Looking for GSSAPI expertise, particularly GSSAPI_HEIMDAL porting of newer security/PuTTY 0.77
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 02 Jun 2022 17:46:04 UTC
Greetings, I am the maintainer of the security/putty and putty-nogtk ports, and the upstream maintainer recently (between 0.76 and 0.77) switched build system from autoconf to cmake, and now we're a bit trying to fix up the broken bits and pieces (aka fallout) that caused me to disable GSSAPI_BASE and GSSAPI_HEIMDAL for now. Specifically, is there someone who has some time at hands to point me to good GSSAPI practical coding guides, or has even more time so we can go over particular issues hands-on, with IRC or some other chat software? Issues I am currently facing: 1. GSSAPI_BASE - we have an upstream patch that might make things work, but executables only end up with libgssapi.so in addition to other libs, but no gssapi_krb5, roken, crypto, ... (in stark contrast to what I am getting with the security/krb5 port based build with GSSAPI_MIT). 2. test system where I can obtain a Kerberos ticket with kinit and log in to an unprivileged SSH account and possibly test GSSAPI credential delegation. 3. GSSAPI_HEIMDAL - apparently we now get clashes between application-local headers and Heimdal library headers: > FAILED: ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o /usr/local/libexec/ccache/cc -DHAVE_CMAKE_H -I/usr/ports/security/putty/work/putty-0.77/charset -I/usr/local/include/gtk-3.0 -I/usr/local/include/pango-1.0 -I/usr/local/include -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include/harfbuzz -I/usr/local/include/freetype2 -I/usr/local/include/libpng16 -I/usr/local/include/fribidi -I/usr/local/include/cairo -I/usr/local/include/pixman-1 -I/usr/local/include/gdk-pixbuf-2.0 -I/usr/local/include/gio-unix-2.0 -I/usr/local/include/libepoll-shim -I/usr/local/include/atk-1.0 -I/usr/local/include/at-spi2-atk/2.0 -I/usr/local/include/dbus-1.0 -I/usr/local/lib/dbus-1.0/include -I/usr/local/include/at-spi-2.0 -I/usr/local/include/heimdal -I/usr/ports/security/putty/work/putty-0.77 -I/usr/ports/security/putty/work/.build/CMakeFiles -I/usr/ports/security/putty/work/putty-0.77/unix -I/usr/ports/security/putty/work/putty-0.77/terminal -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -I/usr/local/include/heimdal -MD -MT ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o -MF ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o.d -o ssh/CMakeFiles/sshcommon.dir/pgssapi.c.o -c /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c > /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:90:15: error: expected identifier or '(' > const_gss_OID GSS_C_NT_USER_NAME = oids+0; > ^ > /usr/local/include/heimdal/gssapi/gssapi.h:291:29: note: expanded from macro 'GSS_C_NT_USER_NAME' > #define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc) > ^ > /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:90:15: error: expected ')' > /usr/local/include/heimdal/gssapi/gssapi.h:291:29: note: expanded from macro 'GSS_C_NT_USER_NAME' > #define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc) > ^ > /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:90:15: note: to match this '(' > /usr/local/include/heimdal/gssapi/gssapi.h:291:28: note: expanded from macro 'GSS_C_NT_USER_NAME' > #define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc) > ^ > /usr/ports/security/putty/work/putty-0.77/ssh/pgssapi.c:91:15: error: expected identifier or '(' > const_gss_OID GSS_C_NT_MACHINE_UID_NAME = oids+1; > ^ TIA. Regards, Matthias