perlgssapi-developer — discussion of development process

[Perlgssapi-developer] LWP::Authen::Negotiate 0.05 on CPAN

[Achim G. <per...@gr...>]

Hello,

LWP::Authen::Negotiate 0.05 is now available at CPAN.

Leif, thank you very much!

Please let me know if everything works for you
and what changes have to be made.

Thank you,
Achim

Re: [Perlgssapi-developer] Re: Feedback on LWP-Authen-Negotiate-0.02

[Leif J. <le...@it...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> My ideas:
> 
> 1. use Environment variable containg the names the user wants to set.
>    (export LWPBLAFLAGS = "GSS_C_MUTUAL_FLAG GSS_C_MUTUAL_FLAG"
>     for example)
>    Problem: this is a global configuration.
>    (maybe the user does not want to forward credential to *all*
>    Servers he uses)

I don't think this is a problem - setting ENV from wrapper scripts
is a no-brainer.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9dUF8Jx8FtbMZncRAtAUAJ47DQKgSQ2WVWcu+ciMs2UNCOM28gCfR8TG
T4VN+8wMlPL3RAmby1jfJpA=
=Qxr1
-----END PGP SIGNATURE-----

Re: [Perlgssapi-developer] Re: Feedback on LWP-Authen-Negotiate-0.02

[Achim G. <per...@gr...>]

On Friday 17 February 2006 14:27, Leif Johansson wrote:
> Achim Grolms wrote:
> > On Friday 17 February 2006 11:47, Leif Johansson wrote:
> >> Can you send me a patch for that against my 0.03 I just uploaded?
> >
> > find patch attached. (fixes the "uninitaliziede value" warning also)
> >
> > Please check if that works for you.
> >
> > Achim
>
> Doesn't that just replace your code with mine? 

No, all your configuration options are in the resulting Negotiate.pm.

I am thinking of configuration:
It can be usefull to the user to configure the flags passed to
init_security_context (MUTAL and so on).

My ideas:

1. use Environment variable containg the names the user wants to set.
   (export LWPBLAFLAGS = "GSS_C_MUTUAL_FLAG GSS_C_MUTUAL_FLAG"
    for example)
   Problem: this is a global configuration.
   (maybe the user does not want to forward credential to *all*
   Servers he uses)

2. a per-host configuration like most browsers do.

   I fear that means a Configfile withe
    hostname => config
    value pairs.

   But where to put the file?
   And when pull in into LWP::Authen::Negotiate?

   on first run of package itself?

   on first run auf authenticate() (using counter?)

3. another idea?
   how is LWP configuration done in general?
   I have asked the on libwww-mailinglist, but got no answer

Achim 

Re: [Perlgssapi-developer] Re: Feedback on LWP-Authen-Negotiate-0.02

[Leif J. <le...@it...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Achim Grolms wrote:
> On Friday 17 February 2006 11:47, Leif Johansson wrote:
> 
>> Can you send me a patch for that against my 0.03 I just uploaded?
> 
> find patch attached. (fixes the "uninitaliziede value" warning also)
> 
> Please check if that works for you.
> 
> Achim
> 

Doesn't that just replace your code with mine? Let's just follow your
original suggestion and go with your code. There is really no point
in spending this much time discussing 128 lines of code and docs :-)

	MVH leifj
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9c9N8Jx8FtbMZncRAnHwAJoDXIuZaJea9I9Q9kKfW0axMHbiRACgkec8
5cLV8oY5iOSLKNrwUYA52rs=
=/pS1
-----END PGP SIGNATURE-----

Re: [Perlgssapi-developer] Re: Feedback on LWP-Authen-Negotiate-0.02

[Achim G. <per...@gr...>]

On Friday 17 February 2006 11:47, Leif Johansson wrote:

> Can you send me a patch for that against my 0.03 I just uploaded?

find patch attached. (fixes the "uninitaliziede value" warning also)

Please check if that works for you.

