From: Steve Dickson <SteveD@redhat.com>
To: Simo Sorce <simo@redhat.com>
Cc: linux-nfs <linux-nfs@vger.kernel.org>,
"Günther Deschner" <gdeschne@redhat.com>
Subject: Re: Allow building nfs-utils directly against GSSAPI
Date: Tue, 02 Apr 2013 13:57:51 -0400 [thread overview]
Message-ID: <515B1C1F.6030907@RedHat.com> (raw)
In-Reply-To: <1364317202.2660.132.camel@willson.li.ssimo.org>
Again using git send-email to post your patches would make this
a lot easier... ;-)
On 26/03/13 13:00, Simo Sorce wrote:
> Libgssglue is not really useful anymore, it is a sort of middleman that
> wraps the actual GSSAPI that is already pluggable/extensible via shared
> modules.
>
> In particular libgssglue interferes with the workings of gss-proxy in my
> case.
>
> The attached patch makes building against libgssglue optional and
> defaults to not build against libgssglue and instead builds directly
> against the native GSSAPI.
>
> ./configure --enable-gss
> will now build against GSSAPI
>
> ./configure --enable-gss --with-gssglue
> will keep building against libgssglue in case someone still needs it for
> whatever reason.
>
in he first patch you define HAVE_GSS_KRB5_FREE_LUCID_SEC_CONTEXT
which is good:
--- a/aclocal/kerberos5.m4
+++ b/aclocal/kerberos5.m4
@@ -92,6 +92,8 @@ AC_DEFUN([AC_KERBEROS_V5],[
AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)
AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name,
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_free_lucid_sec_context,
+ AC_DEFINE(HAVE_GSS_KRB5_FREE_LUCID_SEC_CONTEXT, 1, [Define this if the Kerberos GSS library supports gss_krb5_free_lucid_sec_context]), ,$KRBLIBS)
dnl Check for newer error message facility
AC_CHECK_LIB($gssapi_lib, krb5_get_error_message,
But in the second patch you use a non-existent define HAVE_LIBGSSGLUE.
Why not just use HAVE_GSS_KRB5_FREE_LUCID_SEC_CONTEXT?
--- a/utils/gssd/gss_util.h
+++ b/utils/gssd/gss_util.h
@@ -42,4 +42,14 @@ void pgsserr(char *msg, u_int32_t maj_stat, u_int32_t min_stat,
const gss_OID mech);
int gssd_check_mechs(void);
+#ifndef HAVE_LIBGSSGLUE
+#include <gssapi/gssapi_krb5.h>
+#define gss_free_lucid_sec_context(min, ctx, ret) \
+ gss_krb5_free_lucid_sec_context(min, ret)
+
+#define gss_export_lucid_sec_context gss_krb5_export_lucid_sec_context
+#define gss_set_allowable_enctypes(min, cred, oid, num, types) \
+ gss_krb5_set_allowable_enctypes(min, cred, num, types)
+#endif
+
Personally I like the way Alex handled this in his patch better..
steved.
next prev parent reply other threads:[~2013-04-02 17:57 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-26 17:00 Allow building nfs-utils directly against GSSAPI Simo Sorce
2013-03-27 14:43 ` Alex Dubov
2013-04-02 18:03 ` Steve Dickson
2013-04-02 19:16 ` Steve Dickson
2013-04-03 6:29 ` Alex Dubov
2013-04-02 17:57 ` Steve Dickson [this message]
2013-04-02 18:07 ` Simo Sorce
2013-04-02 19:10 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=515B1C1F.6030907@RedHat.com \
--to=steved@redhat.com \
--cc=gdeschne@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=simo@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).