Re: svn commit: r244604 - head/usr.sbin/gssd

Sun, 30 Dec 2012 16:49:47 -0800 

bf1783 wrote:
> >Author: rmacklem
> >Date: Sat Dec 22 23:21:17 2012
> >New Revision: 244604
> >URL: http://svnweb.freebsd.org/changeset/base/244604
> >
> >Log:
> >  It was reported via email that some sshds create kerberos
> >  credential cache files with names other than /tmp/krb5cc_<uid>.
> >  The gssd daemon does not know how to find these credential caches.
> >  This patch implements a new option "-s" that does a search for
> >  credential cache files, using roughly the same algorithm as the
> >  gssd daemon for Linux uses. The gssd behaviour is only changed
> >  if the new "-s" option is specified. It also implements two other
> >  new options related to the "-s" option.
> >
> >  Reported by: Piete.Brooks at cl.cam.ac.uk, Herbert Poeckl
> >  Tested by: Herbert Poeckl (admin at ist.tugraz.at), Illias A.
> >  Marinos
> >  MFC after: 2 weeks
> 
> ...
> 
> >+#include <krb5.h>
> 
> Rick:
> 
> This breaks world built WITHOUT_KERBEROS and WITH_GSSAPI.
> 
> Regards,
> b.
Could you please test the attached patch.

Also, if someone who is familiar with the build/Makefile side
of things could review this, it would be appreciated.

Thanks, rick


--- usr.sbin/gssd/gssd.c.sav0	2012-12-30 19:04:19.000000000 -0500
+++ usr.sbin/gssd/gssd.c	2012-12-30 19:35:06.648603000 -0500
@@ -37,7 +37,9 @@ __FBSDID("$FreeBSD: head/usr.sbin/gssd/g
 #include <ctype.h>
 #include <dirent.h>
 #include <err.h>
+#ifndef WITHOUT_KERBEROS
 #include <krb5.h>
+#endif
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -102,12 +104,18 @@ main(int argc, char **argv)
 			debug_level++;
 			break;
 		case 's':
+#ifndef WITHOUT_KERBEROS
 			/*
 			 * Set the directory search list. This enables use of
 			 * find_ccache_file() to search the directories for a
 			 * suitable credentials cache file.
 			 */
 			strlcpy(ccfile_dirlist, optarg, sizeof(ccfile_dirlist));
+#else
+			fprintf(stderr, "This option not available when built"
+			    " without MK_KERBEROS\n");
+			exit(1);
+#endif
 			break;
 		case 'c':
 			/*
@@ -814,6 +822,7 @@ static int
 is_a_valid_tgt_cache(const char *filepath, uid_t uid, int *retrating,
     time_t *retexptime)
 {
+#ifndef WITHOUT_KERBEROS
 	krb5_context context;
 	krb5_principal princ;
 	krb5_ccache ccache;
@@ -913,5 +922,8 @@ is_a_valid_tgt_cache(const char *filepat
 		*retexptime = exptime;
 	}
 	return (ret);
+#else /* WITHOUT_KERBEROS */
+	return (0);
+#endif /* !WITHOUT_KERBEROS */
 }
 
--- usr.sbin/gssd/Makefile.sav0	2012-12-30 19:18:00.000000000 -0500
+++ usr.sbin/gssd/Makefile	2012-12-30 19:35:02.000000000 -0500
@@ -1,5 +1,7 @@
 # $FreeBSD: head/usr.sbin/gssd/Makefile 244638 2012-12-23 20:12:57Z rmacklem $
 
+.include <bsd.own.mk>
+
 PROG=	gssd
 MAN=	gssd.8
 SRCS=	gssd.c gssd.h gssd_svc.c gssd_xdr.c gssd_prot.c
@@ -7,8 +9,14 @@ SRCS=	gssd.c gssd.h gssd_svc.c gssd_xdr.
 CFLAGS+= -I.
 WARNS?= 1
 
+.if ${MK_KERBEROS} != "no"
 DPADD=	${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO}
 LDADD=	-lgssapi -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt -lcrypto
+.else
+CFLAGS+= -DWITHOUT_KERBEROS
+DPADD=	${LIBGSSAPI}
+LDADD=	-lgssapi
+.endif
 
 CLEANFILES= gssd_svc.c gssd.h
 

_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to