krb5-1.3.1 and fetchmail 6.2.5
Globe Trotter
itsme_410 at yahoo.com
Wed Nov 26 21:55:26 UTC 2003
Thanks, Nalin! I tried it out but when I now run configure, I get the
following:
.....
You can ignore any makedepend error messages:
makedepend: warning: /usr/include/gnu/stubs.h: non-portable whitespace
encountered at line 7
makedepend: warning: driver.c (reading /usr/include/krb5.h), line 143: #error
undefined 16 bit type
makedepend: warning: driver.c (reading /usr/include/krb5.h), line 156: #error:
undefined 32 bit type
makedepend: warning: driver.c (reading kerberos.h, line 14): cannot find
include file "com_err.h"
not in /usr/local/lib/gcc-include/com_err.h
not in /usr/include/com_err.h
not in /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/include/com_err.h
Is this because my version for fetchmail is 6.2.5 rather than 6.2.0. Are these
serious errors? What should I do?
Thanks and best wishes!!
--- Nalin Dahyabhai <nalin at redhat.com> wrote:
> On Tue, Nov 25, 2003 at 02:25:17PM -0800, Globe Trotter wrote:
> > I looked up the fetchmail-friends archive -- could not find it. So if
> > you could send me the patch, that would be very helpful!
>
> Sure thing. I'm also attaching a patch which fixes a
> standards-compliance bug which breaks fetchmail's use of GSSAPI for POP.
>
> Each can be applied by running "patch -sp1 < PATCHFILE" from the top
> level of the fetchmail source tree, and then running 'autoconf' to
> regenerate the configure script using the patched configure.in files.
>
> Cheers,
>
> Nalin
> > Use krb5-config, when available. Detect if krb5 is using the system
version
> of com_err, and if krb5-config knows about krb4 stuff.
>
> --- fetchmail-6.2.0/configure.in 2002-11-12 12:22:11.000000000 -0500
> +++ fetchmail-6.2.0/configure.in 2002-12-13 16:47:50.000000000 -0500
> @@ -434,6 +434,17 @@
> AC_DEFINE(KERBEROS_V5)
> CEFLAGS="$CEFLAGS -I/usr/include/kerberosV"
> LIBS="$LIBS -lasn1 -lkrb5 -lcom_err -lkafs"
> +elif krb5-config 2> /dev/null >/dev/null ; then
> + krb5_prefix=`krb5-config --prefix krb5`
> + AC_MSG_RESULT([krb5-config points to kerberosV under $krb5_prefix])
> + if test -f ${krb5_prefix}/include/et/com_err.h && \
> + ! test -f ${krb5_prefix}/include/com_err.h ; then
> + CEFLAGS="$CEFLAGS -I${krb5_prefix}/include/et"
> + fi
> + unset krb5_prefix
> + CEFLAGS="$CEFLAGS `krb5-config --cflags krb5`"
> + LIBS="$LIBS `krb5-config --libs krb5`"
> + AC_DEFINE(KERBEROS_V5)
> else
> if test "$with_kerberos5" != "yes"
> then
> @@ -509,6 +520,23 @@
> AC_DEFINE(KERBEROS_V4)
> CEFLAGS="$CEFLAGS -I/usr/include/kerberosIV"
> LIBS="$LIBS -lkrb -ldes"
> +elif krb4-config 2> /dev/null >/dev/null ; then
> + krb4_prefix=`krb4-config --prefix`
> + AC_MSG_RESULT([krb4-config points to kerberosIV under $krb4_prefix])
> + unset krb4_prefix
> + CEFLAGS="$CEFLAGS `krb4-config --cflags`"
> + LIBS="$LIBS `krb4-config --libs`"
> + AC_DEFINE(KERBEROS_V4)
> +elif krb5-config 2> /dev/null >/dev/null ; then
> + krb4_prefix=`krb5-config --prefix krb4`
> + AC_MSG_RESULT([krb5-config points to kerberosIV under $krb4_prefix])
> + if test -f ${krb4_prefix}/include/kerberosIV/krb.h ; then
> + AC_DEFINE(KERBEROS_V4_V5)
> + fi
> + unset krb4_prefix
> + CEFLAGS="$CEFLAGS `krb5-config --cflags krb4`"
> + LIBS="$LIBS `krb5-config --libs krb4`"
> + AC_DEFINE(KERBEROS_V4)
> else
> #we need to detect when we're building under a kerberosV compatibility
> #layer, btw...
