Date: Mon, 31 Dec 2012 07:20:17 -0500 (EST) From: Rick Macklem <rmacklem@uoguelph.ca> To: Garrett Cooper <yanegomi@gmail.com> Cc: bf1783@gmail.com, freebsd-current@freebsd.org Subject: Re: svn commit: r244604 - head/usr.sbin/gssd Message-ID: <419702074.1604361.1356956417866.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <44353525.1604353.1356956294487.JavaMail.root@erie.cs.uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_1604360_1467627588.1356956417863 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Rick Macklem wrote: > Rick Macklem wrote: > > Garrett Cooper wrote: > > > On Sun, Dec 30, 2012 at 4:49 PM, Rick Macklem > > > <rmacklem@uoguelph.ca> > > > wrote: > > > > bf1783 wrote: > > > >> >Author: rmacklem > > > >> >Date: Sat Dec 22 23:21:17 2012 > > > >> >New Revision: 244604 > > > >> >URL: http://svnweb.freebsd.org/changeset/base/244604 > > > >> > > > > >> >Log: > > > >> > It was reported via email that some sshds create kerberos > > > >> > credential cache files with names other than > > > >> > /tmp/krb5cc_<uid>. > > > >> > The gssd daemon does not know how to find these credential > > > >> > caches. > > > >> > This patch implements a new option "-s" that does a search > > > >> > for > > > >> > credential cache files, using roughly the same algorithm as > > > >> > the > > > >> > gssd daemon for Linux uses. The gssd behaviour is only > > > >> > changed > > > >> > if the new "-s" option is specified. It also implements two > > > >> > other > > > >> > new options related to the "-s" option. > > > >> > > > > >> > Reported by: Piete.Brooks at cl.cam.ac.uk, Herbert Poeckl > > > >> > Tested by: Herbert Poeckl (admin at ist.tugraz.at), Illias > > > >> > A. > > > >> > Marinos > > > >> > MFC after: 2 weeks > > > >> > > > >> ... > > > >> > > > >> >+#include <krb5.h> > > > >> > > > >> Rick: > > > >> > > > >> This breaks world built WITHOUT_KERBEROS and WITH_GSSAPI. > > > >> > > > >> Regards, > > > >> b. > > > > Could you please test the attached patch. > > > > > > > > Also, if someone who is familiar with the build/Makefile side > > > > of things could review this, it would be appreciated. > > > > > > 1. I would name WITHOUT_KERBEROS to KERBEROS_SUPPORT in the > > > sourcefile > > > and CFLAGS to avoid potential confusion/noise with build logic. > > > > > WITHOUT_KERBEROS is used other places, like telnetd. Were you aware > > of > > that? > > (I just thought it would keep it consistent, but if you think it is > > better > > to use a different name, I don't care.) > > > Oh, I see you were suggesting that the polarity be reversed. Well, > although the #ifndef is a bit ugly, the utility is useless without > Kerberos, so I think I'd rather stick with "enabled by default". > > Also, there