Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 31 Dec 2012 07:20:17 -0500 (EST)
From:      Rick Macklem <rmacklem@uoguelph.ca>
To:        Garrett Cooper <yanegomi@gmail.com>
Cc:        bf1783@gmail.com, freebsd-current@freebsd.org
Subject:   Re: svn commit: r244604 - head/usr.sbin/gssd
Message-ID:  <419702074.1604361.1356956417866.JavaMail.root@erie.cs.uoguelph.ca>
In-Reply-To: <44353525.1604353.1356956294487.JavaMail.root@erie.cs.uoguelph.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_1604360_1467627588.1356956417863
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Rick Macklem wrote:
> Rick Macklem wrote:
> > Garrett Cooper wrote:
> > > On Sun, Dec 30, 2012 at 4:49 PM, Rick Macklem
> > > <rmacklem@uoguelph.ca>
> > > wrote:
> > > > bf1783 wrote:
> > > >> >Author: rmacklem
> > > >> >Date: Sat Dec 22 23:21:17 2012
> > > >> >New Revision: 244604
> > > >> >URL: http://svnweb.freebsd.org/changeset/base/244604
> > > >> >
> > > >> >Log:
> > > >> >  It was reported via email that some sshds create kerberos
> > > >> >  credential cache files with names other than
> > > >> >  /tmp/krb5cc_<uid>.
> > > >> >  The gssd daemon does not know how to find these credential
> > > >> >  caches.
> > > >> >  This patch implements a new option "-s" that does a search
> > > >> >  for
> > > >> >  credential cache files, using roughly the same algorithm as
> > > >> >  the
> > > >> >  gssd daemon for Linux uses. The gssd behaviour is only
> > > >> >  changed
> > > >> >  if the new "-s" option is specified. It also implements two
> > > >> >  other
> > > >> >  new options related to the "-s" option.
> > > >> >
> > > >> >  Reported by: Piete.Brooks at cl.cam.ac.uk, Herbert Poeckl
> > > >> >  Tested by: Herbert Poeckl (admin at ist.tugraz.at), Illias
> > > >> >  A.
> > > >> >  Marinos
> > > >> >  MFC after: 2 weeks
> > > >>
> > > >> ...
> > > >>
> > > >> >+#include <krb5.h>
> > > >>
> > > >> Rick:
> > > >>
> > > >> This breaks world built WITHOUT_KERBEROS and WITH_GSSAPI.
> > > >>
> > > >> Regards,
> > > >> b.
> > > > Could you please test the attached patch.
> > > >
> > > > Also, if someone who is familiar with the build/Makefile side
> > > > of things could review this, it would be appreciated.
> > >
> > > 1. I would name WITHOUT_KERBEROS to KERBEROS_SUPPORT in the
> > > sourcefile
> > > and CFLAGS to avoid potential confusion/noise with build logic.
> > >
> > WITHOUT_KERBEROS is used other places, like telnetd. Were you aware
> > of
> > that?
> > (I just thought it would keep it consistent, but if you think it is
> > better
> > to use a different name, I don't care.)
> >
> Oh, I see you were suggesting that the polarity be reversed. Well,
> although the #ifndef is a bit ugly, the utility is useless without
> Kerberos, so I think I'd rather stick with "enabled by default".
> 
> Also, there is KPROGS in head/kerberos5/Makefile, which is a list
> of programs that depend on kerberos. gssd isn't in the list, but
> maybe it should be? (And that list is used to "dekerberise" them
> by setting -DWITHOUT_KERBEROS.)
> 
> So, unless others feel strongly about it, I think I'd rather stick
> with using WITHOUT_KEREBEROS.
> 
Oh, and I've attached the updated patch, rick

> rick
> 
> > > 2. This code should be revised per style(9):
> > >
> > > +#else
> > > + fprintf(stderr, "This option not available when built"
> > > + " without MK_KERBEROS\n");
> > > + exit(1);
> > >
> > > In particular:
> > >
> > > errx(1, "This option requires Kerberos support");
> > >
> > > Seems more succinct and addresses the actual item at hand.
> > >
> > Yea, I'll switch it to errx(). I just cribbed the code further
> > down, that used fprintf().
