Add Kerberos support for MAC OS X 10.x

diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4
index 8f15b9a2152d9d2cae600d5aaba41e5d2c13c419..e7611109a28d272ad6e26b7d32627d907dc4029e 100644 (file)
--- a/acinclude/krb5.m4
+++ b/acinclude/krb5.m4
@@ -79,6 +79,9 @@ AC_DEFUN([SQUID_CHECK_MAX_SKEW_IN_KRB5_CONTEXT],[
 KRB5INT_BEGIN_DECLS
 #endif
 #endif
+#if USE_APPLE_KRB5
+#define KERBEROS_APPLE_DEPRECATED(x)
+#endif
 #include <krb5.h>
 krb5_context kc; kc->max_skew = 1;
       ]])
@@ -100,6 +103,9 @@ AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE],[
 KRB5INT_BEGIN_DECLS
 #endif
 #endif
+#if USE_APPLE_KRB5
+#define KERBEROS_APPLE_DEPRECATED(x)
+#endif
 #include <krb5.h>
 int main(int argc, char *argv[])
 {
@@ -127,6 +133,9 @@ AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB],[
 KRB5INT_BEGIN_DECLS
 #endif
 #endif
+#if USE_APPLE_KRB5
+#define KERBEROS_APPLE_DEPRECATED(x)
+#endif
 #include <krb5.h>
 int main(int argc, char *argv[])
 {
@@ -157,6 +166,9 @@ AC_DEFUN([SQUID_CHECK_WORKING_GSSAPI], [
 #include <gss.h>
 #endif
 #else
+#if USE_APPLE_KRB5
+#define GSSKRB_APPLE_DEPRECATED(x)
+#endif
 #if HAVE_GSSAPI_GSSAPI_H
 #include <gssapi/gssapi.h>
 #elif HAVE_GSSAPI_H
@@ -200,6 +212,9 @@ AC_DEFUN([SQUID_CHECK_SPNEGO_SUPPORT], [
 #include <gss.h>
 #endif
 #else
+#if USE_APPLE_KRB5
+#define GSSKRB_APPLE_DEPRECATED(x)
+#endif
 #if HAVE_GSSAPI_GSSAPI_H
 #include <gssapi/gssapi.h>
 #elif HAVE_GSSAPI_H
@@ -239,6 +254,9 @@ dnl checks that krb5 is functional. Sets squid_cv_working_krb5
 AC_DEFUN([SQUID_CHECK_WORKING_KRB5],[
   AC_CACHE_CHECK([for working krb5], squid_cv_working_krb5, [
     AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#if USE_APPLE_KRB5
+#define KERBEROS_APPLE_DEPRECATED(x)
+#endif
 #if HAVE_KRB5_H
 #if HAVE_BROKEN_SOLARIS_KRB5_H
 #if defined(__cplusplus)
@@ -338,6 +356,9 @@ AC_DEFUN([SQUID_CHECK_KRB5_FUNCS],[
       [Define to 1 if you have krb5_get_init_creds_opt_alloc]),)
   AC_MSG_CHECKING([for krb5_get_init_creds_free requires krb5_context])
   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+        #if USE_APPLE_KRB5
+        #define KERBEROS_APPLE_DEPRECATED(x)
+        #endif
        #include <krb5.h>
     ]],[[krb5_context context;
         krb5_get_init_creds_opt *options;

diff --git a/configure.ac b/configure.ac
index 36a0caeddfa963489ee1da0148fd010cff3bdc79..3d9fb1a508f113eba52a64f8410a57a12b43d83e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1390,6 +1390,7 @@ case "$with_mit_krb5" in
     with_mit_krb5=yes
 esac
 ])
+AH_TEMPLATE(USE_APPLE_KRB5,[Apple Kerberos support is available])
 AH_TEMPLATE(USE_MIT_KRB5,[MIT Kerberos support is available])
 AH_TEMPLATE(USE_SOLARIS_KRB5,[Solaris Kerberos support is available])
 
