perlgssapi-developer Mailing List for Perl GSSAPI bindings (Page 6)
Brought to you by:
achimgrolms
Menu
▾
▴
perlgssapi-developer — discussion of development process
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
(99) |
Mar
(17) |
Apr
(8) |
May
(6) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
(10) |
Feb
(6) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
(4) |
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
|
From: Merijn B. <me...@il...> - 2006-02-10 17:05:09
|
I also need to compile this on windows and guess what? It ain't
compiling. Grrr.=20
link -out:blib\arch\auto\GSSAPI\GSSAPI.dll -dll -nologo -nodefaultl=
ib -debug -opt:ref,icf -libpath:"\\\\ms\dist\perl5\PROJ\core\5.8.4-0\.exec\=
ia32.nt.4.0\lib\perl5\perl5\CORE" -machine:x86 GSSAPI.obj \\ms\dist\perl5\P=
ROJ\core\5.8.4-0\.exec\ia32.nt.4.0\lib\perl5\CORE\perl58.lib \\ms\dist\kerb=
eros\PROJ\mitkfw\2.6.5-prod\lib\gssapi32.lib \\ms\dist\kerberos\PROJ\mitkfw=
\2.6.5-prod\lib\comerr32.lib \\ms\dist\kerberos\PROJ\mitkfw\2.6.5-prod\lib\=
krb5_32.lib \\ms\dist\microsoft\PROJ\vc\7.0\lib\oldnames.lib \\ms\dist\micr=
osoft\PROJ\sdk\03.02\Lib\kernel 32.lib \\ms\dist\microsoft\PROJ\sdk\03.02\L=
ib\user32.lib \\ms\dist\microsoft\PROJ\sdk\03.02\Lib\gdi32.lib \\ms\dist\mi=
crosoft\PROJ\sdk\03.02\Lib\winspool.lib \\ms\dist\microsoft\PROJ\sdk\03.02\=
Lib\comdlg32.lib \\ms\dist\microsoft\PROJ\sdk\03.02\Lib\advapi32.lib \\ms\d=
ist\microsoft\PROJ\sdk\03.02\Lib\shell32.lib \\ms\dist\microsoft\PROJ\sdk\0=
3.02\Lib\ole32.lib \\ms\dist\microsoft\PROJ\sdk\03.02\Lib\oleaut32.lib \\ms=
\dist\microsoft\PROJ\sdk\03.02\Lib\netapi32.lib \\ms\dist\microsoft\PROJ\sd=
k\03.02\Lib\uuid.lib \\ms\dist\microsoft\PROJ\sdk\03.02\Lib\wsock32 .lib \\=
ms\dist\microsoft\PROJ\sdk\03.02\Lib\mpr.lib \\ms\dist\microsoft\PROJ\sdk\0=
3.02\Lib\winmm.lib \\ms\dist\microsoft\PROJ\sdk\03.02\Lib\version.lib \\ms\=
dist\microsoft\PROJ\sdk\03.02\Lib\odbc32.lib \\ms\dist\microsoft\PROJ\sdk\0=
3.02\Lib\odbccp32.lib \\ms\dist\microsoft\PROJ\vc\7.0\lib\msvcrt.lib -def:G=
SSAPI.def
Creating library blib\arch\auto\GSSAPI\GSSAPI.lib and object
blib\arch\auto\GSSAPI\GSSAPI.exp
GSSAPI.obj : error LNK2001: unresolved external symbol _gss_mech_set_krb5_b=
oth
GSSAPI.obj : error LNK2001: unresolved external symbol _gss_mech_set_krb5_o=
ld
GSSAPI.obj : error LNK2001: unresolved external symbol _gss_mech_set_krb5
GSSAPI.obj : error LNK2001: unresolved external symbol _gss_nt_exported_name
GSSAPI.obj : error LNK2001: unresolved external symbol _gss_nt_krb5_name
GSSAPI.obj : error LNK2001: unresolved external symbol _gss_nt_krb5_princip=
al
GSSAPI.obj : error LNK2001: unresolved external symbol _gss_mech_krb5
GSSAPI.obj : error LNK2001: unresolved external symbol _gss_mech_krb5_old
blib\arch\auto\GSSAPI\GSSAPI.dll : fatal error LNK1120: 8 unresolved
externals
NMAKE : fatal error U1077: 'link' : return code '0x460'
Stop.