> >
> > > 3. This could be simplified as well potentially:
> > >
> > > +.if ${MK_KERBEROS} != "no"
> > > DPADD= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN}
> > > ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO}
> > > LDADD= -lgssapi -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt
> > > -lcrypto
> > > +.else
> > > +CFLAGS+= -DWITHOUT_KERBEROS
> > > +DPADD= ${LIBGSSAPI}
> > > +LDADD= -lgssapi
> > > +.endif
> > >
> > > to this:
> > >
> > > DPADD= ${LIBGSSAPI}
> > > LDADD= -lgssapi
> > > .if ${MK_KERBEROS} != "no"
> > > CFLAGS+= -DKERBEROS_SUPPORT
> > > DPADD+= ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN}
> > > ${LIBCOM_ERR}
> > > ${LIBCRYPT} ${LIBCRYPTO}
> > > LDADD+= -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt -lcrypto
> > > .endif
> > >
> > Yea, I can do this change too. I think the latter is more readable.
> >
> > Thanks, rick
> >
> > > Thanks!
> > > -Garrett
> > > _______________________________________________
> > > freebsd-current@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-current
> > > To unsubscribe, send any mail to
> > > "freebsd-current-unsubscribe@freebsd.org"
> > _______________________________________________
> > freebsd-current@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-current
> > To unsubscribe, send any mail to
> > "freebsd-current-unsubscribe@freebsd.org"
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to
> "freebsd-current-unsubscribe@freebsd.org"

------=_Part_1604360_1467627588.1356956417863
Content-Type: text/x-patch; name=gssd-build.patch
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=gssd-build.patch

LS0tIHVzci5zYmluL2dzc2QvZ3NzZC5jLnNhdjAJMjAxMi0xMi0zMCAxOTowNDoxOS4wMDAwMDAw
MDAgLTA1MDAKKysrIHVzci5zYmluL2dzc2QvZ3NzZC5jCTIwMTItMTItMzEgMDc6MDM6MzMuNjE0
NTE2MDAwIC0wNTAwCkBAIC0zNyw3ICszNyw5IEBAIF9fRkJTRElEKCIkRnJlZUJTRDogaGVhZC91
c3Iuc2Jpbi9nc3NkL2cKICNpbmNsdWRlIDxjdHlwZS5oPgogI2luY2x1ZGUgPGRpcmVudC5oPgog
I2luY2x1ZGUgPGVyci5oPgorI2lmbmRlZiBXSVRIT1VUX0tFUkJFUk9TCiAjaW5jbHVkZSA8a3Ji
NS5oPgorI2VuZGlmCiAjaW5jbHVkZSA8cHdkLmg+CiAjaW5jbHVkZSA8c3RkaW8uaD4KICNpbmNs
dWRlIDxzdGRsaWIuaD4KQEAgLTEwMiwxMiArMTA0LDE3IEBAIG1haW4oaW50IGFyZ2MsIGNoYXIg
Kiphcmd2KQogCQkJZGVidWdfbGV2ZWwrKzsKIAkJCWJyZWFrOwogCQljYXNlICdzJzoKKyNpZm5k
ZWYgV0lUSE9VVF9LRVJCRVJPUwogCQkJLyoKIAkJCSAqIFNldCB0aGUgZGlyZWN0b3J5IHNlYXJj
