> On Dec 3, 2007, at 2:52 AM, Måns Nilsson wrote: >> --On måndag, måndag 26 nov 2007 11.26.28 -0800 "Henry B. Hotz" >> <hotz@jpl.nasa.gov> wrote: >> >>> Does it work with "FILE:" ccaches? (Does it only fail with the >>> default >>> "API:" ccache?) >> >> No, I believe I tested that. Possibly relevant. Note that his patch follows recommendation made on the MIT Kerb list. Begin forwarded message: > From: John Bowers <John.Bowers@quest.com> > Date: November 26, 2007 12:19:16 PM PST > To: "'hotz@jpl.nasa.gov'" <hotz@jpl.nasa.gov> > Subject: FW: 1.0.1 compile on OS X 10.5 > >> Does it work with "FILE:" ccaches? (Does >> it only fail with the default "API:" ccache?) > > I responded earlier with the following response, but it appears I > am not authorized to post to the heimdal-discuss list. If you use > Leopard with Heimdal I am sure you going to run into this (until > Apple fixes it at any rate). I spent quite a bit of time figuring > this problem out, so I was hoping others wouldn't need to go > through the pain. You seem to be a prominent Apple poster on the > list, so you might find this patch useful. > > (in answer to your question, if the problem is what I think it is > then this problem would only ever occur with "API:" ccaches) > > Hope you find this useful. > > -- > John Bowers > Software Engineer > Quest Software > 801-655-2522 > > -----Original Message----- > From: John Bowers > Sent: Monday, November 26, 2007 10:37 AM > To: heimdal-discuss@sics.se; Måns Nilsson > Subject: RE: 1.0.1 compile on OS X 10.5 > > I believe I have run into this problem as well. I tracked my > problem down to a failure in the ccapi set_credentials call. I > reported this to apple, and they seem to acknowledge that they have > a bug in their ccapi implementation on 10.5. Since the Heimdal API > ccache implementation relies on the ccapi, this bug affects Heimdal. > > > > I have a test I created that demonstrates this problem on OSX > 10.5. The same test executes successfully on 10.4. I will attach > the test for anyone who might be interested, just run the attached > shell script to build the test. > > > > I also put together a patch that worked around this problem for > me. If your problem is the same as mine (as it appears to be) it > might solve your problem as well. > > > > Essentially the patch involves initializing the ccache by deleting > the entire ccache (if it existed previously) and recreating it, > instead of iterating the contents and removing them and then > calling the faulty set_principal function on the ccache. > > > > Presumably Apple will fix this issue eventually, but as it doesn't > affect their utilities they may be slow about it. > > > > -- > > John Bowers > > Software Engineer > > Quest Software > > 801-655-2522 > > > ________________________________________ > From: Måns Nilsson [mansaxel@kthnoc.net] > Sent: Sunday, November 25, 2007 4:21 AM > To: heimdal-discuss@sics.se > Subject: Re: 1.0.1 compile on OS X 10.5 > > --On fredag, fredag 9 nov 2007 09.39.47 +0100 Måns Nilsson > <mansaxel@kthnoc.net> wrote: > >> Hi, >> >> just reinstalled (fresh, no upgrade) my ppc macmini and am trying >> to get >> back my life. >> >> Heimdal gives me some trouble: > > With svn head checked out (version 22087), autoreconfigured and so > according to h5l.se, it builds (yay!) but I get: > > bash-3.2# kauth --version > kauth (Heimdal 1.0.99) > Copyright 1995-2007 Kungliga Tekniska H�gskolan > Send bug-reports to heimdal-bugs@h5l.se > bash-3.2# kauth mansaxel > mansaxel@KTHNOC.NET's Password: > kauth: krb5_cc_initialize: Internal file credentials cache error > bash-3.2# > > But, once I buy a ticket with Apple-supplied MIT kinit, I can use > it with > heimdal apps, like telnet. > > More info on request. > -- > Måns Nilsson Systems Specialist > +46 70 681 7204 cell KTHNOC > +46 8 790 6518 office MN1334-RIPE > > I Know A Joke