Achim

Re: [Perlgssapi-developer] [Fwd: CPAN Upload: L/LE/LEIFJ/LWP-Authen-Negotiate-0.03.tar.gz]

[Leif J. <le...@it...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Achim Grolms wrote:
> On Friday 17 February 2006 08:43, Leif Johansson wrote:
>> next
> 
> You use GSS_C_MUTUAL_FLAG on every request:
> 
> my $iflags = GSS_C_MUTUAL_FLAG;
> $iflags |= GSS_C_DELEG_FLAG if $ENV{LWP_AUTHEN_NEGOTIATE_DELEGATE};
> 
> isn't it better to use GSS_C_MUTUAL_FLAG only if
> Delegation is needed?
> (Most setups need only to authenticate the user?)
> 
> In my implementation I have set GSS_C_REPLAY_FLAG,
> is that not needed?
> (My idea was that this can stop MITM attackers.
>  am I wrong? - I am unsure!)

You are right. I am now convinced your 0.04 is a better
starting point.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9cyq8Jx8FtbMZncRAszbAJ99fY6LWbNmCXupqTGgy5lm5Xo6MACgnt+i
eFR8eSPsL+b+ND8NGsG5cGY=
=7zVb
-----END PGP SIGNATURE-----

Re: [Perlgssapi-developer] [Fwd: CPAN Upload: L/LE/LEIFJ/LWP-Authen-Negotiate-0.03.tar.gz]

[Achim G. <per...@gr...>]

On Friday 17 February 2006 08:43, Leif Johansson wrote:
> next

You use GSS_C_MUTUAL_FLAG on every request:

my $iflags = GSS_C_MUTUAL_FLAG;
$iflags |= GSS_C_DELEG_FLAG if $ENV{LWP_AUTHEN_NEGOTIATE_DELEGATE};

isn't it better to use GSS_C_MUTUAL_FLAG only if
Delegation is needed?
(Most setups need only to authenticate the user?)

In my implementation I have set GSS_C_REPLAY_FLAG,
is that not needed?
(My idea was that this can stop MITM attackers.
 am I wrong? - I am unsure!)

Achim

Re: [Perlgssapi-developer] [Fwd: CPAN Upload: L/LE/LEIFJ/LWP-Authen-Negotiate-0.03.tar.gz]

[Achim G. <per...@gr...>]

On Friday 17 February 2006 11:45, Leif Johansson wrote:
> Achim Grolms wrote:
> > On Friday 17 February 2006 08:43, Leif Johansson wrote:
> >> next
> >
> > achim@thor [/tmp/leif/LWP-Authen-Negotiate-0.03]$ perl Makefile.PL
> > Perl v5.8.6 required--this is only v5.8.4, stopped at Makefile.PL line 1.
> > BEGIN failed--compilation aborted at Makefile.PL line 1.
> > achim@thor [/tmp/leif/LWP-Authen-Negotiate-0.03]$
> >
> >
> > Hmmm?
>
> Didn't change that. 

That's the problem.

In Makefile.PL you have

use 5.008006;

That's the default from h2xs.
but there is no *need* to depend to that high version of Perl
I my own implementaion I just have deleted that line from my h2xs.

The same problem is in Negotiate.pm,
use 5.008006; can be deleted.

The dependencies are to GSSAPI 0.18
MIME::Base64 2.12;

both have to be added to Makefile.PL
and the META.yml.