\\ms\dist\fsf\PROJ\make\prod\bin\gmake.exe[1]: ***
[install-5.8-main-makemaker] Error 2
\\ms\dist\fsf\PROJ\make\prod\bin\gmake.exe[1]: Leaving directory
`M:/dev/perl5/GSSAPI/0.16-1.4/src'
These are the symbols I removed in my private version.=20
Mmmmm....
--=20
Merijn Broeren | Sometime in the middle ages, God got fed up with us=20
Software Geek | and put earth at sol.milky-way.univ in his kill-file.
| Pray all you want, it just gets junked.
|
|
From: Achim G. <per...@gr...> - 2006-02-10 13:45:09
|
On Friday 10 February 2006 12:38, Leif Johansson wrote: > For your reference - this is the version I am working with now. Thank you! find attached POD documentation patch. Achim |
|
From: Achim G. <per...@gr...> - 2006-02-10 13:12:51
|
registered namespace LWP::Authen::Negotiate. I have granted upload Permissions to LEIFJ. Achim ---------- Forwarded Message ---------- Subject: New module LWP::Authen::Negotiate Date: Friday 10 February 2006 14:02 From: "Perl Authors Upload Server" <up...@pa...> To: mo...@pe..., ag...@cp... The next version of the Module List will list the following module: modid: LWP::Authen::Negotiate DSLIP: ampfp description: HTTP Negotiate Authentication Scheme for LWP userid: AGROLMS (Achim Grolms) chapterid: 15 (World_Wide_Web_HTML_HTTP_CGI) enteredby: ADAMK (Adam Kennedy) enteredon: Fri Feb 10 13:02:24 2006 GMT The resulting entry will be: LWP::Authen:: ::Negotiate ampfp HTTP Negotiate Authentication Scheme for LWP AGROLMS Please allow a few days until the entry will appear in the published module list. Parts of the data listed above can be edited interactively on the PAUSE. See https://pause.perl.org/pause/authenquery?ACTION=edit_mod Thanks for registering, -- The PAUSE ------------------------------------------------------- |
|
From: Leif J. <le...@it...> - 2006-02-10 11:39:28
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Achim Grolms wrote: > On Friday 10 February 2006 03:49, Dax Kelson wrote: >> Is the GSSAPI module now in good shape or is there a todo list? >> >> I compiled and tested v0.15 on Fedora Core v4. All tests passed as well >> as ./examples/getcred_hostbased.pl. >> >> Is there a version of LWP::Authen::Negotiate that uses GSSAPI instead of >> Authen::SPNEGO::GSSAPI? > > Yes, it's the Leif Johansson Module. > I am trying to register namespace "LWP::Authen::Negotiate" on CPAN for him > an I think he is going to upload un Sunday or Monday. > > His first testrelease li...@pe... > is still available at > > <http://www.nntp.perl.org/group/perl.libwww/;msgid=42E8C852.9030303 > [at]it.su.se> > For your reference - this is the version I am working with now. I will test against GSSAPI-0.15 and upload as soon as I get hold of a working network. Today and tomorrow I am on GPRS which sucks too much for this kind of work. MVH leifj -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD7HtT8Jx8FtbMZncRAsoUAKC5aLeGnA9cquuovDUujHawDFfHOACfdEnB AwTxVbkXICMaW6eDTSWnZz0= =5vtK -----END PGP SIGNATURE----- |
|
From: Achim G. <per...@gr...> - 2006-02-10 11:26:52
|