is KPROGS in head/kerberos5/Makefile, which is a list > of programs that depend on kerberos. gssd isn't in the list, but > maybe it should be? (And that list is used to "dekerberise" them > by setting -DWITHOUT_KERBEROS.) > > So, unless others feel strongly about it, I think I'd rather stick > with using WITHOUT_KEREBEROS. > Oh, and I've attached the updated patch, rick > rick > > > > 2. This code should be revised per style(9): > > > > > > +#else > > > + fprintf(stderr, "This option not available when built" > > > + " without MK_KERBEROS\n"); > > > + exit(1); > > > > > > In particular: > > > > > > errx(1, "This option requires Kerberos support"); > > > > > > Seems more succinct and addresses the actual item at hand. > > > > > Yea, I'll switch it to errx(). I just cribbed the code further > > down, that used fprintf(). > > > > > 3. This could be simplified as well potentially: > > > > > > +.if ${MK_KERBEROS} != "no" > > > DPADD= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} > > > ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO} > > > LDADD= -lgssapi -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt > > > -lcrypto > > > +.else > > > +CFLAGS+= -DWITHOUT_KERBEROS > > > +DPADD= ${LIBGSSAPI} > > > +LDADD= -lgssapi > > > +.endif > > > > > > to this: > > > > > > DPADD= ${LIBGSSAPI} > > > LDADD= -lgssapi > > > .if ${MK_KERBEROS} != "no" > > > CFLAGS+= -DKERBEROS_SUPPORT > > > DPADD+= ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} > > > ${LIBCOM_ERR} > > > ${LIBCRYPT} ${LIBCRYPTO} > > > LDADD+= -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt -lcrypto > > > .endif > > > > > Yea, I can do this change too. I think the latter is more readable. > > > > Thanks, rick > > > > > Thanks! > > > -Garrett > > > _______________________________________________ > > > freebsd-current@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-current > > > To unsubscribe, send any mail to > > > "freebsd-current-unsubscribe@freebsd.org" > > _______________________________________________ > > freebsd-current@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-current > > To unsubscribe, send any mail to > > "freebsd-current-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org" ------=_Part_1604360_1467627588.1356956417863 Content-Type: text/x-patch; name=gssd-build.patch Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=gssd-build.patch LS0tIHVzci5zYmluL2dzc2QvZ3NzZC5jLnNhdjAJMjAxMi0xMi0zMCAxOTowNDoxOS4wMDAwMDAw MDAgLTA1MDAKKysrIHVzci5zYmluL2dzc2QvZ3NzZC5jCTIwMTItMTItMzEgMDc6MDM6MzMuNjE0 NTE2MDAwIC0wNTAwCkBAIC0zNyw3ICszNyw5IEBAIF9fRkJTRElEKCIkRnJlZUJTRDogaGVhZC91 c3Iuc2Jpbi9nc3NkL2cKICNpbmNsdWRlIDxjdHlwZS5oPgogI2luY2x1ZGUgPGRpcmVudC5oPgog