Achim

Re: [Perlgssapi-developer] Re: Feedback on LWP-Authen-Negotiate-0.02

[Leif J. <le...@it...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Achim Grolms wrote:
> On Friday 17 February 2006 07:50, Leif Johansson wrote:
>> Dax Kelson wrote:
>>
>> Are you talking about the variable reuse for $status? Imho it is
>> acceptable in this case since they both represent return-status
>> from different functions from the same library.
> 
> GSSAPI::Name->import()
> 
> can fail. throwing away the return value is not a good idea.
> 
> a reason for fail can just be a typo in DNS or /etc/hosts
> (GSSAPI is using DNS for resolution to canonical hostname).
> 
> the implementation does not print debugging information,
> that is a problen (just think of expired credentials).
> 
> 
> This is my implementation:
> 
> 
> 
> 
> 
> 
> package LWP::Authen::Negotiate;
> 
> use strict;
> use warnings;
> 
> require Exporter;
> use AutoLoader qw(AUTOLOAD);
> 
> our @ISA = qw(Exporter);
> 
> # Items to export into callers namespace by default. Note: do not export
> # names by default without a very good reason. Use EXPORT_OK instead.
> # Do not simply export all your public functions/methods/constants.
> 
> # This allows declaration use LWP::Authen::Negotiate ':all';
> # If you do not need this, moving things directly into @EXPORT or @EXPORT_OK
> # will save memory.
> our %EXPORT_TAGS = ( 'all' => [ qw(
> 
> ) ] );
> 
> our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
> 
> our @EXPORT = qw(
> 
> );
> 
> our $VERSION = '0.04';
> 
> 
> use MIME::Base64 "2.12";
> use GSSAPI 0.18;
> 
> 
> sub authenticate
>   {
>     LWP::Debug::debug("authenticate() called");
>     my ($class,$ua,$proxy,$auth_param,$response,$request,$arg,$size) = @_;
> 
>     my $uri = URI->new($request->uri);
>     my $targethost = $request->uri()->host();
> 
>     my ($otime,$omech,$otoken,$oflags);
>     my $target;
>     my $status;
>     TRY: {
>         $status  = GSSAPI::Name->import(
>                       $target,
>                       join( '@', 'HTTP', $targethost ),
>         GSSAPI::OID::gss_nt_hostbased_service
>    );
>         last TRY if  ( $status->major != GSS_S_COMPLETE );
>         my $tname;
>         $target->display( $tname );
>         LWP::Debug::debug("target hostname $targethost");
>         LWP::Debug::debug("GSSAPI servicename $tname");
>         my $auth_header = $proxy ? "Proxy-Authorization" : "Authorization";
> 
>         my $itoken = q{};
>         foreach ($response->header('WWW-Authenticate')) {
>           last if /^Negotiate (.+)/ && ($itoken=decode_base64($1));
>         }
> 
>         my $ctx = GSSAPI::Context->new();
>         my $imech = GSSAPI::OID::gss_mech_krb5;
>         #my $iflags = GSS_C_MUTUAL_FLAG;
>         my $iflags = GSS_C_REPLAY_FLAG;
>         my $bindings = GSS_C_NO_CHANNEL_BINDINGS;
>         my $creds = GSS_C_NO_CREDENTIAL;
>         my $itime = 0;
>  $status = $ctx->init($creds,$target,$imech,$iflags,$itime,$bindings,$itoken,
>                       $omech,$otoken,$oflags,$otime);
>         if  (    $status->major == GSS_S_COMPLETE
>        or $status->major == GSS_S_CONTINUE_NEEDED   ) {
>             LWP::Debug::debug( 'successfull $ctx->init()');
>      my $referral = $request->clone;
>      $referral->header( $auth_header => "Negotiate ".encode_base64
> ($otoken,""));
>      return $ua->request( $referral, $arg, $size, $response );
>  }
>     }
>     if ( $status->major != GSS_S_COMPLETE  ) {
>        LWP::Debug::debug( $status->generic_message());
>        LWP::Debug::debug( $status->specific_message() );
>        return $response;
>     }
> }
> 
> 1;
> __END__
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Perlgssapi-developer mailing list
> Per...@li...
> https://lists.sourceforge.net/lists/listinfo/perlgssapi-developer

Can you send me a patch for that against my 0.03 I just uploaded?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9amm8Jx8FtbMZncRAltIAJ0SvyI97ubE6Mv65FfJtlvOxq09/ACggUda
susubIG7RurlKDyGQ5Uc84U=
=8ZU+
-----END PGP SIGNATURE-----

Re: [Perlgssapi-developer] [Fwd: CPAN Upload: L/LE/LEIFJ/LWP-Authen-Negotiate-0.03.tar.gz]

[Leif J. <le...@it...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Achim Grolms wrote:
> On Friday 17 February 2006 08:43, Leif Johansson wrote:
>> next
> 
> 
> achim@thor [/tmp/leif/LWP-Authen-Negotiate-0.03]$ perl Makefile.PL
> Perl v5.8.6 required--this is only v5.8.4, stopped at Makefile.PL line 1.
> BEGIN failed--compilation aborted at Makefile.PL line 1.
> achim@thor [/tmp/leif/LWP-Authen-Negotiate-0.03]$                
> 
> 
> Hmmm?

