Hello,
I sent the following e-mail long time ago, but didn't receive any
response. Most likely it was lost on the way somehow. I'm trying
again now.
I'm writing a free Kerberos 5 and GSS-API implementation, and thought
it might be a good idea to test how well it works by making fetchmail
use my library instead of Heimdal/MIT. As it turned out, I didn't
have to make many modifications. My ego credit my own projects for
that, but I guess fetchmail deserve some credit for being nicely
written... take your pick. :-)
Anyway, here is a patch (against fetchmail 6.2.5) to detect and use
GSS when it is installed. I perceived the intention with the current
configure.in snippet with regards to selecting Heimdal vs MIT was to
use the least common implementation, if it is installed. I think that
is a wise policy, as it probably leads to least surprises for users:
with the current fetchmail logic, if users have both Heimdal and MIT
installed, Heimdal is used. So the logic, with this patch, is for
users with all of GSS, Heimdal and MIT installed, is to use GSS. Of
course, in all cases, if a user only have one implementation
installed, that one is used.
The patch is made with --ignore-all-space to simplify review. You
might want to re-indent the if-case after applying it.
I couldn't find any ChangeLog file (or equivalent), and I don't know
if you prefer to have patches accompanied with NEWS entries, but here
is a proposed NEWS entry in any case:
* The GSSAPI support can now use the GNU Generic Security library
<http://www.gnu.org/software/gss/> as well.
I hope you find the time to look at the patch, and to hopefully even
add it to the standard distribution. If there is anything I can do to
improve the patch, I'll be happy to.
FWIW, I have tested this against a Heimdal KDC and a Cyrus IMAPD at my
university, and it appears to work. I have only tried 3DES Kerberos
keys.
Thanks,
Simon
[1] <http://www.gnu.org/software/shishi>, <http://www.gnu.org/software/gss>
diff --exclude fetchmail.pot --exclude configure --exclude aclocal.m4 -urw
t/fetchmail-6.2.5/configure.in fetchmail-6.2.5/configure.in
--- t/fetchmail-6.2.5/configure.in 2003-10-10 10:36:57.000000000 +0200
+++ fetchmail-6.2.5/configure.in 2003-12-31 22:38:47.000000000 +0100
@@ -704,6 +704,9 @@
LDFLAGS="$LDFLAGS -L$with_gssapi/lib"
fi
+ AC_CHECK_LIB(gss, gss_check_version, LIBS="$LIBS -lgss", nogss=t)
+ if test -n "$nogss"
+ then
if test -f "$with_gssapi/include/roken.h"
then
LIBS="$LIBS -lkrb5 -lasn1 -ldes -lroken -ldb -ldl"
@@ -714,10 +717,11 @@
AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,LIBS="$LIBS -lgssapi_krb5",
AC_MSG_ERROR([could not find libgssapi_krb5 which is needed
for GSSAPI support]), -lkrb5)
fi
+ fi
AC_DEFINE(GSSAPI)
save_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I$with_gssapi/include"
- AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h gssapi/gssapi_generic.h)
+ AC_CHECK_HEADERS(gss.h gssapi.h gssapi/gssapi.h gssapi/gssapi_generic.h)
if test "$ac_cv_header_gssapi_h" = "yes"; then
AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h,
AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE))
else
diff --exclude fetchmail.pot --exclude configure --exclude aclocal.m4 -urw
t/fetchmail-6.2.5/gssapi.c fetchmail-6.2.5/gssapi.c
--- t/fetchmail-6.2.5/gssapi.c 2003-07-17 03:03:22.000000000 +0200
+++ fetchmail-6.2.5/gssapi.c 2003-12-31 22:38:39.000000000 +0100
@@ -21,6 +21,9 @@
#include <netinet/in.h> /* for htonl/ntohl */
#ifdef GSSAPI
+# ifdef HAVE_GSS_H
+# include <gss.h>
+# else
# ifdef HAVE_GSSAPI_H
# include <gssapi.h>
# endif
@@ -33,6 +36,7 @@
# ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
# define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
# endif
+# endif
#define GSSAUTH_P_NONE 1
#define GSSAUTH_P_INTEGRITY 2
_______________________________________________
Fetchmail-friends mailing list
Fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
http://lists.ccil.org/cgi-bin/mailman/listinfo/fetchmail-friends