[1098] in Kerberos-V5-bugs
Xlib: krb5_ckd_default_options support breaks SunOS shared libraries
daemon@ATHENA.MIT.EDU (Jonathan Stone)
Wed Feb 22 07:00:39 1995
Date: Wed, 22 Feb 1995 04:00:20 -0800
From: Jonathan Stone <jonathan@Gregorio.Stanford.EDU>
To: xbugs@x.org
Cc: krb5-bugs@MIT.EDU
VERSION:
R6, public-patch-11
CLIENT MACHINE and OPERATING SYSTEM:
Sparc/SunOS 4.1.2, SunOS 4.1.3_u1
DISPLAY TYPE:
Not applicable (cg3, cg6, bwtwo, ...)
WINDOW MANAGER:
Not applicable
COMPILER:
gcc 2.6.3
AREA:
lib/X11/ConnDis.c
SYNOPSIS:
When K5AUTH is selected, ConnDis.c contains a reference to
the krb5 external variable krb5_kcd_default_options, which
breaks SunOS-style shared libraries.
DESCRIPTION:
Suppose one has recently compiled libX11 on SunOS 4.1.x,
with K5AUTH defined. And one then installs the resulting
libX11.so.4.20. That shared library contains an unresolved
reference to it. All clients that were *NOT* also statically
linked against the krb5 libraries will have an unresolved symbol
at dynamic-link time, and so will fail.
REPEAT BY:
Obtain krb5pl4beta3 and install it. Configure
Build X11R6 pl4, 7, or 11 on a Sun running SunOS 4.1.3 with
K5AUTH enabled appropriately for wherever the krb5 libraries and
include files are. (Some other areas fail to build but
thats another bug report). Install the new libX11.
Try _any_ existing client that was not statically linke against
the krb5 libraries. Old, existing X11R6 clients are good,
as are clients linked against X11R5, as shipped by third parties.
SAMPLE FIX:
The following is purely a sample fix illustrating the problem
and a simplistic workaround. Perhaps SunOS libc.so files
could work around this too.
An alternative, more elegant fix would be to add a function to
the kerberos libraries that returns the current value of -- or even
a pointer to -- krb5_kdc_default_options.
That would, however, require some co-ordination with the MIT persons
responsible for krb5. (Thanks to kjd@dsg.stanford.edu for suggesting
the function interface.)
--Jonathan Stone
Stanford DSG
*** /tmp/RCSAa01850 Wed Feb 22 03:57:31 1995
--- ConnDis.c Wed Feb 22 03:55:37 1995
***************
*** 1,4 ****
! /* $XConsortium: ConnDis.c,v 11.123 94/05/19 11:00:27 mor Exp $ */
/*
Copyright (c) 1989 X Consortium
--- 1,4 ----
! /* $XConsortium: ConnDis.c,v 11.123 94/05/19 11:00:27 mor DSG-hack $ */
/*
Copyright (c) 1989 X Consortium
***************
*** 658,663 ****
--- 658,676 ----
#ifdef K5AUTH
#include <com_err.h>
+ #ifndef X_CONSORTIUM_BUG
+ /*
+ * If we reference |krb5_kdc_default_options| and we get
+ * dynamically linked into a client that didn't STATICALLY
+ * link in libkrb5.a, that client loses. To avoid that bug,
+ * inline our own default options and use that.
+ * Initialize to the same value as libkrb5 initializes
+ * its krb5_kdc_default_options, and pray.
+ */
+
+ krb5_flags xlib_kdc_default_options = KDC_OPT_RENEWABLE_OK;
+ #define krb5_kdc_default_options xlib_kdc_default_options
+ #endif
extern krb5_flags krb5_kdc_default_options;
/*