Didn't change that. Your env didn't change? Whats your version dep
for GSSAPI?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9alJ8Jx8FtbMZncRAiJGAKCihQOU6i0p6mrEOx9a1vcOIRt9/wCbB8BR
3pLNHYe+1Y4q+AEb9w2RoO4=
=tLC8
-----END PGP SIGNATURE-----

Re: [Perlgssapi-developer] [Fwd: CPAN Upload: L/LE/LEIFJ/LWP-Authen-Negotiate-0.03.tar.gz]

[Achim G. <per...@gr...>]

On Friday 17 February 2006 08:43, Leif Johansson wrote:
> next


achim@thor [/tmp/leif/LWP-Authen-Negotiate-0.03]$ perl Makefile.PL
Perl v5.8.6 required--this is only v5.8.4, stopped at Makefile.PL line 1.
BEGIN failed--compilation aborted at Makefile.PL line 1.
achim@thor [/tmp/leif/LWP-Authen-Negotiate-0.03]$                


Hmmm?

Re: [Perlgssapi-developer] Re: Feedback on LWP-Authen-Negotiate-0.02

[Achim G. <per...@gr...>]

On Friday 17 February 2006 07:50, Leif Johansson wrote:
> Dax Kelson wrote:
>
> Are you talking about the variable reuse for $status? Imho it is
> acceptable in this case since they both represent return-status
> from different functions from the same library.

GSSAPI::Name->import()

can fail. throwing away the return value is not a good idea.

a reason for fail can just be a typo in DNS or /etc/hosts
(GSSAPI is using DNS for resolution to canonical hostname).

the implementation does not print debugging information,
that is a problen (just think of expired credentials).


This is my implementation:






package LWP::Authen::Negotiate;

use strict;
use warnings;

require Exporter;
use AutoLoader qw(AUTOLOAD);

our @ISA = qw(Exporter);

# Items to export into callers namespace by default. Note: do not export
# names by default without a very good reason. Use EXPORT_OK instead.
# Do not simply export all your public functions/methods/constants.

# This allows declaration use LWP::Authen::Negotiate ':all';
# If you do not need this, moving things directly into @EXPORT or @EXPORT_OK
# will save memory.
our %EXPORT_TAGS = ( 'all' => [ qw(

) ] );

our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );

our @EXPORT = qw(

);

our $VERSION = '0.04';


use MIME::Base64 "2.12";
use GSSAPI 0.18;


sub authenticate
  {
    LWP::Debug::debug("authenticate() called");
    my ($class,$ua,$proxy,$auth_param,$response,$request,$arg,$size) = @_;

    my $uri = URI->new($request->uri);
    my $targethost = $request->uri()->host();

    my ($otime,$omech,$otoken,$oflags);
    my $target;
    my $status;
    TRY: {
        $status  = GSSAPI::Name->import(
                      $target,
                      join( '@', 'HTTP', $targethost ),
        GSSAPI::OID::gss_nt_hostbased_service
   );
        last TRY if  ( $status->major != GSS_S_COMPLETE );
        my $tname;
        $target->display( $tname );
        LWP::Debug::debug("target hostname $targethost");
        LWP::Debug::debug("GSSAPI servicename $tname");
        my $auth_header = $proxy ? "Proxy-Authorization" : "Authorization";

        my $itoken = q{};
        foreach ($response->header('WWW-Authenticate')) {
          last if /^Negotiate (.+)/ && ($itoken=decode_base64($1));
        }