On Friday 10 February 2006 03:49, Dax Kelson wrote: > Is the GSSAPI module now in good shape or is there a todo list? > > I compiled and tested v0.15 on Fedora Core v4. All tests passed as well > as ./examples/getcred_hostbased.pl. > > Is there a version of LWP::Authen::Negotiate that uses GSSAPI instead of > Authen::SPNEGO::GSSAPI? Yes, it's the Leif Johansson Module. I am trying to register namespace "LWP::Authen::Negotiate" on CPAN for him an I think he is going to upload un Sunday or Monday. His first testrelease li...@pe... is still available at <http://www.nntp.perl.org/group/perl.libwww/;msgid=42E8C852.9030303 [at]it.su.se> Thank you, Achim |
|
From: Dax K. <da...@gu...> - 2006-02-10 02:49:33
|
Is the GSSAPI module now in good shape or is there a todo list? I compiled and tested v0.15 on Fedora Core v4. All tests passed as well as ./examples/getcred_hostbased.pl. Is there a version of LWP::Authen::Negotiate that uses GSSAPI instead of Authen::SPNEGO::GSSAPI? I have a project that I could test it out on. Dax Kelson |
|
From: Achim G. <per...@gr...> - 2006-02-10 00:56:29
|
On Friday 10 February 2006 00:11, Merijn Broeren wrote:
> > b) bypassed to LDDLFLAGS?
> >
> > (My code does (b) now)
>
> I'd go with b).
That is implemented in GSSAPI-0.16 on CPAN
from Changes file:
0.16 -changed Context.xs Destructor to warn only on GSS_S_FAILURE
(see
<http://sourceforge.net/mailarchive/forum.php?thread_id=9674417&forum_id=47637>)
-Makefile.PL passes all the (needed!) krb5-config --libs gssapi stuff
that is
ignored by LIBS to LDDLFLGAS
-Tried to add userdocumentation to GSSAPI.pm (GSSAPI::Name)
|
|
From: Achim G. <per...@gr...> - 2006-02-09 23:23:59
|
Hello, to make (GSSAPI.pm) user's life easier, i had added the examples directory with getcred_hostbased.pl to the distribution. If you are using the modules for you Scripts I think you have code at hand that can be put into short example scripts. Pleas send me - if you have some - example skripts that use the GSSAPI module. I will put them into the distribution then. Thank you, Achim |
|
From: Merijn B. <me...@il...> - 2006-02-09 23:12:02
|
Quoting Achim Grolms (per...@gr...):
> That makes my splitter looks like this:
>
> #-------------------------------------------------
> sub find_libs_in_krb5config_string {
> my ( $confstringstring ) = @_;
> my (@libs, @others);
> foreach ( split ' ', $confstringstring ) {
> if ( m/(-(Wl,-R|[LlR])[^ ]*)/) {
> push @libs, $1
> } else {
> push @others, $_;
> }
> }
> return (\@libs, \@others);
> }
> #-------------------------------------------------
>
> with @others passed to LDDLFLAGS.
>
That looks fine.
> On my Slowlaris test that puts -z (from krb5-config output) into LDDLFLAGS.
>
> Using LDDLFLAGS -z combreloc -z text -z ignore
>
> Should -z
>
> a) better be ignored
>
> or
>
> b) bypassed to LDDLFLAGS?
>
> (My code does (b) now)
>
I'd go with b). It is an interesting question though, since those are
the options that were used to build the gssapi C library. Some of them
might not be applicable to the Perl library. I just had a look at the
man page for Solaris ld and for example '-z ignore' is the opposite of
default linker behaviour. Mmmm. In most all cases the options should be
fine, so just pass them through.
