From: Francesco Chemolli Date: Fri, 13 Nov 2009 10:28:30 +0000 (+0100) Subject: Author: Markus Moeller huaraz@moeller.plus.com> X-Git-Tag: SQUID_3_2_0_1~580 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d62cc6198abe8088552413a862bafa02c30024c;p=thirdparty%2Fsquid.git Author: Markus Moeller huaraz@moeller.plus.com> Improve squid_kerb_auth portability --- diff --git a/configure.in b/configure.in index c5fbab44ed..cd910676ca 100644 --- a/configure.in +++ b/configure.in @@ -1876,7 +1876,9 @@ if test -n "$DIGEST_AUTH_HELPERS"; then fi AC_SUBST(DIGEST_AUTH_HELPERS) -dnl Check Kerberos +dnl +dnl Check Kerberos/GSSAPI/SPNEGO +dnl SAVED_CPPFLAGS=$CPPFLAGS SAVED_LIBS=$LIBS AC_ARG_WITH(krb5-config, @@ -1927,23 +1929,56 @@ if test "$ac_krb5_config" = "yes" ; then AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h gssapi/gssapi_krb5.h) if test "x$ac_heimdal" == "x" ; then AC_CHECK_HEADERS(gssapi/gssapi_generic.h) + AC_CHECK_HEADERS(profile.h) fi AC_CHECK_HEADERS(krb5.h com_err.h et/com_err.h) - AC_MSG_CHECKING([for max_skew in struct krb5_context]) -AC_TRY_COMPILE([ + AC_CACHE_CHECK([for broken Solaris krb5.h],squid_cv_broken_krb5_h, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include - ], - [ krb5_context kc; kc->max_skew = 1; ], - [ AC_DEFINE(HAVE_MAX_SKEW_IN_KRB5_CONTEXT, 1, [Define to 1 if max_skew in struct krb5_context]) - AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) ] - ) +int i; +]])], [ squid_cv_broken_krb5_h=no ], + [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#if defined(__cplusplus) +#define KRB5INT_BEGIN_DECLS extern "C" { +#define KRB5INT_END_DECLS +KRB5INT_BEGIN_DECLS +#endif +#include +int i; +]])], [ squid_cv_broken_krb5_h=yes ], [ squid_cv_broken_krb5_h=no ])])]) + if test x"$squid_cv_broken_krb5_h" = x"yes"; then + AC_DEFINE(HAVE_BROKEN_SOLARIS_KRB5_H, 1, [Define to 1 if krb5.h is broken for C++]) + fi - if test "x$ac_heimdal" == "x" ; then - AC_CHECK_HEADERS(profile.h) + ac_com_error_message=no + if test "x$ac_cv_header_com_err_h" == "xyes" ; then + AC_EGREP_HEADER(error_message,com_err.h,ac_com_error_message=yes) + elif test "x$ac_cv_header_et_com_err_h" == "xyes" ; then + AC_EGREP_HEADER(error_message,et/com_err.h,ac_com_error_message=yes) + fi + AC_CACHE_CHECK([for max_skew in struct krb5_context],squid_cv_max_skew_context, [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#if HAVE_BROKEN_SOLARIS_KRB5_H +#if defined(__cplusplus) +#define KRB5INT_BEGIN_DECLS extern "C" { +#define KRB5INT_END_DECLS +KRB5INT_BEGIN_DECLS +#endif +#endif +#include +krb5_context kc; kc->max_skew = 1; +]])],[ squid_cv_max_skew_context=yes ], [ squid_cv_max_skew_context=no ])]) + if test x"$squid_cv_max_skew_context" = x"yes"; then + AC_DEFINE(HAVE_MAX_SKEW_IN_KRB5_CONTEXT, 1, [Define to 1 if max_skew in struct krb5_context]) + fi + + if test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" == "xyes" ; then + AC_CHECK_LIB(com_err,error_message, + AC_DEFINE(HAVE_ERROR_MESSAGE,1,[Define to 1 if you have error_message]),) + elif test "x$ac_com_error_message" == "xyes" ; then + AC_CHECK_LIB(krb5,error_message, + AC_DEFINE(HAVE_ERROR_MESSAGE,1,[Define to 1 if you have error_message]),) fi - AC_CHECK_LIB(com_err,error_message, - AC_DEFINE(HAVE_ERROR_MESSAGE,1,[Define