@@ -1480,6 +1481,7 @@ elif test $ac_with_krb5_count -eq 0 ; then
       krb5confpath="`dirname $ac_cv_path_krb5_config`"
       ac_heimdal="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i heimdal`"
       ac_solaris="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i solaris`"
+      ac_apple="`$ac_cv_path_krb5_config --vendor 2>/dev/null | grep -c -i apple`"
       if test $ac_heimdal -gt 0 ; then
        with_heimdal_krb5=yes
         ac_with_krb5_count=1
@@ -1488,7 +1490,11 @@ elif test $ac_with_krb5_count -eq 0 ; then
        with_solaris_krb5=yes
         ac_with_krb5_count=1
       fi
-      if test $ac_heimdal -eq 0 && test $ac_solaris -eq 0 ; then
+      if test $ac_apple -gt 0 ; then
+       with_apple_krb5=yes
+        ac_with_krb5_count=1
+      fi
+      if test $ac_heimdal -eq 0 && test $ac_solaris -eq 0 && test $ac_apple -eq 0; then
        with_mit_krb5=yes
         ac_with_krb5_count=1
       fi
@@ -1498,7 +1504,7 @@ elif test $ac_with_krb5_count -eq 0 ; then
   fi
 fi
 
-if test "x$with_mit_krb5" = "xyes"; then
+if test "x$with_mit_krb5" = "xyes" || test "x$with_apple_krb5" = "xyes" ; then
   SQUID_STATE_SAVE([squid_krb5_save])
   LIBS="$LIBS $LIB_KRB5_PATH"
 
@@ -1549,10 +1555,15 @@ if test "x$with_mit_krb5" = "xyes"; then
   ])
 
   if test "x$LIB_KRB5_LIBS" != "x"; then
+    if test "x$with_apple_krb5" = "xyes" ; then
+      AC_DEFINE(USE_APPLE_KRB5,1,[Apple Kerberos support is available])
+      KRB5_FLAVOUR="Apple" 
+    else
+      AC_DEFINE(USE_MIT_KRB5,1,[MIT Kerberos support is available])
+      KRB5_FLAVOUR="MIT" 
+    fi
     KRB5LIBS="$LIB_KRB5_PATH $LIB_KRB5_LIBS $KRB5LIBS"
     KRB5INCS="$LIB_KRB5_CFLAGS"
-    AC_DEFINE(USE_MIT_KRB5,1,[MIT Kerberos support is available])
-    KRB5_FLAVOUR="MIT" 
     
     # check for other specific broken implementations
     CXXFLAGS="$CXXFLAGS $KRB5INCS"

diff --git a/helpers/external_acl/kerberos_ldap_group/required.m4 b/helpers/external_acl/kerberos_ldap_group/required.m4
index c7e64096ec9fd5d1644ca35d82d14bc963281868..f3297c5c1b75788418906884951b50b729a8d332 100644 (file)
--- a/helpers/external_acl/kerberos_ldap_group/required.m4
+++ b/helpers/external_acl/kerberos_ldap_group/required.m4
@@ -7,5 +7,10 @@
 
 if test "x$with_krb5" == "xyes"; then
   BUILD_HELPER="kerberos_ldap_group"
+  if test "x$with_apple_krb5" = "xyes" ; then
+    AC_CHECK_LIB(resolv, [main], [XTRA_LIBS="$XTRA_LIBS -lresolv"],[
+      AC_MSG_ERROR([library 'resolv' is required for Apple Kerberos])
+    ])
+  fi
   SQUID_CHECK_SASL
 fi

diff --git a/helpers/external_acl/kerberos_ldap_group/support.h b/helpers/external_acl/kerberos_ldap_group/support.h
index bb94aee239f392d6c1bd2bc2389308aba981850a..2275ee6e8423fce9e9ae27551ea0b617edce3ab8 100644 (file)
--- a/helpers/external_acl/kerberos_ldap_group/support.h
+++ b/helpers/external_acl/kerberos_ldap_group/support.h
@@ -34,6 +34,10 @@
 
