Date: Thu, 2 Jun 2022 19:46:04 +0200 From: Matthias Andree <mandree@FreeBSD.org> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Looking for GSSAPI expertise, particularly GSSAPI_HEIMDAL porting of newer security/PuTTY 0.77 Message-ID: <cfbf7b11-e895-7ac9-714b-e496536e5671@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Greetings,
I am the maintainer of the security/putty and putty-nogtk ports, and the
upstream maintainer recently (between 0.76 and 0.77) switched build
system from autoconf to cmake, and now we're a bit trying to fix up the
broken bits and pieces (aka fallout) that caused me to disable
GSSAPI_BASE and GSSAPI_HEIMDAL for now.
Specifically, is there someone who has some time at hands to point me to
good GSSAPI practical coding guides, or has even more time so we can go
over particular issues hands-on, with IRC or some other chat software?
Issues I am currently facing:
1. GSSAPI_BASE - we have an upstream patch that might make things work,
but executables only end up with libgssapi.so in addition to other libs,
but no gssapi_krb5, roken, crypto, ... (in stark contrast to what I am
getting with the security/krb5 port based build with GSSAPI_MIT).
2. test system where I can obtain a Kerberos ticket with kinit and log
in to an unprivileged SSH account and possibly test GSSAPI credential
delegation.
3. GSSAPI_HEIMDAL - apparently we now get clashes between
application-local headers and Heimdal library headers:
> FAILED: ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o /usr/local/libexec/ccache/cc -DHAVE_CMAKE_H -I/usr/ports/security/putty/work/putty-0.77/charset -I/usr/local/include/gtk-3.0 -I/usr/local/include/pango-1.0 -I/usr/local/include -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include/harfbuzz -I/usr/local/include/freetype2 -I/usr/local/include/libpng16 -I/usr/local/include/fribidi -I/usr/local/include/cairo -I/usr/local/include/pixman-1 -I/usr/local/include/gdk-pixbuf-2.0 -I/usr/local/include/gio-unix-2.0 -I/usr/local/include/libepoll-shim -I/usr/local/include/atk-1.0 -I/usr/local/include/at-spi2-atk/2.0 -I/usr/local/include/dbus-1.0 -I/usr/local/lib/dbus-1.0/include -I/usr/local/include/at-spi-2.0 -I/usr/local/include/heimdal -I/usr/ports/security/putty/work/putty-0.77 -I/usr/ports/security/putty/work/.build/CMakeFiles -I/usr/ports/security/putty/work/putty-0.77/unix -I/usr/ports/security/putty/work/putty-0.77/terminal -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -I/usr/local/include/heimdal -MD -MT ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o -MF ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o.d -o ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o -c /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c
> /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:90:15: error: expected identifier or '('
> const_gss_OID GSS_C_NT_USER_NAME = oids+0;
> ^
> /usr/local/include/heimdal/gssapi/gssapi.h:291:29: note: expanded from macro 'GSS_C_NT_USER_NAME'
> #define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc)
> ^
> /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:90:15: error: expected ')'
> /usr/local/include/heimdal/gssapi/gssapi.h:291:29: note: expanded from macro 'GSS_C_NT_USER_NAME'
> #define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc)
> ^
> /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:90:15: note: to match this '('
> /usr/local/include/heimdal/gssapi/gssapi.h:291:28: note: expanded from macro 'GSS_C_NT_USER_NAME'
> #define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc)
> ^
> /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:91:15: error: expected identifier or '('
> const_gss_OID GSS_C_NT_MACHINE_UID_NAME = oids+1;
> ^
TIA.
Regards,
Matthias
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cfbf7b11-e895-7ac9-714b-e496536e5671>