From: Francesco Chemolli <5175948+kinkie@users.noreply.github.com> Date: Wed, 20 Mar 2024 15:24:05 +0000 (+0000) Subject: Maintenance: rework SASL detection (#1694) X-Git-Tag: SQUID_7_0_1~166 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=388d024ea9d0cda146400219c3d7720aea839fc6;p=thirdparty%2Fsquid.git Maintenance: rework SASL detection (#1694) MacOS Homebrew offers Cyrus SASL. --- diff --git a/acinclude/squid-util.m4 b/acinclude/squid-util.m4 index 45584f3bd5..c71f975aac 100644 --- a/acinclude/squid-util.m4 +++ b/acinclude/squid-util.m4 @@ -332,30 +332,3 @@ AS_IF([test "$ac_res" != no],[ $3],[$4]) AS_VAR_POPDEF([ac_Search])dnl ]) - -dnl Check for Cyrus SASL -AC_DEFUN([SQUID_CHECK_SASL],[ - squid_cv_check_sasl="auto" - AC_CHECK_HEADERS([sasl/sasl.h sasl.h]) - AC_CHECK_LIB(sasl2,sasl_errstring,[LIBSASL="-lsasl2"],[ - AC_CHECK_LIB(sasl,sasl_errstring,[LIBSASL="-lsasl"], [ - squid_cv_check_sasl="no" - ]) - ]) - AS_IF([test "$squid_host_os" = "darwin"],[ - AS_IF([test "$ac_cv_lib_sasl2_sasl_errstring" = "yes"],[ - AC_DEFINE(HAVE_SASL_DARWIN,1,[Define to 1 if Mac Darwin without sasl.h]) - echo "checking for MAC Darwin without sasl.h ... yes" - squid_cv_check_sasl="yes" - ],[ - echo "checking for MAC Darwin without sasl.h ... no" - squid_cv_check_sasl="no" - ]) - ]) - AS_IF([test "x$squid_cv_check_sasl" = "xno"],[ - AC_MSG_WARN([Neither SASL nor SASL2 found]) - ],[ - squid_cv_check_sasl="yes" - ]) - AC_SUBST(LIBSASL) -]) diff --git a/configure.ac b/configure.ac index 4f0d7651cd..6054c881a9 100644 --- a/configure.ac +++ b/configure.ac @@ -1207,6 +1207,16 @@ SQUID_CHECK_LIB_WORKS(ldap,[ SQUID_STATE_ROLLBACK(squid_ldap_state) ]) +SQUID_AUTO_LIB(sasl,[Cyrus SASL],[LIBSASL]) +SQUID_CHECK_LIB_WORKS([sasl],[ + SQUID_STATE_SAVE(sasl_state) + PKG_CHECK_MODULES([LIBSASL],[libsasl2],[:],[:]) + CPPFLAGS="$LIBSASL_CFLAGS $CPPFLAGS" + LIBS="$LIBSASL_LIBS $LIBS" + AC_CHECK_HEADERS([sasl/sasl.h sasl.h]) + SQUID_STATE_ROLLBACK(sasl_state) +]) + SQUID_AUTO_LIB(systemd,[systemd API for start-up notification],[LIBSYSTEMD]) SQUID_CHECK_LIB_WORKS(systemd,[ SQUID_STATE_SAVE(squid_systemd_state) diff --git a/doc/release-notes/release-7.sgml.in b/doc/release-notes/release-7.sgml.in index c08c73e9de..971e5a36de 100644 --- a/doc/release-notes/release-7.sgml.in +++ b/doc/release-notes/release-7.sgml.in @@ -194,6 +194,9 @@ This section gives an account of those changes in three categories: --without-psapi

Disable auto-detection of Windows PSAPI library. + --without-sasl +

Disable auto-detection of Cyrus SASL (or compatible) library. + CPPFLAGS=-DINCOMING_FACTOR=