 #include <cstring>
 
+#if USE_APPLE_KRB5
+#define KERBEROS_APPLE_DEPRECATED(x)
+#endif
+
 #if HAVE_KRB5_H
 #if HAVE_BROKEN_SOLARIS_KRB5_H
 #warn "Warning! You have a broken Solaris <krb5.h> system header"

diff --git a/helpers/external_acl/kerberos_ldap_group/support_ldap.cc b/helpers/external_acl/kerberos_ldap_group/support_ldap.cc
index 66ce1bc87e87b9dd1261da0cffb7482422c99223..7603e57b7308f11c3bbc4b756350d0cc9b656141 100644 (file)
--- a/helpers/external_acl/kerberos_ldap_group/support_ldap.cc
+++ b/helpers/external_acl/kerberos_ldap_group/support_ldap.cc
@@ -114,11 +114,16 @@ ldap_simple_rebind(
     void *params)
 {
     struct ldap_creds *cp = (struct ldap_creds *) params;
+    struct berval cred;
+    if (cp->pw) {
+        cred.bv_val=cp->pw;
+        cred.bv_len=strlen(cp->pw);
+    }
     whop = whop;
     credp = credp;
     methodp = methodp;
     freeit = freeit;
-    return ldap_bind_s(ld, cp->dn, cp->pw, LDAP_AUTH_SIMPLE);
+    return ldap_sasl_bind_s(ld, cp->dn, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
 }
 #elif HAVE_LDAP_REBIND_PROC
 #if HAVE_SASL_H || HAVE_SASL_SASL_H || HAVE_SASL_DARWIN
@@ -148,7 +153,12 @@ ldap_simple_rebind(
     void *params)
 {
     struct ldap_creds *cp = (struct ldap_creds *) params;
-    return ldap_bind_s(ld, cp->dn, cp->pw, LDAP_AUTH_SIMPLE);
+    struct berval cred;
+    if (cp->pw) {
+        cred.bv_val=cp->pw;
+        cred.bv_len=strlen(cp->pw);
+    }
+    return ldap_sasl_bind_s(ld, cp->dn, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
 }
 
 #elif HAVE_LDAP_REBIND_FUNCTION
@@ -188,11 +198,16 @@ ldap_simple_rebind(
     void *params)
 {
     struct ldap_creds *cp = (struct ldap_creds *) params;
+    struct berval cred;
+    if (cp->pw) {
+        cred.bv_val=cp->pw;
+        cred.bv_len=strlen(cp->pw);
+    }
     whop = whop;
     credp = credp;
     methodp = methodp;
     freeit = freeit;
-    return ldap_bind_s(ld, cp->dn, cp->pw, LDAP_AUTH_SIMPLE);
+    return ldap_sasl_bind_s(ld, cp->dn, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
 }
 #else
 #error "No rebind functione defined"
@@ -202,12 +217,7 @@ ldap_simple_rebind(
 static LDAP_REBIND_PROC ldap_sasl_rebind;
 
 static int
-ldap_sasl_rebind(
-    LDAP * ld,
-    LDAP_CONST char *url,
-    ber_tag_t request,
-    ber_int_t msgid,
-    void *params)
+ldap_sasl_rebind(LDAP *ld, LDAP_CONST char *, ber_tag_t request, ber_int_t msgid, void *params)
 {
     struct ldap_creds *cp = (struct ldap_creds *) params;
     return tool_sasl_bind(ld, cp->dn, cp->pw);
@@ -217,16 +227,16 @@ ldap_sasl_rebind(
 static LDAP_REBIND_PROC ldap_simple_rebind;
 