Cheers,
--
Merijn Broeren | Sometime in the middle ages, God got fed up with us
Software Geek | and put earth at sol.milky-way.univ in his kill-file.
| Pray all you want, it just gets junked.
|
|
From: Achim G. <per...@gr...> - 2006-02-09 21:59:20
|
On Thursday 09 February 2006 20:48, Merijn Broeren wrote:
> No, I'd follow the logic of ExtUtils, so split all the -L, -R, -l stuff
> into LIBS and the rest into LDDLFLAGS, together with the flags from
> Config.
That makes my splitter looks like this:
#-------------------------------------------------
sub find_libs_in_krb5config_string {
my ( $confstringstring ) = @_;
my (@libs, @others);
foreach ( split ' ', $confstringstring ) {
if ( m/(-(Wl,-R|[LlR])[^ ]*)/) {
push @libs, $1
} else {
push @others, $_;
}
}
return (\@libs, \@others);
}
#-------------------------------------------------
with @others passed to LDDLFLAGS.
On my Slowlaris test that puts -z (from krb5-config output) into LDDLFLAGS.
Using LDDLFLAGS -z combreloc -z text -z ignore
Should -z
a) better be ignored
or
b) bypassed to LDDLFLAGS?
(My code does (b) now)
Thank you,
Achim
|
|
From: Merijn B. <me...@il...> - 2006-02-09 19:48:15
|
Quoting Achim Grolms (per...@gr...):
> On Thursday 09 February 2006 17:53, Merijn Broeren wrote:
> > Quoting Achim Grolms (per...@gr...):
> > > Find attached the patch of my solution.
> > > (Can you test if that works for you?)
> >
> > Will do tomorrow morning...
>
> BTW:
> if -L is present in krb5-config --libs gssapi
> (like in "-L/usr/lib -Wl,-rpath -Wl,/usr/lib -lgssapi_krb5 -lkrb5 -lk5crypto
> -lcom_err -lresolv") -
>
> has the -L/usr/lib to be passed to LDDLFLAGS too or it is ok
> to pass it only to LIBS (like my actual version does?)
>
> Or has the complete output of krb5-config --libs gssapi
> to be in LDDLFLAGS?
>
No, I'd follow the logic of ExtUtils, so split all the -L, -R, -l stuff
into LIBS and the rest into LDDLFLAGS, together with the flags from
Config. In any case, if it doesn't work out for someone they can always
fine tune it by bypassing krb5-config using the precise arguments.
Cheers,
--
Merijn Broeren | Sometime in the middle ages, God got fed up with us
Software Geek | and put earth at sol.milky-way.univ in his kill-file.
| Pray all you want, it just gets junked.
|
|
From: Achim G. <per...@gr...> - 2006-02-09 17:03:34
|
On Thursday 09 February 2006 17:53, Merijn Broeren wrote: > Quoting Achim Grolms (per...@gr...): > > Find attached the patch of my solution. > > (Can you test if that works for you?) > > Will do tomorrow morning... BTW: if -L is present in krb5-config --libs gssapi (like in "-L/usr/lib -Wl,-rpath -Wl,/usr/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv") - has the -L/usr/lib to be passed to LDDLFLAGS too or it is ok to pass it only to LIBS (like my actual version does?) Or has the complete output of krb5-config --libs gssapi to be in LDDLFLAGS? Thank you, Achim |
|
From: Merijn B. <me...@il...> - 2006-02-09 16:53:45
|
Quoting Achim Grolms (per...@gr...):
>
> Find attached the patch of my solution.
> (Can you test if that works for you?)
>
Will do tomorrow morning...
>
> on some of my Testing platform its was a problem
> setting LDDFLAGS and ignoring Installationdefault from
> $Config{lddlflags}.
>
That makes sense.
That makes sense.
>
> if ($options{gssapi_lddlflags}) {
> push @LDDLFLAGS, 'LDDLFLAGS', $options{gssapi_lddlflags}
> }
>
> Do you agree?
>
Yes indeed.