#include <stdio.h>
#include <CredentialsCache.h>
#include <stdlib.h>
typedef cc_int32 (*cc_initialize_func)(cc_context_t*, cc_int32, cc_int32 *, char const **);
struct cc_context_t {
const struct cc_context_functions* func;
};
typedef struct krb5_acc {
char *cache_name;
cc_context_t context;
cc_ccache_t ccache;
} krb5_acc;
#define ACACHE(X) ((krb5_acc *)(X)->data.data)
static int
translate_cc_error( cc_int32 error, char* error_string )
{
if( error_string )
{
fprintf( stderr, error_string );
}
else
if( error != ccNoError )
{
fprintf( stderr, "Unknown CCAPI error %d", error );
}
fprintf( stderr, "\n" );
return -1;
}
int main( int argc, char* argv[])
{
void* cc_handle = NULL;
cc_initialize_func init_func;
krb5_acc* a = NULL;
cc_int32 error = 0;
cc_credentials_iterator_t iter;
int ret = 0;
char* error_string = NULL;
char* name = "bob@EXAMPLE.COM";
a = malloc( sizeof(krb5_acc) );
cc_handle = (void*)dlopen( "/System/Library/Frameworks/Kerberos.framework/Kerberos", 0);
if( cc_handle == NULL )
{
fprintf( stderr, "Failed to dlopen kerberos library\n" );
}
init_func = (void*)dlsym(cc_handle, "cc_initialize");
(*init_func)(&a->context, ccapi_version_3, NULL, NULL);
error = (*a->context->functions->open_default_ccache)(a->context, &a->ccache);
if (error==ccErrCCacheNotFound)
{
error = (*a->context->functions->create_default_ccache)(a->context,
cc_credentials_v5,
name,
&a->ccache);
if( error )
{
asprintf( &error_string,
"api ccache: create default ccache failed with %d", error );
ret = translate_cc_error(error, error_string);
if( error_string ) free( error_string );
dlclose( cc_handle );
return ret;
}
}
else
if( error )
{
asprintf( &error_string,
"api ccache: open default ccache failed with %d", error );
ret = translate_cc_error(error, error_string);
if( error_string ) free( error_string );
dlclose( cc_handle );
return ret;
}
error = (*a->ccache->functions->new_credentials_iterator)(a->ccache, &iter);
if (error)
{
asprintf( &error_string,
"api ccache: new_credentials_iterator failed with % d",
error );
ret = translate_cc_error(error, error_string);
if( error_string ) free( error_string );
dlclose( cc_handle );
return ret;
}
while (1)
{
cc_credentials_t ccred;
error = (*iter->functions->next)(iter, &ccred);
if ( error == ccIteratorEnd )
{
break;
}
else
if( error )
{
asprintf( &error_string,
"api ccache: iterator_next returned an expected error (%d)",
error );
ret = translate_cc_error(error, error_string);
if( error_string ) free( error_string );
dlclose( cc_handle );
return ret;
}
error = (*a->ccache->functions->remove_credentials)(a->ccache, ccred);
if( error == ccNoError )
{
error = (*ccred->functions->release)(ccred);
if( error != ccNoError )
{
asprintf( &error_string,
"api ccache: unexpected error releasing creds (%d)",
error );
ret = translate_cc_error(error, error_string);
if( error_string ) free( error_string );
dlclose( cc_handle );
return ret;
}
}
else
{
asprintf( &error_string,
"api ccache: remove_credentials failed with unexpected error (%d)",
error );
ret = translate_cc_error(error, error_string);
if( error_string ) free( error_string );
dlclose( cc_handle );
return ret;
}
}
error = (*iter->functions->release)(iter);
if( error != ccNoError )
{
asprintf( &error_string,
"api ccache: unexpected error releasing iterator (%d)",
error );
ret = translate_cc_error(error, error_string);
if( error_string ) free( error_string );
dlclose( cc_handle );
return ret;
}
error = (*a->ccache->functions->set_principal)( a->ccache,
cc_credentials_v5,
name );
if( error )
{
asprintf( &error_string,
"api ccache: set principal for %s failed with error %d",
name,
error );
ret = translate_cc_error(error, error_string);
if( error_string ) free( error_string );
dlclose( cc_handle );
}
if( ret == 0 )
fprintf( stderr, "Success!\n" );
return ret;
}
macos_10.5_set_principal.patch