 static int
-ldap_simple_rebind(
-    LDAP * ld,
-    LDAP_CONST char *url,
-    ber_tag_t request,
-    ber_int_t msgid,
-    void *params)
+ldap_simple_rebind(LDAP *ld, LDAP_CONST char *, ber_tag_t request, ber_int_t msgid, void *params)
 {
 
     struct ldap_creds *cp = (struct ldap_creds *) params;
-    return ldap_bind_s(ld, cp->dn, cp->pw, LDAP_AUTH_SIMPLE);
+    struct berval cred;
+    if (cp->pw) {
+        cred.bv_val=cp->pw;
+        cred.bv_len=strlen(cp->pw);
+    }
+    return ldap_sasl_bind_s(ld, cp->dn, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
 }
 
 #endif
@@ -755,7 +765,7 @@ tool_ldap_open(struct main_args * margs, char *host, int port, char *ssl)
     xfree(ldapuri);
     if (rc != LDAP_SUCCESS) {
         error((char *) "%s| %s: ERROR: Error while initialising connection to ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-        ldap_unbind(ld);
+        ldap_unbind_ext(ld,NULL,NULL);
         ld = NULL;
         return NULL;
     }
@@ -765,7 +775,7 @@ tool_ldap_open(struct main_args * margs, char *host, int port, char *ssl)
     rc = ldap_set_defaults(ld);
     if (rc != LDAP_SUCCESS) {
         error((char *) "%s| %s: ERROR: Error while setting default options for ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-        ldap_unbind(ld);
+        ldap_unbind_ext(ld, NULL, NULL);
         ld = NULL;
         return NULL;
     }
@@ -777,7 +787,7 @@ tool_ldap_open(struct main_args * margs, char *host, int port, char *ssl)
         rc = ldap_set_ssl_defaults(margs);
         if (rc != LDAP_SUCCESS) {
             error((char *) "%s| %s: ERROR: Error while setting SSL default options for ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-            ldap_unbind(ld);
+            ldap_unbind_ext(ld, NULL, NULL);
             ld = NULL;
             return NULL;
         }
@@ -788,7 +798,7 @@ tool_ldap_open(struct main_args * margs, char *host, int port, char *ssl)
         rc = ldap_start_tls_s(ld, NULL, NULL);
         if (rc != LDAP_SUCCESS) {
             error((char *) "%s| %s: ERROR: Error while setting start_tls for ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-            ldap_unbind(ld);
+            ldap_unbind_ext(ld, NULL, NULL);
             ld = NULL;
             url = (LDAPURLDesc *) xmalloc(sizeof(*url));
             memset(url, 0, sizeof(*url));
@@ -820,14 +830,14 @@ tool_ldap_open(struct main_args * margs, char *host, int port, char *ssl)
             xfree(ldapuri);
             if (rc != LDAP_SUCCESS) {
                 error((char *) "%s| %s: ERROR: Error while initialising connection to ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-                ldap_unbind(ld);
+                ldap_unbind_ext(ld, NULL, NULL);
                 ld = NULL;
                 return NULL;
             }
             rc = ldap_set_defaults(ld);
             if (rc != LDAP_SUCCESS) {
                 error((char *) "%s| %s: ERROR: Error while setting default options for ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-                ldap_unbind(ld);
+                ldap_unbind_ext(ld, NULL, NULL);
                 ld = NULL;
                 return NULL;
             }
@@ -836,14 +846,14 @@ tool_ldap_open(struct main_args * margs, char *host, int port, char *ssl)
         ld = ldapssl_init(host, port, 1);
         if (!ld) {
             error((char *) "%s| %s: ERROR: Error while setting SSL for ldap server: %s\n", LogTime(), PROGRAM, ldapssl_err2string(rc));
-            ldap_unbind(ld);
+            ldap_unbind_ext(ld, NULL, NULL);
             ld = NULL;
             return NULL;
         }
         rc = ldap_set_defaults(ld);
         if (rc != LDAP_SUCCESS) {
             error((char *) "%s| %s: ERROR: Error while setting default options for ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-            ldap_unbind(ld);
+            ldap_unbind_ext(ld, NULL, NULL);
             ld = NULL;
             return NULL;
         }
@@ -945,7 +955,7 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group)
             rc = tool_sasl_bind(ld, bindp, margs->ssl);
             if (rc != LDAP_SUCCESS) {
                 error((char *) "%s| %s: ERROR: Error while binding to ldap server with SASL/GSSAPI: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-                ldap_unbind(ld);
+                ldap_unbind_ext(ld, NULL, NULL);
                 ld = NULL;
                 continue;
             }
@@ -958,7 +968,7 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group)
                 break;
             }
 #else
-            ldap_unbind(ld);
+            ldap_unbind_ext(ld, NULL, NULL);
             ld = NULL;
             error((char *) "%s| %s: ERROR: SASL not supported on system\n", LogTime(), PROGRAM);
             continue;
@@ -998,7 +1008,11 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group)
         nhosts = get_hostname_list(&hlist, 0, host);
         xfree(host);
         for (size_t i = 0; i < nhosts; ++i) {
-
+            struct berval cred;
+            if (margs->lpass) {
+                cred.bv_val=margs->lpass;
+                cred.bv_len=strlen(margs->lpass);
+            }
             ld = tool_ldap_open(margs, hlist[i].host, port, ssl);
             if (!ld)
                 continue;
@@ -1007,10 +1021,10 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group)
              */
 