to 1 if you have error_message]),) AC_CHECK_LIB(krb5,krb5_get_err_text, AC_DEFINE(HAVE_KRB5_GET_ERR_TEXT,1,[Define to 1 if you have krb5_get_err_text]),) AC_CHECK_LIB(krb5,krb5_get_error_message, @@ -1960,8 +1995,15 @@ AC_TRY_COMPILE([ AC_DEFINE(HAVE_PROFILE_GET_INTEGER,1,[Define to 1 if you have profile_get_integer]),) AC_CHECK_LIB(krb5,profile_release, AC_DEFINE(HAVE_PROFILE_RELEASE,1,[Define to 1 if you have profile_release]),) - AC_MSG_CHECKING([for memory cache]) - AC_TRY_RUN([ + AC_CACHE_CHECK([for memory cache], squid_cv_memory_cache, [ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#if HAVE_BROKEN_SOLARIS_KRB5_H +#if defined(__cplusplus) +#define KRB5INT_BEGIN_DECLS extern "C" { +#define KRB5INT_END_DECLS +KRB5INT_BEGIN_DECLS +#endif +#endif #include main() { @@ -1970,13 +2012,13 @@ main() krb5_init_context(&context); return krb5_cc_resolve(context, "MEMORY:test_cache", &cc); -}], - [AC_DEFINE(HAVE_KRB5_MEMORY_CACHE,1, [Define to 1 if you have MEMORY: cache support]) - AC_MSG_RESULT(yes)], - AC_MSG_RESULT(no)) - - AC_MSG_CHECKING([for working gssapi]) - AC_TRY_RUN([ +} +]])], [ squid_cv_memory_cache=yes ], [ squid_cv_memory_cache=no ])]) + if test "$squid_cv_memory_cache" = "yes" ; then + AC_DEFINE(HAVE_KRB5_MEMORY_CACHE,1, [Define to 1 if you have MEMORY: cache support]) + fi + AC_CACHE_CHECK([for working gssapi], squid_cv_working_gssapi, [ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ #ifdef HAVE_GSSAPI_GSSAPI_H #include #elif HAVE_GSSAPI_H @@ -2004,11 +2046,13 @@ main(void) return 0; } -], [AC_DEFINE(HAVE_GSSAPI, 1, [GSSAPI support]) - AC_MSG_RESULT(yes)], - AC_MSG_RESULT(no)) - AC_MSG_CHECKING([for spnego support]) - AC_TRY_RUN([ +]])], [ squid_cv_working_gssapi=yes ], [ squid_cv_working_gssapi=no ])]) + if test "$squid_cv_working_gssapi" = "yes" ; then + AC_DEFINE(HAVE_GSSAPI, 1, [GSSAPI support]) + fi + + AC_CACHE_CHECK([for spnego support], squid_cv_have_spnego, [ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ #ifdef HAVE_HEIMDAL_KERBEROS #ifdef HAVE_GSSAPI_GSSAPI_H #include @@ -2046,15 +2090,22 @@ gss_OID gss_mech_spnego = &_gss_mech_spnego; } return 1; -}], - [ac_cv_have_spnego=yes +} +]])], [ squid_cv_have_spnego=yes ], [ squid_cv_have_spnego=no ])]) + + if test "$squid_cv_have_spnego" = "yes" ; then AC_DEFINE(HAVE_SPNEGO,1, [Define to 1 if you have SPNEGO support]) - AC_MSG_RESULT(yes)], - [ac_cv_have_spnego=no - AC_MSG_RESULT(no)]) - AC_MSG_CHECKING([for working krb5]) - AC_TRY_RUN([ + fi + AC_CACHE_CHECK([for working krb5], squid_cv_working_krb5, [ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ #ifdef HAVE_KRB5_H +#if HAVE_BROKEN_SOLARIS_KRB5_H +#if defined(__cplusplus) +#define KRB5INT_BEGIN_DECLS extern "C" { +#define KRB5INT_END_DECLS +KRB5INT_BEGIN_DECLS +#endif +#endif #include #endif @@ -2067,15 +2118,17 @@ main(void) return 0; } -], [AC_DEFINE(HAVE_KRB5, 1, [KRB5 support]) - AC_MSG_RESULT(yes)], - AC_MSG_RESULT(no)) +]])], [ squid_cv_working_krb5=yes ], [ squid_cv_working_krb5=no ])]) + if test "$squid_cv_working_krb5" = "yes" ; then + AC_DEFINE(HAVE_KRB5, 1, [KRB5 support]) + fi + LIBS=$SAVED_LIBS CPPFLAGS=$SAVED_CPPFLAGS AC_SUBST(KRB5INCS) AC_SUBST(KRB5LIBS) fi -AM_CONDITIONAL(HAVE_SPNEGO, test x"$ac_cv_have_spnego" = x"yes" ) +AM_CONDITIONAL(HAVE_SPNEGO, test