Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support GSSAPI auth with custom service principal name #355

Merged
merged 4 commits into from Jul 24, 2019

Conversation

@rmatev
Copy link
Contributor

commented Jul 14, 2019

Add an optional element to the hosts spec, AUTH_NAME, which is the "canonical" name to use for the service principal name instead of HOSTNAME (or its corresponding fqdn).

This option is necessary in case of accessing an authenticated server via ssh port forwarding, in which case the HOSTNAME is 127.0.0.1 and the canonical name cannot be deduced automatically.

Also, fix a couple of issues revealed with GCC 8.3.1 and add some artefacts to .gitignore.

Testing of any authentication features is not done as far as I see, and requires a bit of setting up. I can take care of this if needed. In any case, I have been using this new feature for a few weeks already without issues.

rmatev added some commits May 5, 2019

Support auth with custom service principal name
Add an optional element to the hosts spec, AUTH_NAME, which is
the "canonical" name to use for the service principal name instead
of HOSTNAME (or its corresponding fqdn). This option is useful in case of
accessing an authenticated server via ssh port forwarding, in which case
the HOSTNAME is 127.0.0.1.
Fix popt compilation with gcc 8 (-Wformat-overflow)
```
popt/popthelp.c: In function ‘singleOptionHelp.isra.7’:
popt/popthelp.c:343:29: error: ‘%d’ directive writing between 1 and 11
bytes into a region of size between 0 and 10 [-Werror=format-overflow=]
  sprintf(format, "%%.%ds\n%%%ds", (int) (ch - help), indentLength);
                             ^~
popt/popthelp.c:343:18: note: directive argument in the range
[-2147483643, 2147483647]
  sprintf(format, "%%.%ds\n%%%ds", (int) (ch - help), indentLength);
                  ^~~~~~~~~~~~~~~
popt/popthelp.c:343:2: note: ‘sprintf’ output between 9 and 29 bytes
into a destination of size 16
  sprintf(format, "%%.%ds\n%%%ds", (int) (ch - help), indentLength);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Fix compilation with gcc 8 (-Wstringop-truncation)
```
src/rpc.c: In function ‘dcc_r_sometoken_int’:
src/rpc.c:221:5: error: ‘strncpy’ output may be truncated copying 4
bytes from a string of length 12 [-Werror=stringop-truncation]
     strncpy(token, buf, 4);
     ^~~~~~~~~~~~~~~~~~~~~~
```
Add build/test/run artefacts to gitignore
Add update-distcc-symlinks, h_* test harnesses and __pycache__ dirs
to .gitignore
@shawnl

shawnl approved these changes Jul 14, 2019

Copy link
Collaborator

left a comment

LGTM. @afbjorklund ?

@shawnl

This comment has been minimized.

Copy link
Collaborator

commented Jul 14, 2019

Actually, can we get a test for this?

@rmatev

This comment has been minimized.

Copy link
Contributor Author

commented Jul 14, 2019

Actually, can we get a test for this?

I can propose some changes that exercise the DISTCC_HOSTS parsing (only when compiled using --with-auth). It won't be extremely pretty but should be okay.

Proper testing of the GSSAPI authentication would need a local test KDC server, and setting that and everything else up will take a considerable amount of time.

What do you think?

@shawnl

This comment has been minimized.

Copy link
Collaborator

commented Jul 14, 2019

@shawnl shawnl merged commit 6fb446f into distcc:master Jul 24, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.