[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: 1.0.1 compile on OS X 10.5



> On Dec 3, 2007, at 2:52 AM, Måns Nilsson wrote:
>> --On måndag, måndag 26 nov 2007 11.26.28 -0800 "Henry B. Hotz"
>> <hotz@jpl.nasa.gov> wrote:
>>
>>> Does it work with "FILE:" ccaches?  (Does it only fail with the  
>>> default
>>> "API:" ccache?)
>>
>> No, I believe I tested that.

Possibly relevant.  Note that his patch follows recommendation made  
on the MIT Kerb list.

Begin forwarded message:

> From: John Bowers <John.Bowers@quest.com>
> Date: November 26, 2007 12:19:16 PM PST
> To: "'hotz@jpl.nasa.gov'" <hotz@jpl.nasa.gov>
> Subject: FW: 1.0.1 compile on OS X 10.5
>
>> Does it work with "FILE:" ccaches?  (Does
>> it only fail with the default "API:" ccache?)
>
> I responded earlier with the following response, but it appears I  
> am not authorized to post to the heimdal-discuss list.  If you use  
> Leopard with Heimdal I am sure you going to run into this (until  
> Apple fixes it at any rate). I spent quite a bit of time figuring  
> this problem out, so I was hoping others wouldn't need to go  
> through the pain.  You seem to be a prominent Apple poster on the  
> list, so you might find this patch useful.
>
> (in answer to your question, if the problem is what I think it is  
> then this problem would only ever occur with "API:" ccaches)
>
> Hope you find this useful.
>
> --
> John Bowers
> Software Engineer
> Quest Software
> 801-655-2522
>
> -----Original Message-----
> From: John Bowers
> Sent: Monday, November 26, 2007 10:37 AM
> To: heimdal-discuss@sics.se; Måns Nilsson
> Subject: RE: 1.0.1 compile on OS X 10.5
>
> I believe I have run into this problem as well.  I tracked my  
> problem down to a failure in the ccapi set_credentials call.  I  
> reported this to apple, and they seem to acknowledge that they have  
> a bug in their ccapi implementation on 10.5.  Since the Heimdal API  
> ccache implementation relies on the ccapi, this bug affects Heimdal.
>
>
>
> I have a test I created that demonstrates this problem on OSX  
> 10.5.  The same test executes successfully on 10.4.  I will attach  
> the test for anyone who might be interested, just run the attached  
> shell script to build the test.
>
>
>
> I also put together a patch that worked around this problem for  
> me.  If your problem is the same as mine (as it appears to be) it  
> might solve your problem as well.
>
>
>
> Essentially the patch involves initializing the ccache by deleting  
> the entire ccache (if it existed previously) and recreating it,  
> instead of iterating the contents and removing them and then  
> calling the faulty set_principal function on the ccache.
>
>
>
> Presumably Apple will fix this issue eventually, but as it doesn't  
> affect their utilities they may be slow about it.
>
>
>
> --
>
> John Bowers
>
> Software Engineer
>
> Quest Software
>
> 801-655-2522
>
>
> ________________________________________
> From: Måns Nilsson [mansaxel@kthnoc.net]
> Sent: Sunday, November 25, 2007 4:21 AM
> To: heimdal-discuss@sics.se
> Subject: Re: 1.0.1 compile on OS X 10.5
>
> --On fredag, fredag 9 nov 2007 09.39.47 +0100 Måns Nilsson
> <mansaxel@kthnoc.net> wrote:
>
>> Hi,
>>
>> just reinstalled (fresh, no upgrade) my ppc macmini and am trying  
>> to get
>> back my life.
>>
>> Heimdal gives me some trouble:
>
> With svn head checked out (version 22087), autoreconfigured and so
> according to h5l.se, it builds (yay!) but I get:
>
> bash-3.2# kauth --version
> kauth (Heimdal 1.0.99)
> Copyright 1995-2007 Kungliga Tekniska H�gskolan
> Send bug-reports to heimdal-bugs@h5l.se
> bash-3.2# kauth mansaxel
> mansaxel@KTHNOC.NET's Password:
> kauth: krb5_cc_initialize: Internal file credentials cache error
> bash-3.2#
>
> But, once I buy a ticket with Apple-supplied MIT kinit, I can use  
> it with
> heimdal apps, like telnet.
>
> More info on request.
> --
> Måns Nilsson                     Systems Specialist
> +46 70 681 7204   cell                       KTHNOC
> +46 8 790 6518  office                  MN1334-RIPE
>
> I Know A Joke
#include <stdio.h>
#include <CredentialsCache.h>
#include <stdlib.h>

typedef cc_int32 (*cc_initialize_func)(cc_context_t*, cc_int32, cc_int32 *, char const **);

struct cc_context_t {
    const struct cc_context_functions* func;
};

typedef struct krb5_acc {
    char *cache_name;
    cc_context_t context;
    cc_ccache_t ccache;
} krb5_acc;

