bug-inetutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-inetutils] rcp: No libshishi support.

From: Simon Josefsson
Subject: Re: [bug-inetutils] rcp: No libshishi support.
Date: Mon, 13 Feb 2012 11:59:01 +0100
User-agent: Gnus/5.130001 (Ma Gnus v0.1) Emacs/24.0.93 (gnu/linux) 
Mats Erik Andersson <address@hidden> writes:

> fredag den 10 februari 2012 klockan 16:17 skrev Simon Josefsson detta:
>> Mats Erik Andersson <address@hidden> writes:
>> 
>> > Dear all,
>> >
>> > anyone for a well defined, finite task?
>> >
>> >   * Implement libshishi support in "src/rcp.c".
>> >
>> > or a step or two more complicated,
>> >
>> >   * Implement Kerberos5 support in "src/rcp.c".
>> >
>> > Presently on Kerberos4 is provided.
>> 
>> There is a re-implementation of rcp with Shishi support here:
>> 
>> http://git.savannah.gnu.org/cgit/shishi.git/tree/extra/rsh-redone
>> 
>> Come to think of it, maybe it makes sense to move some of that into
>> InetUtils, the rcp code in InetUtils is quite crufty...
>
> Until then you MUST disable the build of rcp when using "--with-shi-shi",
> since you are fooling user to believe there is a functional support for
> libshishi in that utility, which is a plain lie.

As a starting pointer, let's just document the fact in README, I've
pushed a small patch.  There are several other tools in InetUtils which
does not use Kerberos even when InetUtils is built with Kerberos
support.  Sometimes it is intentional and sometimes it is because nobody
has done the necessary work.

>> However, there is always the backwards compatibility issue to consider,
>> and without good regression testing it is difficult to know whether our
>> "rcp" works or not.  Since rcp is so rarely used today, I'm not sure
>> we'd get many bug reports about it...
>
> Speaking of which
>
>    /* src/rshd.c, lines 796 -- 810
>       `git blame` mentions Alfred
>     */
>
>    #elif defined(SHISHI)
>      if (use_kerberos)
>        {
>          /*
>             Verbatim code from Kerberos clause,
>             ten lines in extent, suggesting that
>             user authentication be implemented here.
>           */
>        }
>      else
>    #endif
>
> Is this functional at all, or is it yet another lie? Code that
> has not been tested, based on hope alone? For sure it compiles,
> but the code does nothing. Should no action be needed, then this
> is the worst possible mode of stating that fact.

There is a call to 'shishi_authorized_p' above, with similar error
messages, so I suspect the code is just a leftover.

It would be great to get a test environment for Kerberos support in
InetUtils up and running.  I used to have a test-KDC at
interop.josefsson.org for this purpose, but it has stopped working.  The
best would be to document the process of setting it up so that everyone
can reproduce it locally for their testing/development needs...

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]