I2luY2x1ZGUgPGVyci5oPgorI2lmbmRlZiBXSVRIT1VUX0tFUkJFUk9TCiAjaW5jbHVkZSA8a3Ji NS5oPgorI2VuZGlmCiAjaW5jbHVkZSA8cHdkLmg+CiAjaW5jbHVkZSA8c3RkaW8uaD4KICNpbmNs dWRlIDxzdGRsaWIuaD4KQEAgLTEwMiwxMiArMTA0LDE3IEBAIG1haW4oaW50IGFyZ2MsIGNoYXIg Kiphcmd2KQogCQkJZGVidWdfbGV2ZWwrKzsKIAkJCWJyZWFrOwogCQljYXNlICdzJzoKKyNpZm5k ZWYgV0lUSE9VVF9LRVJCRVJPUwogCQkJLyoKIAkJCSAqIFNldCB0aGUgZGlyZWN0b3J5IHNlYXJj aCBsaXN0LiBUaGlzIGVuYWJsZXMgdXNlIG9mCiAJCQkgKiBmaW5kX2NjYWNoZV9maWxlKCkgdG8g c2VhcmNoIHRoZSBkaXJlY3RvcmllcyBmb3IgYQogCQkJICogc3VpdGFibGUgY3JlZGVudGlhbHMg Y2FjaGUgZmlsZS4KIAkJCSAqLwogCQkJc3RybGNweShjY2ZpbGVfZGlybGlzdCwgb3B0YXJnLCBz aXplb2YoY2NmaWxlX2Rpcmxpc3QpKTsKKyNlbHNlCisJCQllcnJ4KDEsICJUaGlzIG9wdGlvbiBu b3QgYXZhaWxhYmxlIHdoZW4gYnVpbHQiCisJCQkgICAgIiB3aXRob3V0IE1LX0tFUkJFUk9TXG4i KTsKKyNlbmRpZgogCQkJYnJlYWs7CiAJCWNhc2UgJ2MnOgogCQkJLyoKQEAgLTgxNCw2ICs4MjEs NyBAQCBzdGF0aWMgaW50CiBpc19hX3ZhbGlkX3RndF9jYWNoZShjb25zdCBjaGFyICpmaWxlcGF0 aCwgdWlkX3QgdWlkLCBpbnQgKnJldHJhdGluZywKICAgICB0aW1lX3QgKnJldGV4cHRpbWUpCiB7 CisjaWZuZGVmIFdJVEhPVVRfS0VSQkVST1MKIAlrcmI1X2NvbnRleHQgY29udGV4dDsKIAlrcmI1 X3ByaW5jaXBhbCBwcmluYzsKIAlrcmI1X2NjYWNoZSBjY2FjaGU7CkBAIC05MTMsNSArOTIxLDgg QEAgaXNfYV92YWxpZF90Z3RfY2FjaGUoY29uc3QgY2hhciAqZmlsZXBhdAogCQkqcmV0ZXhwdGlt ZSA9IGV4cHRpbWU7CiAJfQogCXJldHVybiAocmV0KTsKKyNlbHNlIC8qIFdJVEhPVVRfS0VSQkVS T1MgKi8KKwlyZXR1cm4gKDApOworI2VuZGlmIC8qICFXSVRIT1VUX0tFUkJFUk9TICovCiB9CiAK LS0tIHVzci5zYmluL2dzc2QvTWFrZWZpbGUuc2F2MAkyMDEyLTEyLTMwIDE5OjE4OjAwLjAwMDAw MDAwMCAtMDUwMAorKysgdXNyLnNiaW4vZ3NzZC9NYWtlZmlsZQkyMDEyLTEyLTMxIDA3OjAyOjQ1 LjAwMDAwMDAwMCAtMDUwMApAQCAtMSw1ICsxLDcgQEAKICMgJEZyZWVCU0Q6IGhlYWQvdXNyLnNi aW4vZ3NzZC9NYWtlZmlsZSAyNDQ2MzggMjAxMi0xMi0yMyAyMDoxMjo1N1ogcm1hY2tsZW0gJAog CisuaW5jbHVkZSA8YnNkLm93bi5taz4KKwogUFJPRz0JZ3NzZAogTUFOPQlnc3NkLjgKIFNSQ1M9 CWdzc2QuYyBnc3NkLmggZ3NzZF9zdmMuYyBnc3NkX3hkci5jIGdzc2RfcHJvdC5jCkBAIC03LDgg KzksMTQgQEAgU1JDUz0JZ3NzZC5jIGdzc2QuaCBnc3NkX3N2Yy5jIGdzc2RfeGRyLgogQ0ZMQUdT Kz0gLUkuCiBXQVJOUz89IDEKIAotRFBBREQ9CSR7TElCR1NTQVBJfSAke0xJQktSQjV9ICR7TElC SFg1MDl9ICR7TElCQVNOMX0gJHtMSUJST0tFTn0gJHtMSUJDT01fRVJSfSAke0xJQkNSWVBUfSAk e0xJQkNSWVBUT30KLUxEQUREPQktbGdzc2FwaSAtbGtyYjUgLWxoeDUwOSAtbGFzbjEgLWxyb2tl biAtbGNvbV9lcnIgLWxjcnlwdCAtbGNyeXB0bworRFBBREQ9CSR7TElCR1NTQVBJfQorTERBREQ9 CS1sZ3NzYXBpCisuaWYgJHtNS19LRVJCRVJPU30gIT0gIm5vIgorRFBBREQrPQkke0xJQktSQjV9 ICR7TElCSFg1MDl9ICR7TElCQVNOMX0gJHtMSUJST0tFTn0gJHtMSUJDT01fRVJSfSAke0xJQkNS WVBUfSAke0xJQkNSWVBUT30KK0xEQUREKz0JLWxrcmI1IC1saHg1MDkgLWxhc24xIC1scm9rZW4g LWxjb21fZXJyIC1sY3J5cHQgLWxjcnlwdG8KKy5lbHNlCitDRkxBR1MrPSAtRFdJVEhPVVRfS0VS QkVST1MKKy5lbmRpZgogCiBDTEVBTkZJTEVTPSBnc3NkX3N2Yy5jIGdzc2QuaAogCg== ------=_Part_1604360_1467627588.1356956417863--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?419702074.1604361.1356956417866.JavaMail.root>