aCBsaXN0LiBUaGlzIGVuYWJsZXMgdXNlIG9mCiAJCQkgKiBmaW5kX2NjYWNoZV9maWxlKCkgdG8g
c2VhcmNoIHRoZSBkaXJlY3RvcmllcyBmb3IgYQogCQkJICogc3VpdGFibGUgY3JlZGVudGlhbHMg
Y2FjaGUgZmlsZS4KIAkJCSAqLwogCQkJc3RybGNweShjY2ZpbGVfZGlybGlzdCwgb3B0YXJnLCBz
aXplb2YoY2NmaWxlX2Rpcmxpc3QpKTsKKyNlbHNlCisJCQllcnJ4KDEsICJUaGlzIG9wdGlvbiBu
b3QgYXZhaWxhYmxlIHdoZW4gYnVpbHQiCisJCQkgICAgIiB3aXRob3V0IE1LX0tFUkJFUk9TXG4i
KTsKKyNlbmRpZgogCQkJYnJlYWs7CiAJCWNhc2UgJ2MnOgogCQkJLyoKQEAgLTgxNCw2ICs4MjEs
NyBAQCBzdGF0aWMgaW50CiBpc19hX3ZhbGlkX3RndF9jYWNoZShjb25zdCBjaGFyICpmaWxlcGF0
aCwgdWlkX3QgdWlkLCBpbnQgKnJldHJhdGluZywKICAgICB0aW1lX3QgKnJldGV4cHRpbWUpCiB7
CisjaWZuZGVmIFdJVEhPVVRfS0VSQkVST1MKIAlrcmI1X2NvbnRleHQgY29udGV4dDsKIAlrcmI1
X3ByaW5jaXBhbCBwcmluYzsKIAlrcmI1X2NjYWNoZSBjY2FjaGU7CkBAIC05MTMsNSArOTIxLDgg
QEAgaXNfYV92YWxpZF90Z3RfY2FjaGUoY29uc3QgY2hhciAqZmlsZXBhdAogCQkqcmV0ZXhwdGlt
ZSA9IGV4cHRpbWU7CiAJfQogCXJldHVybiAocmV0KTsKKyNlbHNlIC8qIFdJVEhPVVRfS0VSQkVS
T1MgKi8KKwlyZXR1cm4gKDApOworI2VuZGlmIC8qICFXSVRIT1VUX0tFUkJFUk9TICovCiB9CiAK
LS0tIHVzci5zYmluL2dzc2QvTWFrZWZpbGUuc2F2MAkyMDEyLTEyLTMwIDE5OjE4OjAwLjAwMDAw
MDAwMCAtMDUwMAorKysgdXNyLnNiaW4vZ3NzZC9NYWtlZmlsZQkyMDEyLTEyLTMxIDA3OjAyOjQ1
LjAwMDAwMDAwMCAtMDUwMApAQCAtMSw1ICsxLDcgQEAKICMgJEZyZWVCU0Q6IGhlYWQvdXNyLnNi
aW4vZ3NzZC9NYWtlZmlsZSAyNDQ2MzggMjAxMi0xMi0yMyAyMDoxMjo1N1ogcm1hY2tsZW0gJAog
CisuaW5jbHVkZSA8YnNkLm93bi5taz4KKwogUFJPRz0JZ3NzZAogTUFOPQlnc3NkLjgKIFNSQ1M9
CWdzc2QuYyBnc3NkLmggZ3NzZF9zdmMuYyBnc3NkX3hkci5jIGdzc2RfcHJvdC5jCkBAIC03LDgg
KzksMTQgQEAgU1JDUz0JZ3NzZC5jIGdzc2QuaCBnc3NkX3N2Yy5jIGdzc2RfeGRyLgogQ0ZMQUdT
Kz0gLUkuCiBXQVJOUz89IDEKIAotRFBBREQ9CSR7TElCR1NTQVBJfSAke0xJQktSQjV9ICR7TElC
SFg1MDl9ICR7TElCQVNOMX0gJHtMSUJST0tFTn0gJHtMSUJDT01fRVJSfSAke0xJQkNSWVBUfSAk
e0xJQkNSWVBUT30KLUxEQUREPQktbGdzc2FwaSAtbGtyYjUgLWxoeDUwOSAtbGFzbjEgLWxyb2tl
biAtbGNvbV9lcnIgLWxjcnlwdCAtbGNyeXB0bworRFBBREQ9CSR7TElCR1NTQVBJfQorTERBREQ9
CS1sZ3NzYXBpCisuaWYgJHtNS19LRVJCRVJPU30gIT0gIm5vIgorRFBBREQrPQkke0xJQktSQjV9
ICR7TElCSFg1MDl9ICR7TElCQVNOMX0gJHtMSUJST0tFTn0gJHtMSUJDT01fRVJSfSAke0xJQkNS
WVBUfSAke0xJQkNSWVBUT30KK0xEQUREKz0JLWxrcmI1IC1saHg1MDkgLWxhc24xIC1scm9rZW4g
LWxjb21fZXJyIC1sY3J5cHQgLWxjcnlwdG8KKy5lbHNlCitDRkxBR1MrPSAtRFdJVEhPVVRfS0VS
QkVST1MKKy5lbmRpZgogCiBDTEVBTkZJTEVTPSBnc3NkX3N2Yy5jIGdzc2QuaAogCg==
------=_Part_1604360_1467627588.1356956417863--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?419702074.1604361.1356956417866.JavaMail.root>