> --- fetchmail-6.2.0/acconfig.h 2003-11-13 11:25:12.000000000 -0500
> +++ fetchmail-6.2.0/acconfig.h 2003-11-13 11:25:07.000000000 -0500
> @@ -125,6 +125,9 @@
> /* Define if you have Kerberos V5 */
> #undef KERBEROS_V5
>
> +/* Define if you have Kerberos V4 headers under a kerberosIV directory */
> +#undef KERBEROS_V4_V5
> +
> /* Define if you have HEIMDAL kerberos 5 */
> #undef HEIMDAL
>
> --- fetchmail-6.2.0/kerberos.h 2003-11-13 11:24:52.000000000 -0500
> +++ fetchmail-6.2.0/kerberos.h 2003-11-13 11:24:46.000000000 -0500
> @@ -15,14 +15,19 @@
> #endif
>
> #ifdef KERBEROS_V4
> -# if defined (__bsdi__)
> -# include <des.h> /* order of includes matters */
> -# define krb_get_err_text(e) (krb_err_txt[e])
> -# endif
> -# include <krb.h>
> -# if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__)
> -# define krb_get_err_text(e) (krb_err_txt[e])
> -# include <des.h>
> +# ifdef KERBEROS_V4_V5
> +# include <kerberosIV/krb.h>
> +# include <kerberosIV/des.h>
> +# else
> +# if defined (__bsdi__)
> +# include <des.h> /* order of includes matters */
> +# define krb_get_err_text(e) (krb_err_txt[e])
> +# endif
> +# include <krb.h>
> +# if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__)
> +# define krb_get_err_text(e) (krb_err_txt[e])
> +# include <des.h>
> +# endif
> # endif
> #endif
>
> > Actually check for strong authentication methods if the user specified that
> one should be used, and when performing GSSAPI authentication to a POP
> server,
> use "pop" as the service name, per RFC1734.
>
> --- fetchmail-6.2.0/fetchmail.h 2003-11-14 14:51:56.000000000 -0500
> +++ fetchmail-6.2.0/fetchmail.h 2003-11-14 14:52:27.000000000 -0500
> @@ -584,7 +584,7 @@
> /* authentication functions */
> int do_cram_md5(int sock, char *command, struct query *ctl, char *strip);
> int do_rfc1731(int sock, char *command, char *truename);
> -int do_gssauth(int sock, char *command, char *hostname, char *username);
> +int do_gssauth(int sock, char *command, char *service, char *hostname, char
> *username);
> int do_otp(int sock, char *command, struct query *ctl);
>
> /* miscellanea */
> --- fetchmail-6.2.0/gssapi.c 2003-11-14 14:53:04.000000000 -0500
> +++ fetchmail-6.2.0/gssapi.c 2003-11-14 14:53:00.000000000 -0500
> @@ -38,7 +38,7 @@
> #define GSSAUTH_P_INTEGRITY 2
> #define GSSAUTH_P_PRIVACY 4
>
> -int do_gssauth(int sock, char *command, char *hostname, char *username)
> +int do_gssauth(int sock, char *command, char *service, char *hostname, char
> *username)
> {
> gss_buffer_desc request_buf, send_token;
> gss_buffer_t sec_token;
> @@ -53,7 +53,7 @@
> int result;
>
> /* first things first: get an imap ticket for host */
> - sprintf(buf1, "imap@%s", hostname);
> + sprintf(buf1, "%s@%s", service, hostname);
> request_buf.value = buf1;
> request_buf.length = strlen(buf1) + 1;
> maj_stat = gss_import_name(&min_stat, &request_buf,
> GSS_C_NT_HOSTBASED_SERVICE,
> --- fetchmail-6.2.0/imap.c 2003-11-14 14:53:17.000000000 -0500
> +++ fetchmail-6.2.0/imap.c 2003-11-14 14:53:13.000000000 -0500
> @@ -332,7 +332,7 @@
> if ((ctl->server.authenticate == A_ANY
> || ctl->server.authenticate == A_GSSAPI)
> && strstr(capabilities, "AUTH=GSSAPI"))
> - if(ok = do_gssauth(sock, "AUTHENTICATE", ctl->server.truename,
> ctl->remotename))
> + if(ok = do_gssauth(sock, "AUTHENTICATE", "imap", ctl->server.truename,
> ctl->remotename))
> {
> /* SASL cancellation of authentication */
> gen_send(sock, "*");
> --- fetchmail-6.2.0/pop3.c 2003-11-14 15:07:43.000000000 -0500
> +++ fetchmail-6.2.0/pop3.c 2003-11-14 15:09:42.000000000 -0500
> @@ -199,7 +199,12 @@
> * These authentication methods are blessed by RFC1734,
> * describing the POP3 AUTHentication command.
> */
> - if (ctl->server.authenticate == A_ANY)
> + if ((ctl->use_ssl != FLAG_FALSE) ||
> + (ctl->server.authenticate == A_ANY) ||
> + (ctl->server.authenticate == A_GSSAPI) ||
> + (ctl->server.authenticate == A_KERBEROS_V4) ||
> + (ctl->server.authenticate == A_OTP) ||
> + (ctl->server.authenticate == A_CRAM_MD5))
> {
> ok = gen_transact(sock, "CAPA");
> if (ok == PS_SUCCESS)
> @@ -305,7 +310,7 @@
> (ctl->server.authenticate == A_GSSAPI ||
> ctl->server.authenticate == A_ANY))
> {
> - ok = do_gssauth(sock,"AUTH",ctl->server.truename,ctl->remotename);
> + ok =
> do_gssauth(sock,"AUTH","pop",ctl->server.truename,ctl->remotename);
> if (ok == PS_SUCCESS || ctl->server.authenticate != A_ANY)
> break;
> }
>
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
More information about the fedora-list
mailing list