Coda File System

coda+Windows+Kerberos - success story

From: M.Kondrin <mkondrin_at_hppi.troitsk.ru>
Date: Wed, 16 Mar 2005 21:28:59 +0300
Hello!
I have done this although without MIT_Kerberos. There is problem when 
linking to it - resulting code depends on cygwin1.dll and msvcrt.dll - 
which is wrong according to cygwin faq.
So I start playing with heimdal kerberos. It is compiled under cygwin 
wery well (in contrast to MIT - which is not), but there are problems 
linking coda source with it. First of all configure script consider 
heimdal libraries as not working (although I have set path to them), so 
this requires editing of Makefile in coda-src/auth2 directory. Second - 
some of heimdal internal structures are different from MIT ones 
(although API itself looks almost the same), so I make a little patch to 
fix these problems in krb5.c file. As a result I've got a working clog 
(this is the only kerberos-enabled executable which I need).
I've not used heimdal before but I like this thing. It is fully 
compatible with MIT (heimdal clients authenticate without problems on 
MIT kdc) and it is built with readline support (readline-less ftp from 
MIT drives me crazy).
I ve not yet tried modular clog as Ivan suggested, but I think it will 
require patching too to make it work with heimdal.
Also I had a hard time making "net start venus" work. It is working now 
but I am not sure why it was failing before. May be it was connected 
with unconfigured cygwinserver?
Now the patches:
krb5.c:
---------------------Patch starts here ---------------------------
 242,247c242
< #ifdef __KRB5_H__   
<      HashSecret(session_key->keyvalue.data, 
session_key->keyvalue.length, *sec
ret);
< #endif
< #ifdef KRB5_GENERAL__
<      HashSecret(session_key->contents,session_key->length, *secret);
< #endif
---
 >     HashSecret(session_key->contents, session_key->length, *secret);
295,297c290,291
< #ifdef __KRB5_H__
<     if (strncmp(ticket->client->realm, kerberos5realm,
<               strlen(ticket->client->realm))) {
---
 >     if (strncmp(ticket->enc_part2->client->realm.data, kerberos5realm,
 >               ticket->enc_part2->client->realm.length)) {
302,309c296
<     krc=krb5_unparse_name(krb5context, ticket->client, &cp);
< #endif
< #ifdef KRB5_GENERAL__
<     if (strncmp(ticket->enc_part2->client->realm.data,kerberos5realm,
<               ticket->enc_part2->client->realm.length)) {
<       fprintf(stderr,"incorrect realm in ticket\n");
<       goto out;
<     }
---
 >
312d298
< #endif
335,340d320
< #ifdef __KRB5_H__
<     HashSecret(ticket->ticket.key.keyvalue.data,
<              ticket->ticket.key.keyvalue.length,
<              hKey);
< #endif
< #ifdef KRB5_GENERAL__
344c324
< #endif
---
 >
----------------------------Patch ends here------------------------------
coda-src/auth2/Makefile for cygwin:
----------------------------Makefile-------------------------------------
TOPDIR = ../..

srcdir = .

TOPOBJ = /home/Administrator/coda-6.0.6

include $(TOPDIR)/Makeconf

#CFLAGS += -DCODAAUTH
CFLAGS +=  -DHAVE_KRB5

AUTHCOMMON := acommon.o
LIBKRBS=

ifneq ($(LIBKRB4),)
AUTHCOMMON += krb4.o
LIBKRBS += $(LIBKRB4)
endif
LIBCRYPTO=-lkrb5 -lcom_err -lroken -lasn1 -ldes
ifneq ($(LIBKRB5),)
AUTHCOMMON += krb5.o
LIBKRBS += $(LIBKRB5)
endif

LIBKRBS=/usr/lib/libkrb5.a /usr/lib/libcom_err.a
AUTHCOMMON += krbcommon.o
ifneq ($(LIBKRB4)$(LIBKRB5),)
AUTHCOMMON += krbcommon.o
endif

LIBAUTH2OBJS=auth2.server.o avice.o pwsupport.o $(AUTHCOMMON)
LIBAUSEROBJS=auth2.client.o auser.o avenus.o $(AUTHCOMMON)

CBINS       = clog cpasswd ctokens cunlog
CSBINS      = au
SBINS       =
SSBINS      = au auth2 initpw
EXECUTABLES = $(CBINS) $(CSBINS) $(SBINS) $(SSBINS) tokentool

#
# only build clog on win9x
#
ifeq ($(SHORTSYS),djgpp)
EXECUTABLES = clog
endif

RP2HEADERS  = auth2.h

DEPLIBS = $(LIBUTIL) $(LIBKERNDEP) $(LIBBASE)
LIBS := $(LIBRPC2) $(LIBLWP) $(LIBCRYPTO) $(LIBS)

LIBRARIES   = libauth2.a libauser.a
HEADERS     = avenus.h avice.h
OBJS = auth2.client.o auth2.server.o auth2.multi.o au.o auser.o avenus.o 
avice.o initpw.o krb5.o krbcommon.o
include $(TOPDIR)/configs/Makerules

libauth2.a: $(LIBAUTH2OBJS)

libauser.a: $(LIBAUSEROBJS)

auth2: auth2.o krb5.o krbcommon.o libauth2.a $(LIBAL) $(LIBRWCDB) $(DEPLIBS)
        ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@

au: au.o libauser.a krb5.o krbcommon.o $(DEPLIBS)
        ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@

clog: clog.o krb5.o krbcommon.o libauser.a tokenfile.o ${LIBCRYPTO} 
${LIBKRBS} ${DEPLIBS}
        ${CC} $(LDFLAGS) $^  ${LIBS} -o $@

cpasswd: cpasswd.o  krb5.o libauser.a ${DEPLIBS}
        ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@

initpw: initpw.o $(DEPLIBS)
        ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@

cunlog: cunlog.o libauser.a ${DEPLIBS}
        ${CC} $(LDFLAGS) $^ ${LIBKRBS}  ${LIBS} -o $@

ctokens: ctokens.o libauser.a ${DEPLIBS}
        ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@

tokentool: tokentool.o tokenfile.o ${DEPLIBS}
        ${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@
------------------------------------Makefile------------------------------------------
Received on 2005-03-16 13:37:14