Cheers,
--
Merijn Broeren | Sometime in the middle ages, God got fed up with us
Software Geek | and put earth at sol.milky-way.univ in his kill-file.
| Pray all you want, it just gets junked.
|
|
From: Achim G. <per...@gr...> - 2006-02-09 16:38:16
|
On Thursday 09 February 2006 10:29, Merijn Broeren wrote:
> > split the ouput of
> > kr5-config --libs gssapi
> >
> > to options that LIBS understands (@libs)
> > and options to passed to LLDDLFLAGS
> > (@others) or (@libs, @others)
>
> That would be a nice solution.
Find attached the patch of my solution.
(Can you test if that works for you?)
@Merijn:
on some of my Testing platform its was a problem
setting LDDFLAGS and ignoring Installationdefault from
$Config{lddlflags}.
So my setting of LDDFLAGS becomes
if ( @{$otherparm} > 0 ) {
my $lddflagstring = join ' ', $Config{lddlflags}, @{$otherparm};
print "\n using LDDLFLAGS $lddflagstring";
push @LDDLFLAGS, 'LDDLFLAGS', $lddflagstring ,
}
I think $Config{lddlflags} should be added to your
if ($options{gssapi_lddlflags}) {
push @LDDLFLAGS, 'LDDLFLAGS', $options{gssapi_lddlflags}
}
Do you agree?
Achim
|
|
From: Merijn B. <me...@il...> - 2006-02-09 13:38:57
|
Quoting Achim Grolms (per...@gr...):
> On Thursday 09 February 2006 10:29, Merijn Broeren wrote:
> > Quoting Achim Grolms (per...@gr...):
>
> > > split the ouput of
> > > kr5-config --libs gssapi
> > >
> > > to options that LIBS understands (@libs)
> > > and options to passed to LLDDLFLAGS
> > > (@others) or (@libs, @others)
> >
> > That would be a nice solution. I haven't actually looked at the code
> > that does the IGNOREing, it might let more pass then just -L.
>
> If you do so - please let me know if I have to change the RegEx
> ( m/(-[Ll][^ ]+)/)
>
> that divides the options into @LIBS and @LLDDLFLAGS.
>
Well, the code looks like this :
# Handle possible linker path arguments.
if ($thislib =~ s/^(-[LR]|-Wl,-R)//){ # save path flag type
my($ptype) = $1;
unless (-d $thislib){
warn "$ptype$thislib ignored, directory does not exist\n"
if $verbose;
next;
}
my($rtype) = $ptype;
if (($ptype eq '-R') or ($ptype eq '-Wl,-R')) {
if ($Config{'lddlflags'} =~ /-Wl,-R/) {
$rtype = '-Wl,-R';
} elsif ($Config{'lddlflags'} =~ /-R/) {
$rtype = '-R';
}
}
unless (File::Spec->file_name_is_absolute($thislib)) {
warn "Warning: $ptype$thislib changed to $ptype$pwd/$thislib\n";
$thislib = $self->catdir($pwd,$thislib);
}
push(@searchpath, $thislib);
push(@extralibs, "$ptype$thislib");
push(@ldloadlibs, "$rtype$thislib");
next;
}
# Handle possible library arguments.
unless ($thislib =~ s/^-l//){
warn "Unrecognized argument in LIBS ignored: '$thislib'\n";
next;
}
And I can think of several problems with this code. I'm not too thrilled
to see that it strips out runpaths that do not exist at the time of
configuration. This would be a very normal thing for me to do.
It alllow for -R and for -Wl,-R, so it should in my opinion also allow
for -Wl,-rpath -Wl,. But since it splits on space that might be a bit
more interesting. I'll send a mail to perl5-porters, see what they say.
