NetBSD Problem Report #56347
From kovert@omniscient.com Wed Aug 4 17:22:40 2021
Return-Path: <kovert@omniscient.com>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 8379F1A921F
for <gnats-bugs@gnats.NetBSD.org>; Wed, 4 Aug 2021 17:22:40 +0000 (UTC)
Message-Id: <202108041722.174HMU56008865@guinness.omniscient.com>
Date: Wed, 4 Aug 2021 13:22:30 -0400 (EDT)
From: kovert@omniscient.com
Reply-To: kovert@omniscient.com
To: gnats-bugs@NetBSD.org
Subject: security/p5-GSSAPI does not identfy Kerberos implementation tn Darwin
X-Send-Pr-Version: 3.95
>Number: 56347
>Category: pkg
>Synopsis: security/p5-GSSAPI does not identfy Kerberos implementation on Darwin
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: markd
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Aug 04 17:25:00 +0000 2021
>Last-Modified: Wed Aug 04 19:39:58 +0000 2021
>Originator: Todd Kover
>Release: Darwin 20.6.0
>Organization:
Omniscient Technologies
>Environment:
Big Sur, pretty vanilla pkgsrc build of www/p5-LWP-Authen-Negotiate
Architecture: x86_64
Machine: amd64
>Description:
p5-GSSAPI fails to identify that the underlying Kerberos implementation
is heimdal because krb5-config does not include the string "heimdal"
on Darwin, and ultimately causes pain upwards in things that use the
module, typically with several layers of indirection.
This is likely the root of an (unanswered) bug reported in 2013: https://sourceforge.net/p/perlgssapi/mailman/perlgssapi-developer/thread/CAMoQMJqFVYWR7pprT-dauNcXAoBpAykWYs%3DNW9kT0a%3DCQM03WA%40mail.gmail.com/#msg31410373
There hasn't been a release since 2010, so I didn't bother reporting
this upstream or digging deeper to see if there were other bugs.
>How-To-Repeat:
Setup a webserver that uses negotiate for authentication
cat >negotiate-dance.pl <<EOF
#!/usr/bin/env perl
use LWP::UserAgent;
my $ua = LWP::UserAgent->new;
my $res = $ua->get('https:://example.com/negotiate');
printf "%s\n", ($res->is_success) ? $res->content : $res->status_line;
EOF
chmod +x negotiate-dance.pl
run on darwin. Watch it crash on the $ua->get:
[transient:549 ~] ./negotiate-dance.pl
perl(51402,0x105ae7e00) malloc: *** error for object 0x7fff2d7c022c: pointer being freed was not allocated
perl(51402,0x105ae7e00) malloc: *** set a breakpoint in malloc_error_break to debug
Abort trap: 6
>Fix:
This fix is a hack but it is good enough considering the upstream
state.
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/p5-GSSAPI/Makefile,v
retrieving revision 1.22
diff -u -r1.22 Makefile
--- Makefile 24 May 2021 19:54:03 -0000 1.22
+++ Makefile 4 Aug 2021 17:00:37 -0000
@@ -15,6 +15,11 @@
PERL5_PACKLIST= auto/GSSAPI/.packlist
MAKE_PARAMS+= --gssapiimpl=${KRB5BASE}
+.include "../../mk/bsd.prefs.mk"
+.if ${OPSYS} == "Darwin"
+CFLAGS += -DHEIMDAL
+.endif
+
.include "../../lang/perl5/module.mk"
.include "../../mk/krb5.buildlink3.mk"
.include "../../mk/pthread.buildlink3.mk"
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: pkg-manager->markd
Responsible-Changed-By: hauke@NetBSD.org
Responsible-Changed-When: Wed, 04 Aug 2021 19:39:58 +0000
Responsible-Changed-Why:
Over to maintainer.
.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.