        my $ctx = GSSAPI::Context->new();
        my $imech = GSSAPI::OID::gss_mech_krb5;
        #my $iflags = GSS_C_MUTUAL_FLAG;
        my $iflags = GSS_C_REPLAY_FLAG;
        my $bindings = GSS_C_NO_CHANNEL_BINDINGS;
        my $creds = GSS_C_NO_CREDENTIAL;
        my $itime = 0;
 $status = $ctx->init($creds,$target,$imech,$iflags,$itime,$bindings,$itoken,
                      $omech,$otoken,$oflags,$otime);
        if  (    $status->major == GSS_S_COMPLETE
       or $status->major == GSS_S_CONTINUE_NEEDED   ) {
            LWP::Debug::debug( 'successfull $ctx->init()');
     my $referral = $request->clone;
     $referral->header( $auth_header => "Negotiate ".encode_base64
($otoken,""));
     return $ua->request( $referral, $arg, $size, $response );
 }
    }
    if ( $status->major != GSS_S_COMPLETE  ) {
       LWP::Debug::debug( $status->generic_message());
       LWP::Debug::debug( $status->specific_message() );
       return $response;
    }
}

1;
__END__

[Perlgssapi-developer] [Fwd: CPAN Upload: L/LE/LEIFJ/LWP-Authen-Negotiate-0.03.tar.gz]

[Leif J. <le...@it...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

next
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9X6Z8Jx8FtbMZncRAk3MAJoCr7FGogY8xqyeUQ6qzaGN6F+RSACgjHPi
+T7cFqxag8/bnbffCnCERxA=
=BnGR
-----END PGP SIGNATURE-----

Re: [Perlgssapi-developer] registered namespace LWP::Authen::Negotiate

[Leif J. <le...@it...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Achim Grolms wrote:
> On Thursday 16 February 2006 22:46, Leif Johansson wrote:
>> Achim Grolms wrote:
>>> registered namespace LWP::Authen::Negotiate.
>>>
>>> I have granted upload Permissions to LEIFJ.
>> I uploaded LWP::Authen::Negotiate -
> 
> "
> LWP::Authen::Negotiate - Perl extension for blah blah blah
> 
> SYNOPSIS 
> 
> use LWP::Authen::Negotiate;
> blah blah blah
>  
> DESCRIPTION 
> 
> Stub documentation for LWP::Authen::Negotiate, created by h2xs. It looks like 
> the author of the extension was negligent enough to leave the stub unedited.
> 
> Blah blah blah."
> 
> 
> What's that?

It's the "Stub documentation for LWP::Authen::Negotiate, created by h2xs" !
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9XUP8Jx8FtbMZncRAvsvAJ9D1eOVgcGCRVD8cFCGSUf1g0Kw/wCfe2ba
/qQLnJiTOtaE9iGmwJoxNww=
=JCqT
-----END PGP SIGNATURE-----

Re: [Perlgssapi-developer] registered namespace LWP::Authen::Negotiate

[Leif J. <le...@it...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dax Kelson wrote:
> On Thu, 2006-02-16 at 22:46 +0100, Leif Johansson wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Achim Grolms wrote:
>>> registered namespace LWP::Authen::Negotiate.
>>>
>>> I have granted upload Permissions to LEIFJ.
>>>
>> I uploaded LWP::Authen::Negotiate - not sure how to get it to the right
>> place though...
> 
> I have GSSAPI 0.18 installed.
> 
> Here is a 'make test' run on LWP::Authen::Negotiate on Fedora Core v4.
> 
> 
> $ make test
> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
> t/LWP-Authen-Negotiate....ok 1/1Use of uninitialized value in subroutine
> entry
> at /tmp/too/LWP-Authen-Negotiate-0.02/blib/lib/LWP/Authen/Negotiate.pm
> line 76.
>         (in cleanup) oid has no value
> at /usr/lib/perl5/vendor_perl/5.8.6/LWP/UserAgent.pm line 403.
> 401 Access Denied at t/LWP-Authen-Negotiate.t line 24.
> # Looks like your test died just after 1.
> t/LWP-Authen-Negotiate....dubious
>         Test returned status 255 (wstat 65280, 0xff00)
>         after all the subtests completed successfully
> Failed Test              Stat Wstat Total Fail  Failed  List of Failed
> -------------------------------------------------------------------------------
> t/LWP-Authen-Negotiate.t  255 65280     1    0   0.00%  ??
> Failed 1/1 test scripts, 0.00% okay. 0/1 subtests failed, 100.00% okay.
> make: *** [test_dynamic] Error 2
> 
> You test has hardcoded:
> 
> my $response = $ua->get('http://miffo.m.l.nxs.se/')
> 
> You probably want to re-think how the test should be. :)