x"$squid_cv_have_spnego" = x"yes" ) dnl Enable "NTLM fail open" AC_ARG_ENABLE(ntlm-fail-open, diff --git a/helpers/negotiate_auth/kerberos/Makefile.am b/helpers/negotiate_auth/kerberos/Makefile.am index 5ad1cf2832..8c8f2011b5 100644 --- a/helpers/negotiate_auth/kerberos/Makefile.am +++ b/helpers/negotiate_auth/kerberos/Makefile.am @@ -24,6 +24,6 @@ negotiate_kerberos_auth_test_SOURCES = $(SOURCE_test) negotiate_kerberos_auth_LDFLAGS = -negotiate_kerberos_auth_LDADD = $(COMPAT_LIB) $(XTRA_LIBS) $(KRB5LIBS) +negotiate_kerberos_auth_LDADD = $(COMPAT_LIB) $(XTRA_LIBS) @KRB5LIBS@ negotiate_kerberos_auth_test_LDFLAGS = -negotiate_kerberos_auth_test_LDADD = $(COMPAT_LIB) $(XTRA_LIBS) $(KRB5LIBS) +negotiate_kerberos_auth_test_LDADD = $(COMPAT_LIB) $(XTRA_LIBS) @KRB5LIBS@ diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc index 24b3c1867d..65d4b2a56b 100644 --- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc +++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc @@ -63,13 +63,6 @@ #include "spnegohelp.h" #endif -#if HAVE_HEIMDAL_KERBEROS -#if HAVE_GSSAPI_GSSAPI_H -#include -#elif HAVE_GSSAPI_H -#include -#endif /* HAVE_GSSAPI_GSSAPI_H */ -#else /* HAVE_HEIMDAL_KERBEROS */ #if HAVE_GSSAPI_GSSAPI_H #include #elif HAVE_GSSAPI_H @@ -81,7 +74,6 @@ #if HAVE_GSSAPI_GSSAPI_GENERIC_H #include #endif /* HAVE_GSSAPI_GSSAPI_GENERIC_H */ -#endif /* HAVE_HEIMDAL_KERBEROS */ #ifndef gss_nt_service_name #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE #endif @@ -92,7 +84,7 @@ #define MAX_AUTHTOKEN_LEN 65535 #endif #ifndef SQUID_KERB_AUTH_VERSION -#define SQUID_KERB_AUTH_VERSION "3.0.1sq" +#define SQUID_KERB_AUTH_VERSION "3.0.2sq" #endif int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, @@ -122,7 +114,10 @@ LogTime() char * gethost_name(void) { +/* char hostname[sysconf(_SC_HOST_NAME_MAX)]; +*/ + char hostname[1024]; struct addrinfo *hres = NULL, *hres_list; int rc, count; @@ -425,7 +420,7 @@ main(int argc, char *const argv[]) #if !HAVE_SPNEGO - if ((rc = parseNegTokenInit(input_token.value, + if ((rc = parseNegTokenInit((const unsigned char*)input_token.value, input_token.length, &kerberosToken, &kerberosTokenLength)) != 0) { if (debug) @@ -514,7 +509,7 @@ main(int argc, char *const argv[]) if (output_token.length) { #if !HAVE_SPNEGO if (spnego_flag) { - if ((rc = makeNegTokenTarg(output_token.value, + if ((rc = makeNegTokenTarg((const unsigned char*)output_token.value, output_token.length, &spnegoToken, &spnegoTokenLength)) != 0) { if (debug) @@ -526,11 +521,11 @@ main(int argc, char *const argv[]) goto cleanup; } } else { - spnegoToken = output_token.value; + spnegoToken = (const unsigned char*)output_token.value; spnegoTokenLength = output_token.length; } #else - spnegoToken = (unsigned char *)output_token.value; + spnegoToken = (const unsigned char*)output_token.value; spnegoTokenLength = output_token.length; #endif token = (char*)xmalloc(ska_base64_encode_len(spnegoTokenLength)); diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc index 3dea5a2986..62c3c51a3c 100644 --- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc +++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc @@ -57,14 +57,6 @@ #include "base64.h" #include "util.h" -#if HAVE_HEIMDAL_KERBEROS -#if HAVE_GSSAPI_GSSAPI_H -#include -#elif HAVE_GSSAPI_H -#include -#endif /* HAVE_GSSAPI_GSSAPI_H */ -#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE -#else /* HAVE_HEIMDAL_KERBEROS */ #if HAVE_GSSAPI_GSSAPI_H #include #elif HAVE_GSSAPI_H @@ -76,7 +68,9 @@ #if HAVE_GSSAPI_GSSAPI_GENERIC_H #include #endif /* HAVE_GSSAPI_GSSAPI_GENERIC_H */ -#endif /* HAVE_HEIMDAL_KERBEROS */ +#ifndef gss_nt_service_name +#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE +#endif static const char *LogTime(void); diff --git a/helpers/negotiate_auth/kerberos/spnegohelp/spnego.cc b/helpers/negotiate_auth/kerberos/spnegohelp/spnego.cc index 1bec85db5d..07fa846a68 100644 --- a/helpers/negotiate_auth/kerberos/spnegohelp/spnego.cc +++ b/helpers/negotiate_auth/kerberos/spnegohelp/spnego.cc @@ -540,8 +540,8 @@ spnegoGetNegotiationResult(SPNEGO_TOKEN_HANDLE hSpnegoToken, if (pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].iElementPresent == SPNEGO_TOKEN_ELEMENT_AVAILABLE) { // Must be 1 byte long and a valid value if (pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].nDatalength == SPNEGO_NEGTARG_MAXLEN_NEGRESULT - && IsValidNegResult(*pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].pbData)) { - *pnegResult = static_cast(*pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].pbData); + && IsValidNegResult(static_cast(*pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].pbData))) { + *pnegResult = static_cast(*pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].pbData); nReturn = SPNEGO_E_SUCCESS; } else { nReturn = SPNEGO_E_INVALID_ELEMENT; @@ -603,11 +603,11 @@ spnegoGetSupportedMechType(SPNEGO_TOKEN_HANDLE hSpnegoToken, if ((nReturn = ASNDerCheckOID(pSpnegoToken-> aElementArray[SPNEGO_TARG_SUPPMECH_ELEMENT].pbData, - nCtr, + static_cast(nCtr), pSpnegoToken-> aElementArray[SPNEGO_TARG_SUPPMECH_ELEMENT]. nDatalength, &nLength)) == SPNEGO_E_SUCCESS) { - *pMechOID = nCtr; + *pMechOID = static_cast(nCtr); } } // For enum MechOIDs diff --git a/helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.cc b/helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.cc index 8cf85f2557..49add97d3e 100644 --- a/helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.cc +++ b/helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.cc @@ -67,7 +67,7 @@ makeNegTokenTarg(const unsigned char *kerberosToken, goto cleanup; } - *negTokenTarg = malloc(*negTokenTargLength); + *negTokenTarg = static_cast(malloc(*negTokenTargLength)); if (!*negTokenTarg) { rc1 = abs(rc2) + 300; @@ -189,7 +189,7 @@ parseNegTokenInit(const unsigned char *negTokenInit, goto cleanup; } - *kerberosToken = malloc(*kerberosTokenLength); + *kerberosToken = static_cast(malloc(*kerberosTokenLength)); if (!*kerberosToken) { rc1 = abs(rc2) + 700; diff --git a/src/peer_proxy_negotiate_auth.cc b/src/peer_proxy_negotiate_auth.cc index c0bf3591a3..7db4515120 100644 --- a/src/peer_proxy_negotiate_auth.cc +++ b/src/peer_proxy_negotiate_auth.cc @@ -36,6 +36,13 @@ extern "C" { #include #endif /* HAVE_PROFILE_H */ #if HAVE_KRB5_H +#if HAVE_BROKEN_SOLARIS_KRB5_H +#if defined(__cplusplus) +#define KRB5INT_BEGIN_DECLS extern "C" { +#define KRB5INT_END_DECLS +KRB5INT_BEGIN_DECLS +#endif +#endif #include #elif HAVE_ET_COM_ERR_H #include