             debug((char *) "%s| %s: DEBUG: Bind to ldap server with Username/Password\n", LogTime(), PROGRAM);
-            rc = ldap_simple_bind_s(ld, margs->luser, margs->lpass);
+            rc = ldap_sasl_bind_s(ld, margs->luser, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
             if (rc != LDAP_SUCCESS) {
                 error((char *) "%s| %s: ERROR: Error while binding to ldap server with Username/Password: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-                ldap_unbind(ld);
+                ldap_unbind_ext(ld, NULL, NULL);
                 ld = NULL;
                 continue;
             }
@@ -1045,7 +1059,7 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group)
     rc = check_AD(margs, ld);
     if (rc != LDAP_SUCCESS) {
         error((char *) "%s| %s: ERROR: Error determining ldap server type: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-        ldap_unbind(ld);
+        ldap_unbind_ext(ld, NULL, NULL);
         ld = NULL;
         retval = 0;
         goto cleanup;
@@ -1071,7 +1085,7 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group)
 
     if (rc != LDAP_SUCCESS) {
         error((char *) "%s| %s: ERROR: Error searching ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
-        ldap_unbind(ld);
+        ldap_unbind_ext(ld, NULL, NULL);
         ld = NULL;
         retval = 0;
         goto cleanup;
@@ -1156,7 +1170,7 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group)
         ldap_msgfree(res);
     } else if (ldap_count_entries(ld, res) == 0 && margs->AD) {
         ldap_msgfree(res);
-        ldap_unbind(ld);
+        ldap_unbind_ext(ld, NULL, NULL);
         ld = NULL;
         retval = 0;
         goto cleanup;
@@ -1368,7 +1382,7 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group)
             safe_free(attr_value);
         }
     }
-    rc = ldap_unbind(ld);
+    rc = ldap_unbind_ext(ld, NULL, NULL);
     ld = NULL;
     if (rc != LDAP_SUCCESS) {
         error((char *) "%s| %s: ERROR: Error unbind ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));

diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos.h b/helpers/negotiate_auth/kerberos/negotiate_kerberos.h
index b34a2db73193e25fd114d74b0cb7c9926d40bd07..f45400ffb3bdbfec95a928ca4821f70ed95313a5 100644 (file)
--- a/helpers/negotiate_auth/kerberos/negotiate_kerberos.h
+++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos.h
@@ -47,6 +47,11 @@
 #include "base64.h"
 #include "util.h"
 
