Subject: bin/19762: cvs with gssapi auth does not work
To: None <gnats-bugs@gnats.netbsd.org>
From: None <urban@boquist.net>
List: netbsd-bugs
Date: 01/09/2003 22:24:45
>Number:         19762
>Category:       bin
>Synopsis:       cvs gssapi auth broke when in-tree cvs was recently updated
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 09 13:25:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Urban Boquist
>Release:        NetBSD 1.6K
>Organization:
Carlstedt Research & Technology AB, Sweden
>Environment:
System: NetBSD iller 1.6K NetBSD 1.6K (ILLER-$Revision: 1.54 $) #0: Sun Dec 22 23:18:28 CET 2002 root@iller:/usr/src/sys/arch/i386/compile/ILLER i386
Architecture: i386
Machine: i386
>Description:
	Since cvs 1.11.2 was imported into -current, cvs with gssapi
	authentication has not worked for me. The problem seems to be
	a small merge mistake, the hostname of the current host is
	used in one place instead of the hostname of the (remote) cvs server
	specified in the cvs root. This is happening in code that is
	part of the "local NetBSD changes" to cvs, namely the IPv6
	fixes that replaces a "struct hostent" that is passed around with the
	hostname as a simple string.
>How-To-Repeat:
	Use cvs with a ":gserver:..." root, and watch something like this:
cvs status: GSSAPI authentication failed:  Miscellaneous failure (see text)
cvs [status aborted]: GSSAPI authentication failed: No such entry in the databas

>Fix:
	The least invasive fix would be this:

Index: client.c
===================================================================
RCS file: /anoncvs/src/gnu/dist/cvs/src/client.c,v
retrieving revision 1.9
diff -u -r1.9 client.c
--- client.c	2002/11/28 22:04:46	1.9
+++ client.c	2003/01/09 21:05:05
@@ -3915,7 +3915,7 @@
 
     make_bufs_from_fds (sock, sock, 0, &to_server, &from_server, 1);
 
-    auth_server (root, to_server, from_server, verify_only, do_gssapi, hostname);
+    auth_server (root, to_server, from_server, verify_only, do_gssapi, root->hostname);
 
     if (verify_only)
     {


... and little prettier fix would be this (no need to pass both root
and root->hostname in the call):

Index: client.c
===================================================================
RCS file: /anoncvs/src/gnu/dist/cvs/src/client.c,v
retrieving revision 1.9
diff -u -r1.9 client.c
--- client.c	2002/11/28 22:04:46	1.9
+++ client.c	2003/01/09 21:03:01
@@ -135,7 +135,7 @@
 static size_t try_read_from_server PROTO ((char *, size_t));
 
 static void auth_server PROTO ((cvsroot_t *, struct buffer *, struct buffer *,
-				int, int, char *));
+				int, int));
 
 /* We need to keep track of the list of directories we've sent to the
    server.  This list, along with the current CVSROOT, will help us
@@ -3915,7 +3915,7 @@
 
     make_bufs_from_fds (sock, sock, 0, &to_server, &from_server, 1);
 
-    auth_server (root, to_server, from_server, verify_only, do_gssapi, hostname);
+    auth_server (root, to_server, from_server, verify_only, do_gssapi);
 
     if (verify_only)
     {
@@ -3947,13 +3947,12 @@
 
 
 static void
-auth_server (root, lto_server, lfrom_server, verify_only, do_gssapi, hostname)
+auth_server (root, lto_server, lfrom_server, verify_only, do_gssapi)
     cvsroot_t *root;
     struct buffer *lto_server;
     struct buffer *lfrom_server;
     int verify_only;
     int do_gssapi;
-    char *hostname;
 {
     char *username;			/* the username we use to connect */
     char no_passwd = 0;			/* gets set if no password found */
@@ -3983,7 +3982,7 @@
 	    error (1, 0, "gserver currently only enabled for socket connections");
 	}
 
-	if (! connect_to_gserver (root, fd, hostname))
+	if (! connect_to_gserver (root, fd, root->hostname))
 	{
 	    error (1, 0,
 		    "authorization failed: server %s rejected access to %s",
>Release-Note:
>Audit-Trail:
>Unformatted: