From patchwork Tue Mar 26 17:00:02 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simo Sorce X-Patchwork-Id: 2341651 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id A03C0DF264 for ; Tue, 26 Mar 2013 17:23:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752752Ab3CZRX5 (ORCPT ); Tue, 26 Mar 2013 13:23:57 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60810 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751726Ab3CZRX5 (ORCPT ); Tue, 26 Mar 2013 13:23:57 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r2QHNurn022298 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 26 Mar 2013 13:23:56 -0400 Received: from [10.3.113.117] (ovpn-113-117.phx2.redhat.com [10.3.113.117]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id r2QH030r004022; Tue, 26 Mar 2013 13:00:05 -0400 Subject: Allow building nfs-utils directly against GSSAPI From: Simo Sorce To: linux-nfs Cc: Steve Dickson , =?ISO-8859-1?Q?G=FCnther?= Deschner Organization: Red Hat, Inc. Date: Tue, 26 Mar 2013 13:00:02 -0400 Message-ID: <1364317202.2660.132.camel@willson.li.ssimo.org> Mime-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Libgssglue is not really useful anymore, it is a sort of middleman that wraps the actual GSSAPI that is already pluggable/extensible via shared modules. In particular libgssglue interferes with the workings of gss-proxy in my case. The attached patch makes building against libgssglue optional and defaults to not build against libgssglue and instead builds directly against the native GSSAPI. ./configure --enable-gss will now build against GSSAPI ./configure --enable-gss --with-gssglue will keep building against libgssglue in case someone still needs it for whatever reason. Simo. From 34ce971b090b50b0f6a18754f106ad8d2e90e9e2 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 26 Mar 2013 11:11:41 -0400 Subject: [PATCH 3/3] Switch to use standard GSSAPI by default Make libgssglue configurable still but disabled by default. There is no reason to use libgssglue anymore, and modern gssapi supports all needed features for nfs-utils. Signed-off-by: Simo Sorce --- aclocal/kerberos5.m4 | 4 ++++ aclocal/rpcsec_vers.m4 | 7 ++++++- configure.ac | 9 +++++++++ utils/gssd/Makefile.am | 12 ++++++------ 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4 index ef37e28a11cad7552074b99a7805cd16b227cec8..0bf35d3fddb57a0b977a87f90063cf4500ce377d 100644 --- a/aclocal/kerberos5.m4 +++ b/aclocal/kerberos5.m4 @@ -32,6 +32,8 @@ AC_DEFUN([AC_KERBEROS_V5],[ if test "$K5CONFIG" != ""; then KRBCFLAGS=`$K5CONFIG --cflags` KRBLIBS=`$K5CONFIG --libs` + GSSKRB_CFLAGS=`$K5CONFIG --cflags gssapi` + GSSKRB_LIBS=`$K5CONFIG --libs gssapi` K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number]) if test -f $dir/include/gssapi/gssapi_krb5.h -a \ @@ -113,5 +115,7 @@ AC_DEFUN([AC_KERBEROS_V5],[ AC_SUBST([KRBCFLAGS]) AC_SUBST([KRBLDFLAGS]) AC_SUBST([K5VERS]) + AC_SUBST([GSSKRB_CFLAGS]) + AC_SUBST([GSSKRB_LIBS]) ]) diff --git a/aclocal/rpcsec_vers.m4 b/aclocal/rpcsec_vers.m4 index 8218372ceaeef3591a064c5bd906fffade0cd578..11d2f18cb241c51c31c5921a342e5ec935e7de84 100644 --- a/aclocal/rpcsec_vers.m4 +++ b/aclocal/rpcsec_vers.m4 @@ -1,7 +1,12 @@ dnl Checks librpcsec version AC_DEFUN([AC_RPCSEC_VERSION], [ - PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3]) + AC_ARG_WITH([gssglue], + [AC_HELP_STRING([--with-gssglue], [Use libgssglue for GSS support])]) + if test x"$with_gssglue" = x"yes"; then + PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3]) + AC_CHECK_LIB([gssglue], [gss_set_allowable_enctypes]) + fi dnl TI-RPC replaces librpcsecgss if test "$enable_tirpc" = no; then diff --git a/configure.ac b/configure.ac index cc7f3b4b4933c218d2e4cab7369ba5c1afc4e4d7..3d7ab0a2669d33c3cece1844b7eb53f2c1e3f68a 100644 --- a/configure.ac +++ b/configure.ac @@ -344,6 +344,15 @@ if test "$enable_gss" = yes; then dnl but we need to make sure we get the right version if test "$enable_gss" = yes; then AC_RPCSEC_VERSION + if test x"$GSSGLUE_LIBS" != x""; then + GSSAPI_CFLAGS=$GSSGLUE_CFLAGS + GSSAPI_LIBS=$GSSGLUE_LIBS + else + GSSAPI_CFLAGS=$GSSKRB_CFLAGS + GSSAPI_LIBS=$GSSKRB_LIBS + fi + AC_SUBST([GSSAPI_CFLAGS]) + AC_SUBST([GSSAPI_LIBS]) fi fi diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am index 2365704c5db9b15d17f42b75adcb17f07f7e216f..a300da2b042baf9b14b77899d6419461a2e615d5 100644 --- a/utils/gssd/Makefile.am +++ b/utils/gssd/Makefile.am @@ -38,11 +38,11 @@ gssd_SOURCES = \ write_bytes.h gssd_LDADD = ../../support/nfs/libnfs.a \ - $(RPCSECGSS_LIBS) $(GSSGLUE_LIBS) $(KRBLIBS) + $(RPCSECGSS_LIBS) $(KRBLIBS) $(GSSAPI_LIBS) gssd_LDFLAGS = $(KRBLDFLAGS) $(LIBTIRPC) gssd_CFLAGS = $(AM_CFLAGS) $(CFLAGS) \ - $(RPCSECGSS_CFLAGS) $(GSSGLUE_CFLAGS) $(KRBCFLAGS) + $(RPCSECGSS_CFLAGS) $(KRBCFLAGS) $(GSSAPI_CFLAGS) svcgssd_SOURCES = \ $(COMMON_SRCS) \ @@ -57,18 +57,18 @@ svcgssd_SOURCES = \ svcgssd_LDADD = \ ../../support/nfs/libnfs.a \ - $(RPCSECGSS_LIBS) $(GSSGLUE_LIBS) $(LIBNFSIDMAP) \ - $(KRBLIBS) $(LIBTIRPC) + $(RPCSECGSS_LIBS) $(LIBNFSIDMAP) \ + $(KRBLIBS) $(GSSAPI_LIBS) $(LIBTIRPC) svcgssd_LDFLAGS = $(KRBLDFLAGS) svcgssd_CFLAGS = $(AM_CFLAGS) $(CFLAGS) \ - $(RPCSECGSS_CFLAGS) $(GSSGLUE_CFLAGS) $(KRBCFLAGS) + $(RPCSECGSS_CFLAGS) $(KRBCFLAGS) $(GSSAPI_CFLAGS) gss_clnt_send_err_SOURCES = gss_clnt_send_err.c gss_clnt_send_err_CFLAGS = $(AM_CFLAGS) $(CFLAGS) \ - $(RPCSECGSS_CFLAGS) $(GSSGLUE_CFLAGS) $(KRBCFLAGS) + $(RPCSECGSS_CFLAGS) $(KRBCFLAGS) $(GSSAPI_CFLAGS) MAINTAINERCLEANFILES = Makefile.in -- 1.8.1.4