#define ACACHE(X) ((krb5_acc *)(X)->data.data)

static int
translate_cc_error( cc_int32 error, char* error_string )
{
    if( error_string )
    {
        fprintf( stderr, error_string );
    }
    else
    if( error != ccNoError ) 
    {
        fprintf( stderr, "Unknown CCAPI error %d", error );
    }
    fprintf( stderr, "\n" );
    return -1;
}

int main( int argc, char* argv[])
{
    void*                      cc_handle = NULL;
    cc_initialize_func         init_func;
    krb5_acc*                  a = NULL;
    cc_int32                   error = 0;
    cc_credentials_iterator_t  iter;
    int                        ret = 0;
    char*                      error_string = NULL;
    char*                      name = "bob@EXAMPLE.COM";

    a = malloc( sizeof(krb5_acc) );
    cc_handle = (void*)dlopen( "/System/Library/Frameworks/Kerberos.framework/Kerberos", 0);
    if( cc_handle == NULL )
    {
        fprintf( stderr, "Failed to dlopen kerberos library\n" );
    }
    init_func = (void*)dlsym(cc_handle, "cc_initialize");
    (*init_func)(&a->context, ccapi_version_3, NULL, NULL);
    error = (*a->context->functions->open_default_ccache)(a->context, &a->ccache);
    if (error==ccErrCCacheNotFound)
    {
        error = (*a->context->functions->create_default_ccache)(a->context,  
                                                                cc_credentials_v5,
                                                                name,
                                                                &a->ccache);
        if( error )
        {
            asprintf( &error_string,
                      "api ccache: create default ccache failed with %d", error );
            ret = translate_cc_error(error, error_string);
            if( error_string ) free( error_string );
            dlclose( cc_handle );
            return ret;
        }
    }
    else
    if( error ) 
    { 
        asprintf( &error_string,
                  "api ccache: open default ccache failed with %d", error );
         ret = translate_cc_error(error, error_string);
         if( error_string ) free( error_string );
         dlclose( cc_handle );
         return ret;
    }
    error = (*a->ccache->functions->new_credentials_iterator)(a->ccache, &iter);
    if (error)
    {
         asprintf( &error_string,
                   "api ccache: new_credentials_iterator failed with % d",
                   error );
         ret = translate_cc_error(error, error_string);
         if( error_string ) free( error_string );
         dlclose( cc_handle );
         return ret;
    }
    while (1) 
    {
        cc_credentials_t ccred;
        error = (*iter->functions->next)(iter, &ccred);
        if ( error == ccIteratorEnd )
        {
            break;
        }
        else
        if( error )
        {
            asprintf( &error_string, 
                      "api ccache: iterator_next returned an expected error (%d)", 
                      error );
            ret = translate_cc_error(error, error_string);
            if( error_string ) free( error_string );
            dlclose( cc_handle );
            return ret;
        }
        error = (*a->ccache->functions->remove_credentials)(a->ccache, ccred);
        if( error == ccNoError )
        {
            error = (*ccred->functions->release)(ccred);
            if( error != ccNoError )
            {
                asprintf( &error_string, 
                          "api ccache: unexpected error releasing creds (%d)", 
                          error );
                ret = translate_cc_error(error, error_string);
                if( error_string ) free( error_string );
                dlclose( cc_handle );
                return ret;
            }
        }
        else
        {
            asprintf( &error_string, 
                      "api ccache: remove_credentials failed with unexpected error (%d)", 
                      error );
            ret = translate_cc_error(error, error_string);
            if( error_string ) free( error_string );
            dlclose( cc_handle );
            return ret;
        }
    }
    error = (*iter->functions->release)(iter);
    if( error != ccNoError )
    {
        asprintf( &error_string, 
                  "api ccache: unexpected error releasing iterator (%d)", 
                  error );
        ret = translate_cc_error(error, error_string);
        if( error_string ) free( error_string );
        dlclose( cc_handle );
        return ret;
    }
    error = (*a->ccache->functions->set_principal)( a->ccache,
                                                    cc_credentials_v5,
                                                    name );
    if( error )
    {
        asprintf( &error_string, 
                  "api ccache: set principal for %s failed with error %d",
                  name,
                  error );
        ret = translate_cc_error(error, error_string);
        if( error_string ) free( error_string );
        dlclose( cc_handle );
    }
    if( ret == 0 )
        fprintf( stderr, "Success!\n" );
    return ret;
}

build_api_test.sh

macos_10.5_set_principal.patch