- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]

Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@

ChangeLog

@@ -1,6 +1,8 @@
 20040105
  - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails.  Patch from
    cjwatson at debian.org.
+ - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
+   Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@
 
 20040102
  - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from
@@ -1648,4 +1650,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3162 2004/01/04 21:16:34 dtucker Exp $
+$Id: ChangeLog,v 1.3163 2004/01/05 11:36:51 dtucker Exp $

acconfig.h

@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.170 2004/01/02 07:02:44 djm Exp $ */
+/* $Id: acconfig.h,v 1.171 2004/01/05 11:36:52 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -256,6 +256,9 @@
 /* Define this if you are using the Heimdal version of Kerberos V5 */
 #undef HEIMDAL
 
+/* Define this if you want to use Heimdal's AFS support */
+#undef AFS
+
 /* Define if you want S/Key support */
 #undef SKEY
 

configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.182 2004/01/02 07:01:31 djm Exp $
+# $Id: configure.ac,v 1.183 2004/01/05 11:36:52 dtucker Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -2037,6 +2037,11 @@ AC_ARG_WITH(kerberos5,
 				       [ AC_MSG_RESULT(yes)
 					 AC_DEFINE(HEIMDAL)
 					 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+					 AC_SEARCH_LIBS(k_hasafs, kafs,
+						[ AC_DEFINE(AFS)
+						  K5LIBS="-lkafs $K5LIBS"
+						]
+					 )
 				       ],
 				       [ AC_MSG_RESULT(no)
 					 K5LIBS="-lkrb5 -lk5crypto -lcom_err"

includes.h

@@ -169,6 +169,11 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 # include <libutil.h> /* Openpty on FreeBSD at least */
 #endif
 
+#if defined(HEIMDAL) && defined(AFS)
+# include <krb5.h>
+# include <kafs.h>
+#endif
+
 #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
 
 #include "defines.h"

servconf.c

@@ -305,7 +305,11 @@ static struct {
 	{ "kerberosauthentication", sKerberosAuthentication },
 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
+#ifdef AFS
 	{ "kerberosgetafstoken", sKerberosGetAFSToken },
+#else
+	{ "kerberosgetafstoken", sUnsupported },
+#endif
 #else
 	{ "kerberosauthentication", sUnsupported },
 	{ "kerberosorlocalpasswd", sUnsupported },

session.c

@@ -1415,7 +1415,7 @@ do_child(Session *s, const char *command)
 	 */
 	environ = env;
 
-#ifdef KRB5
+#if defined(HEIMDAL) && defined(AFS)
 	/*
 	 * At this point, we check to see if AFS is active and if we have
 	 * a valid Kerberos 5 TGT. If so, it seems like a good idea to see