| Message ID | 20231025180141.416189-1-pvorel@suse.cz (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/1] libtirpc: Add detection for new rpc_gss_sec members | expand |
Hello, On 10/25/23 2:01 PM, Petr Vorel wrote: > From: Petr Vorel<petr.vorel@gmail.com> > > 4b272471 started to use struct rpc_gss_sec member minor_status, which > was added in new libtirpc 1.3.4. Add check for the member to prevent > failure on older libtirpc headers. > > Fixes: 4b272471 ("gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials") > Signed-off-by: Petr Vorel<pvorel@suse.cz> > --- > aclocal/libtirpc.m4 | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4 > index bddae022..dd351722 100644 > --- a/aclocal/libtirpc.m4 > +++ b/aclocal/libtirpc.m4 > @@ -25,6 +25,10 @@ AC_DEFUN([AC_LIBTIRPC], [ > [AC_DEFINE([HAVE_LIBTIRPC_SET_DEBUG], [1], > [Define to 1 if your tirpc library provides libtirpc_set_debug])],, > [${LIBS}])]) > + AS_IF([test "$enable_gss" = "yes"], > + [AC_CHECK_MEMBER(struct rpc_gss_sec.minor_status,, > + [AC_MSG_ERROR([Missing rpc_gss_sec.minor_status in <rpc/auth_gss.h>, update libtirpc or run with --disable-gss])], > + [#include <rpc/auth_gss.h>])]) > > AC_SUBST([AM_CPPFLAGS]) > AC_SUBST(LIBTIRPC) > -- 2.42.0 > This does not work... since it is looking at that gssrpc/auth_gss.h instead of the tirpc/rpc/auth_gss.h so the check fails I like the idea of having the check, but I'm not sure on how to point it in the right direction. steved.
Hi Steve, Thanks for having a look. > Hello, > On 10/25/23 2:01 PM, Petr Vorel wrote: > > From: Petr Vorel<petr.vorel@gmail.com> > > 4b272471 started to use struct rpc_gss_sec member minor_status, which > > was added in new libtirpc 1.3.4. Add check for the member to prevent > > failure on older libtirpc headers. > > Fixes: 4b272471 ("gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials") > > Signed-off-by: Petr Vorel<pvorel@suse.cz> > > --- > > aclocal/libtirpc.m4 | 4 ++++ > > 1 file changed, 4 insertions(+) > > diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4 > > index bddae022..dd351722 100644 > > --- a/aclocal/libtirpc.m4 > > +++ b/aclocal/libtirpc.m4 > > @@ -25,6 +25,10 @@ AC_DEFUN([AC_LIBTIRPC], [ > > [AC_DEFINE([HAVE_LIBTIRPC_SET_DEBUG], [1], > > [Define to 1 if your tirpc library provides libtirpc_set_debug])],, > > [${LIBS}])]) > > + AS_IF([test "$enable_gss" = "yes"], > > + [AC_CHECK_MEMBER(struct rpc_gss_sec.minor_status,, > > + [AC_MSG_ERROR([Missing rpc_gss_sec.minor_status in <rpc/auth_gss.h>, update libtirpc or run with --disable-gss])], > > + [#include <rpc/auth_gss.h>])]) > > AC_SUBST([AM_CPPFLAGS]) > > AC_SUBST(LIBTIRPC) > > -- 2.42.0 > This does not work... since it is looking at that gssrpc/auth_gss.h > instead of the tirpc/rpc/auth_gss.h so the check fails Is it? There is no <gssrpc/auth_gss.h>. I suppose you test on some recent Fedora, I'll retest it. I tested it on openSUSE Tumbleweed, where libtirpc-devel is installed into /usr/include/rpc/, thus /usr/include/rpc/auth_gss.h exists. But on Debian (and likely on RHEL/Fedora as you noticed it) is on /usr/include/tirpc/rpc/auth_gss.h. I hoped that this is handled elsewhere via -I/usr/include/tirpc. So, I'm really confused why would have look at <gssrpc/auth_gss.h>. Kind regards, Petr > I like the idea of having the check, but I'm not sure on > how to point it in the right direction. > steved.