Probably :-) 0.02 doh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9XTh8Jx8FtbMZncRAn0eAJoC1E5/Q9h4kXt8y7SjCGyA05yINQCeKrJJ
Z1QzEkPrUKbzYpyYGHqWGe0=
=tJJv
-----END PGP SIGNATURE-----

[Perlgssapi-developer] Re: Feedback on LWP-Authen-Negotiate-0.02

[Leif J. <le...@it...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dax Kelson wrote:
> A 'make test' generates the error:
> 
> Use of uninitialized value in subroutine entry
> at /tmp/too/LWP-Authen-Negotiate-0.02/blib/lib/LWP/Authen/Negotiate.pm
> line 76.
> 
>      57     my $status = GSSAPI::Name->import($target,"HTTP@".$uri->host,GSSAPI::OID::gss_nt_hostbased_service);
>      58         my $tname;
>      59         $target->display($tname);
>      60         #warn "Using HTTP@".$uri->host." -> ".$tname."\n";
>      61     my $auth_header = $proxy ? "Proxy-Authorization" : "Authorization";
>      62
>      63     my $itoken;
>      64     foreach ($response->header('WWW-Authenticate')) {
>      65       last if /^Negotiate (.+)/ && ($itoken=decode_base64($1));
>      66     }
>      67
>      68     my $ctx = GSSAPI::Context->new();
>      69     my $mech = $ENV{LWP_AUTHEN_NEGOTIATE_MECH} || 'KRB5';
>      70     my $imech = mech2oid($mech);
>      71     $imech = GSSAPI::OID::gss_mech_krb5 unless $imech;
>      72     my $iflags = GSS_C_MUTUAL_FLAG;
>      73     my $bindings = GSS_C_NO_CHANNEL_BINDINGS;
>      74     my $creds = GSS_C_NO_CREDENTIAL;
>      75     my $itime = 0;
>      76     $status = $ctx->init($creds,$target,$imech,$iflags,$itime,$bindings,$itoken,$omech,$otoken,$oflags,$otime);
> 
> Line 57 and line 76 together look strange. Should one of them use a different name?
> 
> Dax Kelson
> Guru Labs
> 

Are you talking about the variable reuse for $status? Imho it is
acceptable in this case since they both represent return-status
from different functions from the same library.

	MVH leifj
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9XI+8Jx8FtbMZncRAoutAJ90SoQgVbUGlHazTkkpe+2I9lp4SACgjQxC
tHFPR7PJByNwVsQ7IfZWQQY=
=IhLV
-----END PGP SIGNATURE-----

[Perlgssapi-developer] Feedback on LWP-Authen-Negotiate-0.02

[Dax K. <da...@gu...>]

A 'make test' generates the error:

Use of uninitialized value in subroutine entry
at /tmp/too/LWP-Authen-Negotiate-0.02/blib/lib/LWP/Authen/Negotiate.pm
line 76.

     57     my $status = GSSAPI::Name->import($target,"HTTP@".$uri->host,GSSAPI::OID::gss_nt_hostbased_service);
     58         my $tname;
     59         $target->display($tname);
     60         #warn "Using HTTP@".$uri->host." -> ".$tname."\n";
     61     my $auth_header = $proxy ? "Proxy-Authorization" : "Authorization";
     62
     63     my $itoken;
     64     foreach ($response->header('WWW-Authenticate')) {
     65       last if /^Negotiate (.+)/ && ($itoken=decode_base64($1));
     66     }
     67
     68     my $ctx = GSSAPI::Context->new();
     69     my $mech = $ENV{LWP_AUTHEN_NEGOTIATE_MECH} || 'KRB5';
     70     my $imech = mech2oid($mech);
     71     $imech = GSSAPI::OID::gss_mech_krb5 unless $imech;
     72     my $iflags = GSS_C_MUTUAL_FLAG;
     73     my $bindings = GSS_C_NO_CHANNEL_BINDINGS;
     74     my $creds = GSS_C_NO_CREDENTIAL;
     75     my $itime = 0;
     76     $status = $ctx->init($creds,$target,$imech,$iflags,$itime,$bindings,$itoken,$omech,$otoken,$oflags,$otime);

Line 57 and line 76 together look strange. Should one of them use a different name?

