From owner-freebsd-current@FreeBSD.ORG Mon Dec 31 03:03:57 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B14353D7 for ; Mon, 31 Dec 2012 03:03:57 +0000 (UTC) (envelope-from yanegomi@gmail.com) Received: from mail-oa0-f49.google.com (mail-oa0-f49.google.com [209.85.219.49]) by mx1.freebsd.org (Postfix) with ESMTP id 6C4698FC14 for ; Mon, 31 Dec 2012 03:03:57 +0000 (UTC) Received: by mail-oa0-f49.google.com with SMTP id l10so11189310oag.8 for ; Sun, 30 Dec 2012 19:03:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tf2d572StxaJR/FGurAdK2uPGbZArpfhnSEVchs047E=; b=qQXAQC9/l4pVsGOy9FKM0DX4nmYbhH26Q/2dQ0YvMcwGsVP3AIGq3ZohC8By4S/2Z/ uOn6gF3S7P6+61+8GFlBwY4WFnDWE+YoxpSYx5p9bV/eCBj8MxvcUkIxz6za15sTfKnm 1JPSPjfXsW0KqxhMmH04QU/Xwm/JomaKkgWpra5pWesdsr4oB5y/WgB+VVjXES60/D2E Ob9DMrFRoc/v0UmdX8mwVogU5NVQ505rFWT3rwGzzHOgagzK5DbyMMhxmaSsSVQ+aFJJ w+YygVRWF7x+RVtxrCyJF1PF66hif7Ip3uBUZWuO/BvSItgXlzCTqNZx5+N1cVDefpnP O5RQ== MIME-Version: 1.0 Received: by 10.182.95.205 with SMTP id dm13mr33515759obb.9.1356923029967; Sun, 30 Dec 2012 19:03:49 -0800 (PST) Received: by 10.76.143.33 with HTTP; Sun, 30 Dec 2012 19:03:49 -0800 (PST) In-Reply-To: <87170730.1602744.1356914967581.JavaMail.root@erie.cs.uoguelph.ca> References: <87170730.1602744.1356914967581.JavaMail.root@erie.cs.uoguelph.ca> Date: Sun, 30 Dec 2012 19:03:49 -0800 Message-ID: Subject: Re: svn commit: r244604 - head/usr.sbin/gssd From: Garrett Cooper To: Rick Macklem Content-Type: text/plain; charset=ISO-8859-1 Cc: bf1783@gmail.com, freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Dec 2012 03:03:57 -0000 On Sun, Dec 30, 2012 at 4:49 PM, Rick Macklem wrote: > bf1783 wrote: >> >Author: rmacklem >> >Date: Sat Dec 22 23:21:17 2012 >> >New Revision: 244604 >> >URL: http://svnweb.freebsd.org/changeset/base/244604 >> > >> >Log: >> > It was reported via email that some sshds create kerberos >> > credential cache files with names other than /tmp/krb5cc_. >> > The gssd daemon does not know how to find these credential caches. >> > This patch implements a new option "-s" that does a search for >> > credential cache files, using roughly the same algorithm as the >> > gssd daemon for Linux uses. The gssd behaviour is only changed >> > if the new "-s" option is specified. It also implements two other >> > new options related to the "-s" option. >> > >> > Reported by: Piete.Brooks at cl.cam.ac.uk, Herbert Poeckl >> > Tested by: Herbert Poeckl (admin at ist.tugraz.at), Illias A. >> > Marinos >> > MFC after: 2 weeks >> >> ... >> >> >+#include >> >> Rick: >> >> This breaks world built WITHOUT_KERBEROS and WITH_GSSAPI. >> >> Regards, >> b. > Could you please test the attached patch. > > Also, if someone who is familiar with the build/Makefile side > of things could review this, it would be appreciated. 1. I would name WITHOUT_KERBEROS to KERBEROS_SUPPORT in the sourcefile and CFLAGS to avoid potential confusion/noise with build logic. 2. This code should be revised per style(9): +#else + fprintf(stderr, "This option not available when built" + " without MK_KERBEROS\n"); + exit(1); In particular: errx(1, "This option requires Kerberos support"); Seems more succinct and addresses the actual item at hand. 3. This could be simplified as well potentially: +.if ${MK_KERBEROS} != "no" DPADD= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO} LDADD= -lgssapi -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt -lcrypto +.else +CFLAGS+= -DWITHOUT_KERBEROS +DPADD= ${LIBGSSAPI} +LDADD= -lgssapi +.endif to this: DPADD= ${LIBGSSAPI} LDADD= -lgssapi .if ${MK_KERBEROS} != "no" CFLAGS+= -DKERBEROS_SUPPORT DPADD+= ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO} LDADD+= -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt -lcrypto .endif Thanks! -Garrett