+#if USE_APPLE_KRB5
+#define KERBEROS_APPLE_DEPRECATED(x)
+#define GSSKRB_APPLE_DEPRECATED(x)
+#endif
+
 #if HAVE_KRB5_H
 #if HAVE_BROKEN_SOLARIS_KRB5_H
 #warn "Warning! You have a broken Solaris <krb5.h> system header"
@@ -144,7 +149,6 @@ typedef struct {
     uint32_t pointer;
 } RPC_UNICODE_STRING;
 
-int check_k5_err(krb5_context context, const char *msg, krb5_error_code code);
 void align(int n);
 void getustr(RPC_UNICODE_STRING *string);
 char **getgids(char **Rids, uint32_t GroupIds, uint32_t GroupCount);
@@ -161,4 +165,5 @@ char *get_ad_groups(char *ad_groups, krb5_context context, krb5_pac pac);
 #else
 #define HAVE_PAC_SUPPORT 0
 #endif
+int check_k5_err(krb5_context context, const char *msg, krb5_error_code code);
 

diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
index 1c720809c19994d4e659c715004ccbda28cb78e5..1b5ad6421b4649bc348c14180149bb14d3902446 100644 (file)
--- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
+++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
@@ -65,7 +65,6 @@ krb5_error_code krb5_read_keytab(krb5_context context,
                                  krb5_kt_list *kt_list);
 #endif /* HAVE_KRB5_MEMORY_KEYTAB */
 
-#if HAVE_PAC_SUPPORT || HAVE_KRB5_MEMORY_KEYTAB
 int
 check_k5_err(krb5_context context, const char *function, krb5_error_code code)
 {
@@ -85,7 +84,6 @@ check_k5_err(krb5_context context, const char *function, krb5_error_code code)
     }
     return code;
 }
-#endif
 
 char *
 gethost_name(void)

diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc
index dfe42875969d9feb5f09e7d028f1877bbfa3d0f0..ec8b5003ed87e1b0bfa6d3c65618170c939dd14c 100644 (file)
--- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc
+++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc
@@ -33,6 +33,9 @@
 #include "squid.h"
 
 #if HAVE_GSSAPI
+#if USE_APPLE_KRB5
+#define GSSKRB_APPLE_DEPRECATED(x)
+#endif
 
 #include <cerrno>
 #include <cstring>

diff --git a/src/peer_proxy_negotiate_auth.cc b/src/peer_proxy_negotiate_auth.cc
index 0a02813fd01bdfd7220abcf5a159a31b63492bb2..a2c4e5e623253b9d5409278d568765a739f85b0b 100644 (file)
--- a/src/peer_proxy_negotiate_auth.cc
+++ b/src/peer_proxy_negotiate_auth.cc
@@ -13,6 +13,10 @@
 #include "squid.h"
 
 #if HAVE_KRB5 && HAVE_GSSAPI
+#if USE_APPLE_KRB5
+#define KERBEROS_APPLE_DEPRECATED(x)
+#define GSSKRB_APPLE_DEPRECATED(x)
+#endif
 
 #include "base64.h"
 #include "Debug.h"

diff --git a/tools/squidclient/gssapi_support.h b/tools/squidclient/gssapi_support.h
index 7b1529c1c2b567c9a716617db29d6175b5252d7d..70fd121d2704e205a457e804b2bb9cf1ef70d347 100644 (file)
--- a/tools/squidclient/gssapi_support.h
+++ b/tools/squidclient/gssapi_support.h
@@ -10,6 +10,9 @@
 #define _SQUID_TOOLS_SQUIDCLIENT_GSSAPI_H
 
 #if HAVE_GSSAPI
+#if USE_APPLE_KRB5
+#define GSSKRB_APPLE_DEPRECATED(x)
+#endif
 
 #if USE_HEIMDAL_KRB5
 #if HAVE_GSSAPI_GSSAPI_H