Re: Use of PKINIT from PAM

["Douglas E. Engert" <deengert@anl.gov>]

Love Hörnquist Åstrand wrote:

> So your patch seems mostly ok, I've applied it with modification to the
> prompter function. 

I downloaded the 20050502 version, and the patch looks good. I did make
one change to pkinit.c It looks like the malloc should use length
as the password_data.length is not initialized yet.

--- ./lib/krb5/,pkinit.c	Sat Apr 30 11:12:18 2005
+++ ./lib/krb5/pkinit.c	Mon May  2 09:01:35 2005
@@ -160,7 +160,7 @@
      case UIT_VERIFY:
      case UIT_PROMPT:
  	length = UI_get_result_maxsize(uis);
-	buffer = malloc(password_data.length);
+	buffer = malloc(length);
  	if (buffer == NULL) {
  	    krb5_set_error_string(ui_data->context, "malloc: out of memory");
  	    return 0;

I was having a problem with the configure for the pam_krb5 trying to find the
krb5 lib. It looks like it is a problem with the use of strlcpy in com_err.c
and without -lcom_err in krb5_config. Something to do with the roken library?
With the changes the pam configure is happy.

--- ./lib/com_err/,com_err.c	Sun Apr 24 14:42:39 2005
+++ ./lib/com_err/com_err.c	Mon May  2 14:19:32 2005
@@ -56,7 +56,7 @@
  	    p = strerror(code);
      }
      if (p != NULL && *p != '\0') {
-	strlcpy(msg, p, sizeof(msg));
+	strncpy(msg, p, sizeof(msg));
      } else
  	snprintf(msg, sizeof(msg), "Unknown error %ld", code);
      return msg;
--- ./tools/,krb5-config.in	Mon Sep  9 17:29:06 2002
+++ ./tools/krb5-config.in	Mon May  2 15:18:29 2005
@@ -99,7 +99,7 @@
  	lib_flags="$lib_flags -lkadm5srv"
  	;;
      esac
-    lib_flags="$lib_flags -lkrb5 -lasn1 @LIB_des_appl@ -lroken"
+    lib_flags="$lib_flags -lkrb5 -lasn1 -lcom_err @LIB_des_appl@ -lroken"
      lib_flags="$lib_flags @LIB_crypt@ @LIB_dbopen@ @LIBS@"
      echo $lib_flags
  fi







-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444