Cheers,
--
Merijn Broeren | Sometime in the middle ages, God got fed up with us
Software Geek | and put earth at sol.milky-way.univ in his kill-file.
| Pray all you want, it just gets junked.
|
|
From: Achim G. <per...@gr...> - 2006-02-09 11:28:27
|
On Thursday 09 February 2006 10:29, Merijn Broeren wrote: > Quoting Achim Grolms (per...@gr...): > > split the ouput of > > kr5-config --libs gssapi > > > > to options that LIBS understands (@libs) > > and options to passed to LLDDLFLAGS > > (@others) or (@libs, @others) > > That would be a nice solution. I haven't actually looked at the code > that does the IGNOREing, it might let more pass then just -L. If you do so - please let me know if I have to change the RegEx ( m/(-[Ll][^ ]+)/) that divides the options into @LIBS and @LLDDLFLAGS. Thank you, Achim |
|
From: Merijn B. <me...@il...> - 2006-02-09 09:36:39
|
Quoting Achim Grolms (per...@gr...): > On Wednesday 08 February 2006 18:12, Merijn Broeren wrote: > > > But we might want to make this more forgiving, by only warning on > > GSS_S_FAILURE, not on GSS_S_NO_CONTEXT. ;-) > > Is gss_delete_sec_context() able to return GSS_S_FAILURE? > > <http://rfc.net/rfc2744.html> lists only > > GSS_S_COMPLETE and GSS_S_NO_CONTEXT? > rfc2744 is the C bindings. I was looking at this one: http://rfc.net/rfc2743.html#p53 So I say we should warn with the minor error on GSS_S_FAILURE. Cheers, -- Merijn Broeren | Sometime in the middle ages, God got fed up with us Software Geek | and put earth at sol.milky-way.univ in his kill-file. | Pray all you want, it just gets junked. |
|
From: Merijn B. <me...@il...> - 2006-02-09 09:29:45
|
Quoting Achim Grolms (per...@gr...):
> On Wednesday 08 February 2006 18:12, Merijn Broeren wrote:
>
> > if ( major == GSS_S_FAILURE) {
> > warn("failed gss_delete_sec_context() with unspecified error
> > in module Context.xs"); }
>
> Is there a need to put the minor error into the warning?
> (Makes the warning more specific, i think)
>
Yes, we should definetely do that...
Cheers,
--
Merijn Broeren | Sometime in the middle ages, God got fed up with us
Software Geek | and put earth at sol.milky-way.univ in his kill-file.
| Pray all you want, it just gets junked.
|
|
From: Merijn B. <me...@il...> - 2006-02-09 09:29:18
|
Quoting Achim Grolms (per...@gr...):
>
> My (first shot) idea was to pass the output of
>
> a)
>
> kr5-config --libs gssapi
>
> not only to LIBS but also to
>
>
> WriteMakefile(
> LIBS => join (' ', @GSSLIBS),
> LLDDLFLAGS => join (' ', @GSSLIBS),
> .
> .
> .
>
That will work, but you will get duplication on the link line (ugly) and
the warnings from MakeMaker about ignoring (ugly). So on grounds of
beauty I'd not be inclined to hack it that way.
> )
>
> or
>
> b)
>
> split the ouput of
> kr5-config --libs gssapi
>
> to options that LIBS understands (@libs)
> and options to passed to LLDDLFLAGS
> (@others) or (@libs, @others)
>
That would be a nice solution. I haven't actually looked at the code
that does the IGNOREing, it might let more pass then just -L. It would
be a good solution for everybody that uses krb5-config.
I still would like the specific overrides as well though :-)
Cheers,
--
Merijn Broeren | Sometime in the middle ages, God got fed up with us
Software Geek | and put earth at sol.milky-way.univ in his kill-file.
| Pray all you want, it just gets junked.
|
|
From: Achim G. <per...@gr...> - 2006-02-08 21:52:09
|
I have uploaded GSSAPI-0.15
(applied Merijn's Makefile.PL patch)
Thank you,
Achim
---------- Forwarded Message ----------
Subject: PAUSE indexer report AGROLMS/GSSAPI-0.15.tar.gz
Date: Wednesday 08 February 2006 22:42
From: PAUSE <up...@pa...>
The following report has been written by the PAUSE namespace indexer.
