Making the keytab option work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am working on fixing some of the bugs filed against the Debian
cyrus-sasl2 package.  There is one bug that pertains to the keytab
option not working when SASL is compiled against MIT Kerberos.  I have
implemented the attached patch in the Debian package (version 2.1.25).
I am providing it here for review and comment.  If it can be
incorporated upstream as is, that would be excellent.  If any changes
are required, please let me know.

For reference, the bug report can be viewed here:
http://bugs.debian.org/651308

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com

Author: Roberto C. Sanchez <roberto@xxxxxxxxxxxx>
Description: Fix buginess that results in the keytab configuration option not working on MIT Kerberos (Closes: #651308).
--- cyrus-sasl2.git.orig/cmulocal/sasl2.m4
+++ cyrus-sasl2.git/cmulocal/sasl2.m4
@@ -266,6 +266,7 @@
   cmu_save_LIBS="$LIBS"
   LIBS="$LIBS $GSSAPIBASE_LIBS"
   AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
+  AC_CHECK_FUNCS(krb5_gss_register_acceptor_identity)
   AC_CHECK_FUNCS(gss_decapsulate_token)
   AC_CHECK_FUNCS(gss_encapsulate_token)
   AC_CHECK_FUNCS(gss_oid_equal)
--- cyrus-sasl2.git.orig/config.h.in
+++ cyrus-sasl2.git/config.h.in
@@ -126,6 +126,10 @@
    */
 #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
 
+/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function.
+   */
+#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
+
 /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */
 #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
 
--- cyrus-sasl2.git.orig/configure
+++ cyrus-sasl2.git/configure
@@ -13333,7 +13333,7 @@
   cmu_save_LIBS="$LIBS"
   LIBS="$LIBS $GSSAPIBASE_LIBS"
 
-for ac_func in gsskrb5_register_acceptor_identity
+for ac_func in gsskrb5_register_acceptor_identity krb5_gss_regster_acceptor_identity
 do
 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
--- cyrus-sasl2.git.orig/plugins/gssapi.c
+++ cyrus-sasl2.git/plugins/gssapi.c
@@ -50,6 +50,9 @@
 #else
 #include <gssapi/gssapi.h>
 #endif
+#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
+#include <gssapi/gssapi_krb5.h>
+#endif
 
 #ifdef WIN32
 #  include <winsock2.h>
@@ -1271,7 +1274,7 @@
 };
 
 int gssapiv2_server_plug_init(
-#ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+#if !defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) && !defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
     const sasl_utils_t *utils __attribute__((unused)),
 #else
     const sasl_utils_t *utils,
@@ -1281,7 +1284,7 @@
     sasl_server_plug_t **pluglist,
     int *plugcount)
 {
-#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
     const char *keytab = NULL;
     char keytab_path[1024];
     unsigned int rl;
@@ -1291,7 +1294,7 @@
 	return SASL_BADVERS;
     }
     
-#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
     /* unfortunately, we don't check for readability of keytab if it's
        the standard one, since we don't know where it is */
     
@@ -1314,7 +1317,12 @@
 	
 	strncpy(keytab_path, keytab, 1024);
 	
+#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
 	gsskrb5_register_acceptor_identity(keytab_path);
+#endif
+#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
+	krb5_gss_register_acceptor_identity(keytab_path);
+#endif
     }
 #endif
     
--- cyrus-sasl2.git.orig/saslauthd/configure
+++ cyrus-sasl2.git/saslauthd/configure
@@ -9116,7 +9116,7 @@
   cmu_save_LIBS="$LIBS"
   LIBS="$LIBS $GSSAPIBASE_LIBS"
 
-for ac_func in gsskrb5_register_acceptor_identity
+for ac_func in gsskrb5_register_acceptor_identity krb5_gss_regster_acceptor_identity
 do
 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
--- cyrus-sasl2.git.orig/saslauthd/saslauthd.h.in
+++ cyrus-sasl2.git/saslauthd/saslauthd.h.in
@@ -59,6 +59,10 @@
    */
 #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
 
+/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function.
+   */
+#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
+
 /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */
 #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux