OpenSSH-snap-20040212 and the use of krb5-config
Douglas E. Engert
deengert at anl.gov
Fri Feb 20 00:24:02 EST 2004
Darren Tucker wrote:
>
> Douglas E. Engert wrote:
> > More or less, but the new code uses
> > CPPFLAGS="$CPPFLAGS ${K5CFLAGS}/gssapi"
>
> What guarantee is there that K5CFLAGS will contain only
> -I/path/to/includes?" What happens if it contains, eg,
> "-I/path/to/include -DSOME_FLAG"?
By the time MIT releases a new version of krb5-config, they should have
gssapi.h in the path so the code in question to test for gssapi.h in the
sub directory will not be executed. The Heimdal code (as I understand) does
not have this problem, so does not execute this code.
If they did changed the krb5-config to add some more flags, but did not
fix the gssapi.h not in the path, this code would fail. But I believe that
this is their bug, and they will fix it. This is bug 2240.
This problem is a moving target, my patch was designed to work with past
and future versions of krb5-config.
>
> > Which uses the output of the krb5-config --cflag i.e. -I/some/location/include
> > were as the original uses
> > CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
> > The $KRB5ROOT may not be the same location as the output of krb5-config.
> >
> > The extra check is only executed if gssapi is not found in the expected place,
> > so when MIT fixes krb5-config so it finds the gssapi.h then the
> > extra check could be eliminated, and the tests could be combined.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the openssh-unix-dev
mailing list