- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]

   Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@

diff --git a/ChangeLog b/ChangeLog
index c5ef7de6846fe432e7644b1e5c77cd0f9926e406..205fa0e4cd6ce9652dfff046c73419a34c9629f9 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 20040105
  - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails.  Patch from
    cjwatson at debian.org.
+ - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
+   Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@
 
 20040102
  - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from

diff --git a/acconfig.h b/acconfig.h
index 60aa368c0a42f90d7f00297544ce5b1e5698fde4..a10e1333733979766fc769b93998f88814054bfc 100644 (file)
--- a/acconfig.h
+++ b/acconfig.h
@@ -256,6 +256,9 @@
 /* Define this if you are using the Heimdal version of Kerberos V5 */
 #undef HEIMDAL
 
+/* Define this if you want to use Heimdal's AFS support */
+#undef AFS
+
 /* Define if you want S/Key support */
 #undef SKEY
 

diff --git a/configure.ac b/configure.ac
index f885dc911ce4422836f4772dd3e4065f92a899fa..3d43a85461df0cacbc71fc52987a039f29c46190 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2037,6 +2037,11 @@ AC_ARG_WITH(kerberos5,
                                       [ AC_MSG_RESULT(yes)
                                         AC_DEFINE(HEIMDAL)
                                         K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+                                        AC_SEARCH_LIBS(k_hasafs, kafs,
+                                               [ AC_DEFINE(AFS)
+                                                 K5LIBS="-lkafs $K5LIBS"
+                                               ]
+                                        )
                                       ],
                                       [ AC_MSG_RESULT(no)
                                         K5LIBS="-lkrb5 -lk5crypto -lcom_err"

diff --git a/includes.h b/includes.h
index ac9a950e07059eac0e902e8a05f7c648fcaca4f6..02364bbd758a502c22be986ae5757307af34e54b 100644 (file)
--- a/includes.h
+++ b/includes.h
@@ -169,6 +169,11 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 # include <libutil.h> /* Openpty on FreeBSD at least */
 #endif
 
+#if defined(HEIMDAL) && defined(AFS)
+# include <krb5.h>
+# include <kafs.h>
+#endif
+
 #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
 
 #include "defines.h"

diff --git a/servconf.c b/servconf.c
index b832c75b3c85b06be03a8ff7f3f20c4d4d599d45..04a10fadf3023fdafa1f1a56c44b655c1754ab6e 100644 (file)
--- a/servconf.c
+++ b/servconf.c
@@ -305,7 +305,11 @@ static struct {
        { "kerberosauthentication", sKerberosAuthentication },
        { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
        { "kerberosticketcleanup", sKerberosTicketCleanup },
+#ifdef AFS
        { "kerberosgetafstoken", sKerberosGetAFSToken },
+#else
+       { "kerberosgetafstoken", sUnsupported },
+#endif
 #else
        { "kerberosauthentication", sUnsupported },
        { "kerberosorlocalpasswd", sUnsupported },

diff --git a/session.c b/session.c
index 03a5ec5704c18ea76fb53f550ce76a564f5bd03d..cf6722c3476d0f47d4ce3e785bf7a496cc5d5263 100644 (file)
--- a/session.c
+++ b/session.c
@@ -1415,7 +1415,7 @@ do_child(Session *s, const char *command)
         */
        environ = env;
 
-#ifdef KRB5
+#if defined(HEIMDAL) && defined(AFS)
        /*
         * At this point, we check to see if AFS is active and if we have
         * a valid Kerberos 5 TGT. If so, it seems like a good idea to see