Dax Kelson
Guru Labs

Re: [Perlgssapi-developer] registered namespace LWP::Authen::Negotiate

[Achim G. <per...@gr...>]

On Thursday 16 February 2006 22:46, Leif Johansson wrote:
> Achim Grolms wrote:
> > registered namespace LWP::Authen::Negotiate.
> >
> > I have granted upload Permissions to LEIFJ.
>
> I uploaded LWP::Authen::Negotiate -

"
LWP::Authen::Negotiate - Perl extension for blah blah blah

SYNOPSIS 

use LWP::Authen::Negotiate;
blah blah blah
 
DESCRIPTION 

Stub documentation for LWP::Authen::Negotiate, created by h2xs. It looks like 
the author of the extension was negligent enough to leave the stub unedited.

Blah blah blah."


What's that?

Re: [Perlgssapi-developer] GSSAPI and cpan2rpm

[Achim G. <per...@gr...>]

On Thursday 16 February 2006 23:45, Dax Kelson wrote:
> On Thu, 2006-02-16 at 23:38 +0100, Achim Grolms wrote:

> It works if you do:
>
> cpan2rpm --version 0.18 GSSAPI-0.18.tar.gz
>
> It is just that the --version really shouldn't be needed.

But that means that my module provides the version number
where cpan2rpm is searching.

I dont't *know* where to put additionally information.
I don't know where the cpan2rpm is searching for it.

I will have a look into cpan2rpm, but maybe it is faster
if you tell me where your cpan2rpm is searching for information ;-)

Achim

Re: [Perlgssapi-developer] GSSAPI and cpan2rpm

[Dax K. <da...@gu...>]

On Thu, 2006-02-16 at 23:38 +0100, Achim Grolms wrote:
> On Thursday 16 February 2006 23:31, Dax Kelson wrote:
> 
> > You can get a copy of cpan2rpm from:
> >
> > http://perl.arix.com/cpan2rpm/
> 
> from the manual:
> 
> --version=float-value
>  
> The script determines the version number of the module by consulting the 
> Makefile.PL's VERSION or VERSION_FROM fields. If neither is specified, it 
> parses the tarball name. 
> 
> Hmm.
> 
> First - what happens if your run
>  cpan2rpm with option --version?
> 
> Does that find the version number?
> 
> Achim

It works if you do:

cpan2rpm --version 0.18 GSSAPI-0.18.tar.gz

It is just that the --version really shouldn't be needed.

Dax Kelson
Guru Labs

Re: [Perlgssapi-developer] GSSAPI and cpan2rpm

[Achim G. <per...@gr...>]

On Thursday 16 February 2006 23:31, Dax Kelson wrote:

> You can get a copy of cpan2rpm from:
>
> http://perl.arix.com/cpan2rpm/

from the manual:

--version=float-value
 
The script determines the version number of the module by consulting the 
Makefile.PL's VERSION or VERSION_FROM fields. If neither is specified, it 
parses the tarball name. 

Hmm.

First - what happens if your run
 cpan2rpm with option --version?

Does that find the version number?

Achim

Re: [Perlgssapi-developer] registered namespace LWP::Authen::Negotiate

[Dax K. <da...@gu...>]

On Thu, 2006-02-16 at 22:46 +0100, Leif Johansson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Achim Grolms wrote:
> > registered namespace LWP::Authen::Negotiate.
> > 
> > I have granted upload Permissions to LEIFJ.
> > 
> 
> I uploaded LWP::Authen::Negotiate - not sure how to get it to the right
> place though...

I have GSSAPI 0.18 installed.

Here is a 'make test' run on LWP::Authen::Negotiate on Fedora Core v4.


