Bug 196671
| Summary: | net/wireshark: fail to build when security/krb5 is installed | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Ting-Wei Lan <lantw44> | ||||||
| Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Some People | CC: | cy, jcfyecrayz, marcus | ||||||
| Priority: | --- | ||||||||
| Version: | Latest | ||||||||
| Hardware: | amd64 | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
Maintainers CC'd Created attachment 156777 [details]
be more explicit to deconfuse wireshark port regarding kerberos detection/compiling/linking
Attached is a patch to fix this issue. It is more explicit about specifying the path to the kerberos lib and include files to use.
It addresses the following build issues:
(a) When security/krb5 is installed, configure detects the kerberos bits in base properly, but CPPFLAGS causes /usr/local/include/krb5.h to get included and that causes the compiler error described in this bug.
(b) If you then explicitly modify #include <krb5.h> to #include </usr/include/krb5.h>, you get past the compiler error, but get undefined refs at link time because you link with /usr/local/lib/libkrb.so. [1] [2]
(c) Just adding KRB5_CONFIG=/usr/bin/krb5-config is NOT enough because of (a) and (b). You could (I think) point KRB5_CONFIG=${LOCALBASE}/bin/krb5-config and force the port to depend on either the security/heimdal or security/krb5 port (if GSSAPI is on). But why force that extra dependency when the one in base should do the job just fine. see [3]. And if they have turned off kerberos in base (world built WITHOUT_KERBEROS), then it's their own fault for turning on GSSAPI. But we could support world WITHOUT_KERBEROS and a dependency on a kerberos port installed (LIB_DEPENDS) if GSSAPI is on. That'd be a different patch.
[1] such as: epan/.libs/libwireshark.so: undefined reference to `krb5_crypto_destroy'
[2] Putting -I /usr/include before -I /usr/local/include is not good enough because gcc ignores the former since it's in the system header path - see gcc info page; clang probably does that, too, but unverified by me. So I just patch the #include line to explicitly point to the proper absolute path.
Some words about the patch:
Override KRB5_PREFIX to point to a kerberos lib that's not the base one (a heimdal version).
One could add an option to define KRB5_PREFIX based on a new option (KRB_BASE yes/no - if no, point KRB5_PREFIX at ${LOCALBASE} by default).
But this is just to assist in evaluating packets on the wire that are from kerberos traffic. [3] The kerberos lib in base should work just fine for that (but I have not really tested if there is a difference in wireshark's output based on the different kerberos libs available in FreeBSD: base, ports MIT krb5, ports heimdal krb5).
I did test that the port stages just fine with both base kerberos and ports MIT krb5 installed and a build with KRB5_PREFIX=/usr and KRB5_PREFIX=/usr/local. And the configure stage properly detected the various kerberos things correctly.
Oh, and I also build tested WITHOUT=GSSAPI and that built successfully and without the kerberos bits enabled as expected.
Created attachment 156779 [details] alternate patch that just forces a kerb lib from ports if GSSAPI Here's an alternate patch that is simpler, but forces a dependency on a kerberos lib from ports (if GSSAPI is on). This is probably fine, but it precludes using the kerberos installation from base at all. To build with base kerberos, you would need the extra patch to force the absolute path in the include for krb5.h and put -L/usr/lib in front of any -L/usr/local/lib (via LDFLAGS) from the previous patch (attachment 156777 [details]). A commit references this bug: Author: marcus Date: Fri May 15 23:47:44 UTC 2015 New revision: 386492 URL: https://svnweb.freebsd.org/changeset/ports/386492 Log: Update to 1.12.5 and fix the build with GSSAPI by requiring KRB from ports. PR: 196671 Changes: head/net/wireshark/Makefile head/net/wireshark/distinfo head/net/wireshark/files/patch-configure head/net/wireshark/pkg-plist Committed, thanks! |