Control the listening sockets responsiveness with poll(2) and select(2). The higher the INCOMING_FACTOR, the slower the algorithm will diff --git a/src/acl/external/kerberos_ldap_group/Makefile.am b/src/acl/external/kerberos_ldap_group/Makefile.am index c76c94820a..03b4d032be 100644 --- a/src/acl/external/kerberos_ldap_group/Makefile.am +++ b/src/acl/external/kerberos_ldap_group/Makefile.am @@ -40,5 +40,5 @@ ext_kerberos_ldap_group_acl_LDADD = \ $(LIBHEIMDAL_KRB5_LIBS) \ $(LIBLDAP_LIBS) \ $(LIBMIT_KRB5_LIBS) \ - $(LIBSASL) \ + $(LIBSASL_LIBS) \ $(XTRA_LIBS) diff --git a/src/acl/external/kerberos_ldap_group/required.m4 b/src/acl/external/kerberos_ldap_group/required.m4 index 0298bf2e34..16978cc35f 100644 --- a/src/acl/external/kerberos_ldap_group/required.m4 +++ b/src/acl/external/kerberos_ldap_group/required.m4 @@ -6,6 +6,7 @@ ## AS_IF([test "x$LIBMIT_KRB5_LIBS" != "x" -o "x$LIBHEIMDAL_KRB5_LIBS" != "x" -o "x$LIBGSS_LIBS" != "x"],[ - SQUID_CHECK_SASL - AS_IF([test "x$LIBLDAP_LIBS" != "x"],[BUILD_HELPER="kerberos_ldap_group"]) + AS_IF([test "x$LIBLDAP_LIBS" != "x" -a "x$LIBSASL_LIBS" != "x"],[ + BUILD_HELPER="kerberos_ldap_group" + ]) ]) diff --git a/src/acl/external/kerberos_ldap_group/support.h b/src/acl/external/kerberos_ldap_group/support.h index 3073b8cd8a..124c556551 100644 --- a/src/acl/external/kerberos_ldap_group/support.h +++ b/src/acl/external/kerberos_ldap_group/support.h @@ -149,7 +149,7 @@ size_t get_ldap_hostname_list(struct main_args *margs, struct hstruct **hlist, s size_t get_hostname_list(struct hstruct **hlist, size_t nhosts, char *name); size_t free_hostname_list(struct hstruct **hlist, size_t nhosts); -#if HAVE_SASL_H || HAVE_SASL_SASL_H || HAVE_SASL_DARWIN +#if HAVE_SASL_H || HAVE_SASL_SASL_H int tool_sasl_bind(LDAP * ld, char *binddn, char *ssl); #endif diff --git a/src/acl/external/kerberos_ldap_group/support_ldap.cc b/src/acl/external/kerberos_ldap_group/support_ldap.cc index 9a1f8ed752..3a7902924d 100644 --- a/src/acl/external/kerberos_ldap_group/support_ldap.cc +++ b/src/acl/external/kerberos_ldap_group/support_ldap.cc @@ -85,7 +85,7 @@ int search_group_tree(struct main_args *margs, LDAP * ld, char *bindp, #if HAVE_SUN_LDAP_SDK || HAVE_MOZILLA_LDAP_SDK #if HAVE_LDAP_REBINDPROC_CALLBACK -#if HAVE_SASL_H || HAVE_SASL_SASL_H || HAVE_SASL_DARWIN +#if HAVE_SASL_H || HAVE_SASL_SASL_H static LDAP_REBINDPROC_CALLBACK ldap_sasl_rebind; static int LDAP_CALL LDAP_CALLBACK @@ -121,7 +121,7 @@ ldap_simple_rebind(LDAP * ld, nullptr); } #elif HAVE_LDAP_REBIND_PROC -#if HAVE_SASL_H || HAVE_SASL_SASL_H || HAVE_SASL_DARWIN +#if HAVE_SASL_H || HAVE_SASL_SASL_H static LDAP_REBIND_PROC ldap_sasl_rebind; static int @@ -131,7 +131,7 @@ ldap_sasl_rebind(LDAP * ld, struct ldap_creds *cp = (struct ldap_creds *) params; return tool_sasl_bind(ld, cp->dn, cp->pw); } -#endif /* HAVE_SASL_H || HAVE_SASL_SASL_H || HAVE_SASL_DARWIN */ +#endif /* HAVE_SASL_H || HAVE_SASL_SASL_H */ static LDAP_REBIND_PROC ldap_simple_rebind; @@ -153,7 +153,7 @@ ldap_simple_rebind(LDAP * ld, #ifndef LDAP_REFERRALS #define LDAP_REFERRALS #endif /* LDAP_REFERRALS */ -#if HAVE_SASL_H || HAVE_SASL_SASL_H || HAVE_SASL_DARWIN +#if HAVE_SASL_H || HAVE_SASL_SASL_H static LDAP_REBIND_FUNCTION ldap_sasl_rebind; static int @@ -192,7 +192,7 @@ ldap_simple_rebind(LDAP * ld, #error "No rebind functione defined" #endif #else /* HAVE_SUN_LDAP_SDK */ -#if HAVE_SASL_H || HAVE_SASL_SASL_H || HAVE_SASL_DARWIN +#if HAVE_SASL_H || HAVE_SASL_SASL_H static LDAP_REBIND_PROC ldap_sasl_rebind; static int @@ -1070,7 +1070,7 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group) * ldap bind with SASL/GSSAPI authentication (only possible if a domain was part of the username) */ -#if HAVE_SASL_H || HAVE_SASL_SASL_H || HAVE_SASL_DARWIN +#if HAVE_SASL_H || HAVE_SASL_SASL_H debug((char *) "%s| %s: DEBUG: Bind to ldap server with SASL/GSSAPI\n", LogTime(), PROGRAM); diff --git a/src/acl/external/kerberos_ldap_group/support_sasl.cc b/src/acl/external/kerberos_ldap_group/support_sasl.cc index 6633c7c534..1b62c62e5f 100644 --- a/src/acl/external/kerberos_ldap_group/support_sasl.cc +++ b/src/acl/external/kerberos_ldap_group/support_sasl.cc @@ -41,26 +41,9 @@ #include #elif HAVE_SASL_SASL_H #include -#elif HAVE_SASL_DARWIN -typedef struct sasl_interact { - unsigned long id; /* same as client/user callback ID */ - const char *challenge; /* presented to user (e.g. OTP challenge) */ - const char *prompt; /* presented to user (e.g. "Username: ") */ - const char *defresult; /* default result string */ - const void *result; /* set to point to result */ - unsigned len; /* set to length of result */ -} sasl_interact_t; - -#define SASL_CB_USER 0x4001 /* client user identity to login as */ -#define SASL_CB_AUTHNAME 0x4002 /* client authentication name */ -#define SASL_CB_PASS 0x4004 /* client passphrase-based secret */ -#define SASL_CB_ECHOPROMPT 0x4005 /* challenge and client enterred result */ -#define SASL_CB_NOECHOPROMPT 0x4006 /* challenge and client enterred result */ -#define SASL_CB_GETREALM 0x4008 /* realm to attempt authentication in */ -#define SASL_CB_LIST_END 0 /* end of list */ #endif -#if HAVE_SASL_H || HAVE_SASL_SASL_H || HAVE_SASL_DARWIN +#if HAVE_SASL_H || HAVE_SASL_SASL_H void *lutil_sasl_defaults( LDAP * ld, char *mech, diff --git a/src/auth/basic/SASL/Makefile.am b/src/auth/basic/SASL/Makefile.am index b487f33a13..eeab73a03c 100644 --- a/src/auth/basic/SASL/Makefile.am +++ b/src/auth/basic/SASL/Makefile.am @@ -15,7 +15,7 @@ basic_sasl_auth_SOURCES = \ basic_sasl_auth_LDADD= \ $(top_builddir)/lib/libmiscencoding.la \ $(COMPAT_LIB) \ - $(LIBSASL) \ + $(LIBSASL_LIBS) \ $(XTRA_LIBS) EXTRA_DIST= \ diff --git a/src/auth/basic/SASL/required.m4 b/src/auth/basic/SASL/required.m4 index d50d7a1556..dd26615aab 100755 --- a/src/auth/basic/SASL/required.m4 +++ b/src/auth/basic/SASL/required.m4 @@ -5,5 +5,4 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -SQUID_CHECK_SASL -AS_IF([test "x$squid_cv_check_sasl" = "xyes"],[BUILD_HELPER="SASL"]) +AS_IF([test "x$LIBSASL_LIBS" != "x"],[BUILD_HELPER="SASL"])