Please contact mo...@pe... if there are any open questions.
Id: mldistwatch 697 2006-01-18 07:33:13Z k
User: AGROLMS (Achim Grolms)
Distribution file: GSSAPI-0.15.tar.gz
Number of files: 20
*.pm files: 4
README: GSSAPI-0.15/README
META.yml: GSSAPI-0.15/META.yml
Timestamp of file: Wed Feb 8 20:59:09 2006 UTC
Time of this run: Wed Feb 8 21:42:32 2006 UTC
Status of this distro: OK
=========================
The following packages (grouped by status) have been found in the distro:
Status: Successfully indexed
============================
module: GSSAPI
version: 0.15
in file: GSSAPI-0.15/GSSAPI.pm
status: indexed
module: GSSAPI::OID
version: undef
in file: GSSAPI-0.15/GSSAPI/OID.pm
status: indexed
module: GSSAPI::OID::Set
version: undef
in file: GSSAPI-0.15/GSSAPI/OID/Set.pm
status: indexed
module: GSSAPI::Status
version: undef
in file: GSSAPI-0.15/GSSAPI/Status.pm
status: indexed
__END__
-------------------------------------------------------
|
|
From: Achim G. <per...@gr...> - 2006-02-08 20:21:56
|
On Wednesday 08 February 2006 18:12, Merijn Broeren wrote: > But we might want to make this more forgiving, by only warning on > GSS_S_FAILURE, not on GSS_S_NO_CONTEXT. ;-) Is gss_delete_sec_context() able to return GSS_S_FAILURE? <http://rfc.net/rfc2744.html> lists only GSS_S_COMPLETE and GSS_S_NO_CONTEXT? Achim |
|
From: Achim G. <per...@gr...> - 2006-02-08 19:33:58
|
On Wednesday 08 February 2006 18:12, Merijn Broeren wrote:
> if ( major == GSS_S_FAILURE) {
> warn("failed gss_delete_sec_context() with unspecified error
> in module Context.xs"); }
Is there a need to put the minor error into the warning?
(Makes the warning more specific, i think)
Achim
|
|
From: Achim G. <per...@gr...> - 2006-02-08 19:08:13
|
On Wednesday 08 February 2006 12:36, Merijn Broeren wrote:
> The second problem is more of an issue, the ignoring if the -Wl
> arguments.
I know, I am thinking on the same problem (ignored
linkerparameters)
> These are needed at link time, otherwise I don't get a proper
> runpath. I can set these using LDDLFLAGS as well as LIBS in
> WriteMakefile.
My (first shot) idea was to pass the output of
a)
kr5-config --libs gssapi
not only to LIBS but also to
WriteMakefile(
LIBS => join (' ', @GSSLIBS),
LLDDLFLAGS => join (' ', @GSSLIBS),
.
.
.
)
or
b)
split the ouput of
kr5-config --libs gssapi
to options that LIBS understands (@libs)
and options to passed to LLDDLFLAGS
(@others) or (@libs, @others)
(That makes the warning go away)
#--------------------------------------------
sub find_libs_in_krb5config_string {
my ( $confstringstring ) = @_;
my (@libs, @others);
foreach ( split ' ', $confstringstring ) {
if ( m/(-[Ll][^ ]+)/) {
push @libs, $1
} else {
push @others, $_;
}
}
return (\@libs, \@others);
}
#--------------------------------------------
Does this help with the 2nd problem?
|
|
From: Merijn B. <me...@il...> - 2006-02-08 17:12:39
|
I changed the code in Context.xs to look like this:
void
DESTROY(context)
GSSAPI::Context_opt context
PREINIT:
OM_uint32 minor;
OM_uint32 major;
CODE:
if (context != NULL) {
major = gss_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
if ( major == GSS_S_COMPLETE) {
warn("gss_delete_sec_context() complete in module Context.xs");
}
if ( major == GSS_S_NO_CONTEXT) {
warn("failed gss_delete_sec_context() with invalid context in module Context.xs");
}
if ( major == GSS_S_FAILURE) {
warn("failed gss_delete_sec_context() with unspecified error in module Context.xs");
}
}
so I could figure out what was going on.
turns out that my code looks like this in broad overview:
while (1) {
my $sec_context ;
...