$ make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/LWP-Authen-Negotiate....ok 1/1Use of uninitialized value in subroutine
entry
at /tmp/too/LWP-Authen-Negotiate-0.02/blib/lib/LWP/Authen/Negotiate.pm
line 76.
        (in cleanup) oid has no value
at /usr/lib/perl5/vendor_perl/5.8.6/LWP/UserAgent.pm line 403.
401 Access Denied at t/LWP-Authen-Negotiate.t line 24.
# Looks like your test died just after 1.
t/LWP-Authen-Negotiate....dubious
        Test returned status 255 (wstat 65280, 0xff00)
        after all the subtests completed successfully
Failed Test              Stat Wstat Total Fail  Failed  List of Failed
-------------------------------------------------------------------------------
t/LWP-Authen-Negotiate.t  255 65280     1    0   0.00%  ??
Failed 1/1 test scripts, 0.00% okay. 0/1 subtests failed, 100.00% okay.
make: *** [test_dynamic] Error 2

You test has hardcoded:

my $response = $ua->get('http://miffo.m.l.nxs.se/')

You probably want to re-think how the test should be. :)

Dax Kelson
Guru Labs

Re: [Perlgssapi-developer] GSSAPI and cpan2rpm

[Dax K. <da...@gu...>]

On Thu, 2006-02-16 at 23:18 +0100, Achim Grolms wrote:

> Try what happens if you change that to
> 
> >WriteMakefile(
>      LIBS               => join (' ', @GSSLIBS),
>     'NAME'              => 'GSSAPI',
>     'VERSION'           => '0.18',
>     'PREREQ_PM'         => { 'Test::More' => 0 },
>     @LDDLFLAGS,
>     'DEFINE'            => join (' ', @EXTRADEFINES),
>     'INC'               => $incconf,
>     'macro'             => { OTHER_XS => $otherxs },
>     'depend'            => { 'GSSAPI.c' => '$(OTHER_XS)' }
> );
> 
> 
> and let me know, i will change that in distribution if that
> breaks things.

That didn't seem to work. I'm not sure why the original doesn't work
either.

You can get a copy of cpan2rpm from:

http://perl.arix.com/cpan2rpm/

Dax Kelson
Guru Labs

Re: [Perlgssapi-developer] GSSAPI and cpan2rpm

[Achim G. <per...@gr...>]

On Thursday 16 February 2006 23:13, Dax Kelson wrote:
> On Thu, 2006-02-16 at 15:11 -0700, Dax Kelson wrote:
> > Is there some metadata missing?
>
> According to the man page for cpan2rpm:
>
> "The script determines the version number of the module by consulting
> the Makefile.PL=E2=80=99s VERSION or VERSION_FROM fields."


The Makefile goes like this:

>WriteMakefile(
     LIBS               =3D> join (' ', @GSSLIBS),
    'NAME'              =3D> 'GSSAPI',
    'VERSION_FROM'      =3D> 'GSSAPI.pm',
    'PREREQ_PM'         =3D> { 'Test::More' =3D> 0 },
    @LDDLFLAGS,
    'DEFINE'            =3D> join (' ', @EXTRADEFINES),
    'INC'               =3D> $incconf,
    'macro'             =3D> { OTHER_XS =3D> $otherxs },
    'depend'            =3D> { 'GSSAPI.c' =3D> '$(OTHER_XS)' }
);

Try what happens if you change that to

>WriteMakefile(
     LIBS               =3D> join (' ', @GSSLIBS),
    'NAME'              =3D> 'GSSAPI',
    'VERSION'           =3D> '0.18',
    'PREREQ_PM'         =3D> { 'Test::More' =3D> 0 },
    @LDDLFLAGS,
    'DEFINE'            =3D> join (' ', @EXTRADEFINES),
    'INC'               =3D> $incconf,
    'macro'             =3D> { OTHER_XS =3D> $otherxs },
    'depend'            =3D> { 'GSSAPI.c' =3D> '$(OTHER_XS)' }
);


and let me know, i will change that in distribution if that
breaks things.

Achim

Re: [Perlgssapi-developer] GSSAPI and cpan2rpm

[Achim G. <per...@gr...>]

On Thursday 16 February 2006 23:11, Dax Kelson wrote:
> Is there some metadata missing?

Maybe...
I've not thought on that.
What Metadata in what format has to be added?
(I am not using CPAN+).

Thank you,
Achim