NetBSD Problem Report #56347

From kovert@omniscient.com  Wed Aug  4 17:22:40 2021
Return-Path: <kovert@omniscient.com>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 8379F1A921F
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  4 Aug 2021 17:22:40 +0000 (UTC)
Message-Id: <202108041722.174HMU56008865@guinness.omniscient.com>
Date: Wed, 4 Aug 2021 13:22:30 -0400 (EDT)
From: kovert@omniscient.com
Reply-To: kovert@omniscient.com
To: gnats-bugs@NetBSD.org
Subject: security/p5-GSSAPI does not identfy Kerberos implementation tn Darwin
X-Send-Pr-Version: 3.95

>Number:         56347
>Category:       pkg
>Synopsis:       security/p5-GSSAPI does not identfy Kerberos implementation on Darwin
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    markd
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 04 17:25:00 +0000 2021
>Last-Modified:  Wed Aug 04 19:39:58 +0000 2021
>Originator:     Todd Kover
>Release:        Darwin 20.6.0
>Organization:
Omniscient Technologies
>Environment:
	Big Sur, pretty vanilla pkgsrc build of www/p5-LWP-Authen-Negotiate
Architecture: x86_64
Machine: amd64
>Description:
	p5-GSSAPI fails to identify that the underlying Kerberos implementation
	is heimdal because krb5-config does not include the string "heimdal"
	on Darwin, and ultimately causes pain upwards in things that use the
	module, typically with several layers of indirection.

	This is likely the root of an (unanswered) bug reported in 2013: https://sourceforge.net/p/perlgssapi/mailman/perlgssapi-developer/thread/CAMoQMJqFVYWR7pprT-dauNcXAoBpAykWYs%3DNW9kT0a%3DCQM03WA%40mail.gmail.com/#msg31410373

	There hasn't been a release since 2010, so I didn't bother reporting
	this upstream or digging deeper to see if there were other bugs.

>How-To-Repeat:
	Setup a webserver that uses negotiate for authentication

	cat  >negotiate-dance.pl <<EOF
	#!/usr/bin/env perl

	use LWP::UserAgent;
	my $ua = LWP::UserAgent->new;
	my $res = $ua->get('https:://example.com/negotiate');
	printf "%s\n", ($res->is_success) ? $res->content : $res->status_line;
	EOF
	chmod +x negotiate-dance.pl

	run on darwin.  Watch it crash on the $ua->get:

	[transient:549 ~] ./negotiate-dance.pl
	perl(51402,0x105ae7e00) malloc: *** error for object 0x7fff2d7c022c: pointer being freed was not allocated
	perl(51402,0x105ae7e00) malloc: *** set a breakpoint in malloc_error_break to debug
	Abort trap: 6

>Fix:
        This fix is a hack but it is good enough considering the upstream
        state.
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/p5-GSSAPI/Makefile,v
retrieving revision 1.22
diff -u -r1.22 Makefile
--- Makefile	24 May 2021 19:54:03 -0000	1.22
+++ Makefile	4 Aug 2021 17:00:37 -0000
@@ -15,6 +15,11 @@
 PERL5_PACKLIST=	auto/GSSAPI/.packlist
 MAKE_PARAMS+=	--gssapiimpl=${KRB5BASE}

+.include "../../mk/bsd.prefs.mk"
+.if ${OPSYS} == "Darwin"
+CFLAGS += -DHEIMDAL
+.endif
+
 .include "../../lang/perl5/module.mk"
 .include "../../mk/krb5.buildlink3.mk"
 .include "../../mk/pthread.buildlink3.mk"

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->markd
Responsible-Changed-By: hauke@NetBSD.org
Responsible-Changed-When: Wed, 04 Aug 2021 19:39:58 +0000
Responsible-Changed-Why:
Over to maintainer.
.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.