$sec_context->DESTROY;
}
which means the DESTROY is called twice. Once by me explicitly and once
on destruction of the variable.
My server output now looks like this:
SERVER::waiting for request ...
SERVER::accepted connection from client ...
SERVER::received token (length is 459):
SERVER::authenticated client name is me...@is...
SERVER::Have mutual token to send ...
SERVER::GSS token size: 114
SERVER::sent token (length is 114)
gss_delete_sec_context() complete in module Context.xs at gss-server.pl line 159, <GEN3> line 1.
failed gss_delete_sec_context() with invalid context in module Context.xs at gss-server.pl line 159.
So my bad.
But we might want to make this more forgiving, by only warning on
GSS_S_FAILURE, not on GSS_S_NO_CONTEXT. ;-)
Cheers,
--
Merijn Broeren | Sometime in the middle ages, God got fed up with us
Software Geek | and put earth at sol.milky-way.univ in his kill-file.
| Pray all you want, it just gets junked.
|
|
From: Merijn B. <me...@il...> - 2006-02-08 16:57:15
|
So this is the diff:
--- distro/xs/Context.xs Wed Feb 8 04:36:26 2006
+++ ../../0.12-1.4/src/distro/xs/Context.xs Fri Jul 1 10:21:34 2005
@@ -12,14 +12,9 @@
GSSAPI::Context_opt context
PREINIT:
OM_uint32 minor;
- OM_uint32 major;
CODE:
if (context != NULL) {
-
- major = gss_delete_sec_context(&minor, &context,
GSS_C_NO_BUFFER);
- if ( major != GSS_S_COMPLETE) {
- warn("failed gss_delete_sec_context() module
Context.xs");
- }
+ gss_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
}
That seems entirely reasonable, but guess what? This is what my test
server now does :
SERVER::waiting for request ...
SERVER::accepted connection from client ...
SERVER::received token (length is 459):
SERVER::authenticated client name is me...@is...
SERVER::Have mutual token to send ...
SERVER::GSS token size: 114
SERVER::sent token (length is 114)
failed gss_delete_sec_context() module Context.xs at gss-server.pl line 128.
and my test client too:
CLIENT::gss_init_sec_context success
CLIENT::going to identify client to server
CLIENT::have token to send ...
CLIENT::GSS token length is 459
CLIENT::sent token to server
CLIENT::Mutual auth requested ...
CLIENT::got mutual auth token from server
CLIENT::mutual auth token length is 114
CLIENT::gss_init_sec_context success
CLIENT::confirmed server identity from mutual token
CLIENT::authenticated server name is krbping/xx...@is...
failed gss_delete_sec_context() module Context.xs, <GEN0> line 1.
Mmmmmmmm. I shall be looking through the gssapi docs.
Googling gives me this tasty bit of code :
maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
if (maj_stat != GSS_S_COMPLETE) {
display_status("deleting context", maj_stat, min_stat);
(void) close(s);
(void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
return -1;
}
yummy. How very odd...
Other then that it all seems to be working without any issues. That's
something at least. :-)
Cheers,
--
Merijn Broeren | Sometime in the middle ages, God got fed up with us
Software Geek | and put earth at sol.milky-way.univ in his kill-file.
| Pray all you want, it just gets junked.
|
1 message has been excluded from this view by a project administrator.
