bf1783 wrote: > >Author: rmacklem > >Date: Sat Dec 22 23:21:17 2012 > >New Revision: 244604 > >URL: http://svnweb.freebsd.org/changeset/base/244604 > > > >Log: > > It was reported via email that some sshds create kerberos > > credential cache files with names other than /tmp/krb5cc_<uid>. > > The gssd daemon does not know how to find these credential caches. > > This patch implements a new option "-s" that does a search for > > credential cache files, using roughly the same algorithm as the > > gssd daemon for Linux uses. The gssd behaviour is only changed > > if the new "-s" option is specified. It also implements two other > > new options related to the "-s" option. > > > > Reported by: Piete.Brooks at cl.cam.ac.uk, Herbert Poeckl > > Tested by: Herbert Poeckl (admin at ist.tugraz.at), Illias A. > > Marinos > > MFC after: 2 weeks > > ... > > >+#include <krb5.h> > > Rick: > > This breaks world built WITHOUT_KERBEROS and WITH_GSSAPI. > > Regards, > b. Could you please test the attached patch.
Also, if someone who is familiar with the build/Makefile side of things could review this, it would be appreciated. Thanks, rick
--- usr.sbin/gssd/gssd.c.sav0 2012-12-30 19:04:19.000000000 -0500 +++ usr.sbin/gssd/gssd.c 2012-12-30 19:35:06.648603000 -0500 @@ -37,7 +37,9 @@ __FBSDID("$FreeBSD: head/usr.sbin/gssd/g #include <ctype.h> #include <dirent.h> #include <err.h> +#ifndef WITHOUT_KERBEROS #include <krb5.h> +#endif #include <pwd.h> #include <stdio.h> #include <stdlib.h> @@ -102,12 +104,18 @@ main(int argc, char **argv) debug_level++; break; case 's': +#ifndef WITHOUT_KERBEROS /* * Set the directory search list. This enables use of * find_ccache_file() to search the directories for a * suitable credentials cache file. */ strlcpy(ccfile_dirlist, optarg, sizeof(ccfile_dirlist)); +#else + fprintf(stderr, "This option not available when built" + " without MK_KERBEROS\n"); + exit(1); +#endif break; case 'c': /* @@ -814,6 +822,7 @@ static int is_a_valid_tgt_cache(const char *filepath, uid_t uid, int *retrating, time_t *retexptime) { +#ifndef WITHOUT_KERBEROS krb5_context context; krb5_principal princ; krb5_ccache ccache; @@ -913,5 +922,8 @@ is_a_valid_tgt_cache(const char *filepat *retexptime = exptime; } return (ret); +#else /* WITHOUT_KERBEROS */ + return (0); +#endif /* !WITHOUT_KERBEROS */ } --- usr.sbin/gssd/Makefile.sav0 2012-12-30 19:18:00.000000000 -0500 +++ usr.sbin/gssd/Makefile 2012-12-30 19:35:02.000000000 -0500 @@ -1,5 +1,7 @@ # $FreeBSD: head/usr.sbin/gssd/Makefile 244638 2012-12-23 20:12:57Z rmacklem $ +.include <bsd.own.mk> + PROG= gssd MAN= gssd.8 SRCS= gssd.c gssd.h gssd_svc.c gssd_xdr.c gssd_prot.c @@ -7,8 +9,14 @@ SRCS= gssd.c gssd.h gssd_svc.c gssd_xdr. CFLAGS+= -I. WARNS?= 1 +.if ${MK_KERBEROS} != "no" DPADD= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO} LDADD= -lgssapi -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt -lcrypto +.else +CFLAGS+= -DWITHOUT_KERBEROS +DPADD= ${LIBGSSAPI} +LDADD= -lgssapi +.endif CLEANFILES= gssd_svc.c gssd.h
_______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"