On 11/13/23 1:30 PM, Petr Vorel wrote: > Hi Steve, > > Thanks for having a look. > >> Hello, > >> On 10/25/23 2:01 PM, Petr Vorel wrote: >>> From: Petr Vorel<petr.vorel@gmail.com> > >>> 4b272471 started to use struct rpc_gss_sec member minor_status, which >>> was added in new libtirpc 1.3.4. Add check for the member to prevent >>> failure on older libtirpc headers. > >>> Fixes: 4b272471 ("gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials") >>> Signed-off-by: Petr Vorel<pvorel@suse.cz> >>> --- >>> aclocal/libtirpc.m4 | 4 ++++ >>> 1 file changed, 4 insertions(+) > >>> diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4 >>> index bddae022..dd351722 100644 >>> --- a/aclocal/libtirpc.m4 >>> +++ b/aclocal/libtirpc.m4 >>> @@ -25,6 +25,10 @@ AC_DEFUN([AC_LIBTIRPC], [ >>> [AC_DEFINE([HAVE_LIBTIRPC_SET_DEBUG], [1], >>> [Define to 1 if your tirpc library provides libtirpc_set_debug])],, >>> [${LIBS}])]) >>> + AS_IF([test "$enable_gss" = "yes"], >>> + [AC_CHECK_MEMBER(struct rpc_gss_sec.minor_status,, >>> + [AC_MSG_ERROR([Missing rpc_gss_sec.minor_status in <rpc/auth_gss.h>, update libtirpc or run with --disable-gss])], >>> + [#include <rpc/auth_gss.h>])]) >>> AC_SUBST([AM_CPPFLAGS]) >>> AC_SUBST(LIBTIRPC) >>> -- 2.42.0 > >> This does not work... since it is looking at that gssrpc/auth_gss.h >> instead of the tirpc/rpc/auth_gss.h so the check fails > Is it? There is no <gssrpc/auth_gss.h>. I suppose you test on some recent > Fedora, I'll retest it. Yes... this is both an /usr/include/tirpc/rpc/auth_gss.h owned by krb5-devel and /usr/include/tirpc/rpc/auth_gss.h owned by libtirpc-devel > > I tested it on openSUSE Tumbleweed, where libtirpc-devel is > installed into /usr/include/rpc/, thus /usr/include/rpc/auth_gss.h exists. > But on Debian (and likely on RHEL/Fedora as you noticed it) is on > /usr/include/tirpc/rpc/auth_gss.h. Maybe krb5-devel was not installed?? > > I hoped that this is handled elsewhere via -I/usr/include/tirpc. > So, I'm really confused why would have look at <gssrpc/auth_gss.h>. True, but I think -I only works during compilation, not configuration. steved. > > Kind regards, > Petr > >> I like the idea of having the check, but I'm not sure on >> how to point it in the right direction. > >> steved. >
diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4 index bddae022..dd351722 100644 --- a/aclocal/libtirpc.m4 +++ b/aclocal/libtirpc.m4 @@ -25,6 +25,10 @@ AC_DEFUN([AC_LIBTIRPC], [ [AC_DEFINE([HAVE_LIBTIRPC_SET_DEBUG], [1], [Define to 1 if your tirpc library provides libtirpc_set_debug])],, [${LIBS}])]) + AS_IF([test "$enable_gss" = "yes"], + [AC_CHECK_MEMBER(struct rpc_gss_sec.minor_status,, + [AC_MSG_ERROR([Missing rpc_gss_sec.minor_status in <rpc/auth_gss.h>, update libtirpc or run with --disable-gss])], + [#include <rpc/auth_gss.h>])]) AC_SUBST([AM_CPPFLAGS]) AC_SUBST(LIBTIRPC)