas Heimdal collects the random simple frees into krb5_xfree, which simplifies the interface somewhat. If you're writing solely to Heimdal's API, there's no reason to use the more specific function.
Colin Watson <cjwatson@debian.org> writes: The description of when the difference matters is, I believe, actually the description of why the free function exists at all instead of calling free(). Since the return value is a simple char *, the obvious thing to do would be for the caller to just call free(). This isn't done because, on Windows, the free() has to be done by the same object that did the memory allocation, so you need a library API for the free. I don't think that comment was intended to have anything to do with the difference between krb5_free_unparsed_name and krb5_xfree.