When security/krb5 is installed on the system, it fails with the following message: ../../asn1/kerberos/packet-kerberos-template.c:482:29: error: no member named 'name' in 'struct krb5_principal_data' for(i=0;i<key.principal->name.name_string.len;i++){ ~~~~~~~~~~~~~ ^ ../../asn1/kerberos/packet-kerberos-template.c:484:101: error: no member named 'name' in 'struct krb5_principal_data' g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_... ~~~~~~~~~~~~~ ^ /usr/local/include/glib-2.0/glib/gmacros.h:240:29: note: expanded from macro 'MIN' #define MIN(a, b) (((a) < (b)) ? (a) : (b)) ^ ../../asn1/kerberos/packet-kerberos-template.c:484:101: error: no member named 'name' in 'struct krb5_principal_data' g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_... ~~~~~~~~~~~~~ ^ /usr/local/include/glib-2.0/glib/gmacros.h:240:42: note: expanded from macro 'MIN' #define MIN(a, b) (((a) < (b)) ? (a) : (b)) ^ ../../asn1/kerberos/packet-kerberos-template.c:487:73: warning: format specifies type 'char *' but the argument has type 'krb5_data' (aka 'struct _krb5_data') [-Wformat] g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm)); ~~ ^~~~~~~~~~~~~~~~~~~~ /usr/local/include/glib-2.0/glib/gmacros.h:240:29: note: expanded from macro 'MIN' #define MIN(a, b) (((a) < (b)) ? (a) : (b)) ^ ../../asn1/kerberos/packet-kerberos-template.c:487:73: warning: format specifies type 'char *' but the argument has type 'krb5_data' (aka 'struct _krb5_data') [-Wformat] g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm)); ~~ ^~~~~~~~~~~~~~~~~~~~ /usr/local/include/glib-2.0/glib/gmacros.h:240:42: note: expanded from macro 'MIN' #define MIN(a, b) (((a) < (b)) ? (a) : (b)) ^ ../../asn1/kerberos/packet-kerberos-template.c:489:25: error: no member named 'keyblock' in 'struct krb5_keytab_entry_st' new_key->keytype=key.keyblock.keytype; ~~~ ^ ../../asn1/kerberos/packet-kerberos-template.c:490:27: error: no member named 'keyblock' in 'struct krb5_keytab_entry_st' new_key->keylength=key.keyblock.keyvalue.length; ~~~ ^ ../../asn1/kerberos/packet-kerberos-template.c:491:35: error: no member named 'keyblock' in 'struct krb5_keytab_entry_st' new_key->keyvalue=g_memdup(key.keyblock.keyvalue.data, key.keyblock.keyvalue.length); ~~~ ^ ../../asn1/kerberos/packet-kerberos-template.c:531:3: error: use of undeclared identifier 'krb5_crypto' krb5_crypto crypto; ^ ../../asn1/kerberos/packet-kerberos-template.c:539:7: error: no member named 'keyblock' in 'struct krb5_keytab_entry_st' key.keyblock.keytype=ek->keytype; ~~~ ^ ../../asn1/kerberos/packet-kerberos-template.c:540:7: error: no member named 'keyblock' in 'struct krb5_keytab_entry_st' key.keyblock.keyvalue.length=ek->keylength; ~~~ ^ ../../asn1/kerberos/packet-kerberos-template.c:541:7: error: no member named 'keyblock' in 'struct krb5_keytab_entry_st' key.keyblock.keyvalue.data=ek->keyvalue; ~~~ ^ ../../asn1/kerberos/packet-kerberos-template.c:542:9: warning: implicit declaration of function 'krb5_crypto_init' is invalid in C99 [-Wimplicit-function-declaration] ret = krb5_crypto_init(krb5_ctx, &(key.keyblock), 0, &crypto); ^ ../../asn1/kerberos/packet-kerberos-template.c:542:42: error: no member named 'keyblock' in 'struct krb5_keytab_entry_st' ret = krb5_crypto_init(krb5_ctx, &(key.keyblock), 0, &crypto); ~~~ ^ ../../asn1/kerberos/packet-kerberos-template.c:554:9: warning: implicit declaration of function 'krb5_decrypt_ivec' is invalid in C99 [-Wimplicit-function-declaration] ret = krb5_decrypt_ivec(krb5_ctx, crypto, usage, ^ ../../asn1/kerberos/packet-kerberos-template.c:554:37: error: use of undeclared identifier 'crypto' ret = krb5_decrypt_ivec(krb5_ctx, crypto, usage, ^ ../../asn1/kerberos/packet-kerberos-template.c:564:4: warning: implicit declaration of function 'krb5_crypto_destroy' is invalid in C99 [-Wimplicit-function-declaration] krb5_crypto_destroy(krb5_ctx, crypto); ^ ../../asn1/kerberos/packet-kerberos-template.c:564:34: error: use of undeclared identifier 'crypto' krb5_crypto_destroy(krb5_ctx, crypto); ^ ../../asn1/kerberos/packet-kerberos-template.c:572:33: error: use of undeclared identifier 'crypto' krb5_crypto_destroy(krb5_ctx, crypto); ^ ../../asn1/kerberos/packet-kerberos-template.c:506:10: warning: unused parameter 'usage' [-Wunused-parameter] int usage, ^ 6 warnings and 14 errors generated. Makefile:12591: recipe for target 'libdissectors_la-packet-kerberos.lo' failed gmake[7]: *** [libdissectors_la-packet-kerberos.lo] Error 1 gmake[7]: *** Waiting for unfinished jobs.... gmake[7]: Leaving directory '/usr/ports/net/wireshark/work/wireshark-1.12.3/epan/dissectors' Makefile:13170: recipe for target 'all-recursive' failed gmake[6]: *** [all-recursive] Error 1 gmake[6]: Leaving directory '/usr/ports/net/wireshark/work/wireshark-1.12.3/epan/dissectors' Makefile:3443: recipe for target 'all' failed gmake[5]: *** [all] Error 2 gmake[5]: Leaving directory '/usr/ports/net/wireshark/work/wireshark-1.12.3/epan/dissectors' Makefile:1906: recipe for target 'all-recursive' failed gmake[4]: *** [all-recursive] Error 1 gmake[4]: Leaving directory '/usr/ports/net/wireshark/work/wireshark-1.12.3/epan' Makefile:3970: recipe for target 'all-recursive' failed gmake[3]: *** [all-recursive] Error 1 gmake[3]: Leaving directory '/usr/ports/net/wireshark/work/wireshark-1.12.3' Makefile:2106: recipe for target 'all' failed gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory '/usr/ports/net/wireshark/work/wireshark-1.12.3' ===> Compilation failed unexpectedly.