bugzilla-daemon at mindrot.org
2007-Jan-17 16:59 UTC
[Bug 1276] Link stage fails when gssapi exists
http://bugzilla.mindrot.org/show_bug.cgi?id=1276
Summary: Link stage fails when gssapi exists
Product: Portable OpenSSH
Version: v4.5p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: bitbucket at mindrot.org
ReportedBy: jengelh at gmx.de
Hello,
there is a problem with OpenSSH 4.5p1 (dates back to 4.2 IIRC) where
configure, if called with `configure --enable-kerberos5=/usr`, will
incorrectly determine the libraries to be linked into the final
binaries
on openSUSE 10.2 (and before) when /usr/lib/libgssapi* exists, i.e. the
libgssapi.rpm package is installed. krb5 and krb5-devel are installed
to. I suppose this problem also surfaces on other distributions.
configure output is:
checking for gss_init_sec_context in -lgssapi... yes
but actually compiling and linking the program suite yields:
gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o
sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o
auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o
auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o
monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o
gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o
md5crypt.o audit.o audit-bsm.o platform.o -L. -Lopenbsd-compat/
-L/usr/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz
-lnsl -lcrypt -lgssapi -lkrb5 -lk5crypto -lcom_err
gss-serv-krb5.o: In function `ssh_gssapi_krb5_storecreds':
/usr/src/packages/BUILD/openssh-4.5p1/gss-serv-krb5.c:164: undefined
reference to `gss_krb5_copy_ccache'
collect2: ld returned 1 exit status
make: *** [sshd] Error 1
This missing function is defined in libgssapi_krb5. I think the problem
behind this is that gss_init_sec_context, which is used in
the configure{,.ac} test is present in both:
$ readelf -a /usr/lib/libgssapi.so | grep init_sec
73: 00003cb0 551 FUNC GLOBAL DEFAULT 11
gss_init_sec_context@@libgssapi_CITI_2
$ readelf -a /usr/lib/libgssapi_krb5.so | grep init_sec
...
183: 00009b00 617 FUNC GLOBAL DEFAULT 11
gss_init_sec_context@@gssapi_krb5_2_MIT
While gss_krb5_copy_cache is only in the latter:
$ readelf -a /usr/lib/libgssapi.so | grep gss_krb5_copy_ccache
$ readelf -a /usr/lib/libgssapi_krb5.so | grep gss_krb5_copy_ccache
196: 0001d680 136 FUNC GLOBAL DEFAULT 11
gss_krb5_copy_ccache@@gssapi_krb5_2_MIT
Googling turns up
http://marc2.theaimsgroup.com/?l=secure-shell&m=112109538913024&w=2
but I doubt my gssapi is "old", as this is a default openSUSE install
and I am quite "clean" (gssapi _is_ under rpm control).
Here is a patch that "fixes" it for me:
<attachment>
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2007-Jan-17 17:00 UTC
[Bug 1276] Link stage fails when gssapi exists
http://bugzilla.mindrot.org/show_bug.cgi?id=1276 ------- Comment #1 from jengelh at gmx.de 2007-01-18 04:00 ------- Created an attachment (id=1226) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1226&action=view) proposed fix ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2007-Jan-22 01:39 UTC
[Bug 1276] Link stage fails when gssapi exists
http://bugzilla.mindrot.org/show_bug.cgi?id=1276 ------- Comment #2 from djm at mindrot.org 2007-01-22 12:39 ------- (From update of attachment 1226) from the patch:>- K5LIBS="-lgssapi $K5LIBS"; echo SCREW THE WORLD; ],On some days I agree with this sentiment, but I'm not certain that this is a pristine OpenSSH source :) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2007-Jan-22 11:04 UTC
[Bug 1276] Link stage fails when gssapi exists
http://bugzilla.mindrot.org/show_bug.cgi?id=1276
jengelh at gmx.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1226 is|0 |1
obsolete| |
------- Comment #3 from jengelh at gmx.de 2007-01-22 22:04 -------
Created an attachment (id=1233)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1233&action=view)
-
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5)
- SNAP-20040216 configure mangles krb5-config output
- OpenSSH 4.7p1, AIX 5.2, with IBM Kerberos = No Joy.
- [Bug 2080] New: Add debug statements for gss_krb5_copy_ccache
- [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5)