fi
AC_SUBST(DIGEST_AUTH_HELPERS)
+if `echo "$NEGOTIATE_AUTH_HELPERS" | $EGREP "squid_kerb_auth|all" >/dev/null`; then
+ AC_CHECK_PROG(ac_krb5_config,krb5-config,yes,no)
+ if test "x$ac_krb5_config" = "xyes" ; then
+ ac_heimdal=`krb5-config --version 2>/dev/null | grep -i heimdal`
+ ac_solaris=`krb5-config --version 2>/dev/null | grep -i solaris`
+ if test "x$ac_heimdal" != "x" ; then
+ AC_DEFINE(HAVE_HEIMDAL_KERBEROS,1,[Define to 1 if you have Heimdal Kerberos])
+ else
+ AC_DEFINE(HAVE_MIT_KERBEROS,1,[Define to 1 if you have MIT Kerberos])
+ fi
+ if test "x$ac_solaris" != "x" ; then
+ KRB5INCS="-I/usr/include/gssapi"
+ KRB5LIBS="-L/usr/lib -R/usr/lib -lgss -lresolv -lsocket -lnsl"
+ else
+ KRB5INCS=`krb5-config --cflags gssapi 2>/dev/null`
+ KRB5LIBS=`krb5-config --libs gssapi 2>/dev/null`
+ fi
+ AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h gssapi/gssapi_krb5.h gssapi/gssapi_generic.h)
+ fi
+ old_CPPFLAGS=$CPPFLAGS
+ CPPFLAGS="$CPPFLAGS $KRB5INCS"
+ old_LIBS=$LIBS
+ LIBS="$LIBS $KRB5LIBS"
+ AC_CACHE_CHECK([for SPNEGO support],ac_cv_have_spnego,[
+ AC_TRY_RUN([
+#ifdef HAVE_HEIMDAL_KERBEROS
+#ifdef HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#elif defined(HAVE_GSSAPI_H)
+#include <gssapi.h>
+#endif
+#else
+#ifdef HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#elif defined(HAVE_GSSAPI_H)
+#include <gssapi.h>
+#endif
+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
+#include <gssapi/gssapi_krb5.h>
+#endif
+#ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H
+#include <gssapi/gssapi_generic.h>
+#endif
+#endif
+#include <string.h>
+int main(int argc, char *argv[]) {
+ OM_uint32 major_status,minor_status;
+ gss_OID_set gss_mech_set;
+ int i;
+
+static gss_OID_desc _gss_mech_spnego = {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
+gss_OID gss_mech_spnego = &_gss_mech_spnego;
+
+ major_status = gss_indicate_mechs( &minor_status, &gss_mech_set);
+
+ for (i=0;i<gss_mech_set->count;i++) {
+ if (!memcmp(gss_mech_set->elements[i].elements,gss_mech_spnego->elements,gss_mech_set->elements[i].length)) {
+ return 0;
+ }
+ }
+
+ return 1;
+}],
+ ac_cv_have_spnego=yes,
+ ac_cv_have_spnego=no)])
+ LIBS=$old_LIBS
+ CPPFLAGS=$old_CPPFLAGS
+ if test x"$ac_cv_have_spnego" = x"yes"; then
+ AC_DEFINE(HAVE_SPNEGO,1, [Define to 1 if you have SPNEGO support])
+ fi
+ AC_SUBST(KRB5INCS)
+ AC_SUBST(KRB5LIBS)
+fi
+AM_CONDITIONAL(HAVE_SPNEGO, test x"$ac_cv_have_spnego" = x"yes" )
+
dnl Enable "NTLM fail open"
AC_ARG_ENABLE(ntlm-fail-open,
[ --enable-ntlm-fail-open Enable NTLM fail open, where a helper that fails one of the
SOURCE = squid_kerb_auth.c base64.c base64.h
EXTRA_DIST = readme.txt do.sh
+if HAVE_SPNEGO
+squid_kerb_auth_SOURCES = $(SOURCE)
+else
squid_kerb_auth_SOURCES = $(SOURCE) $(SPNEGO)
+endif
-CPPFLAGS = $(KERBINC) -I$(srcdir)/spnegohelp -I.
+AM_CPPFLAGS = $(KERBINCS) -I$(srcdir)/spnegohelp -I.
#-I$(top_srcdir)/include -I$(top_srcdir)/src
LDADD = $(KERBLIBS)
#-L$(top_builddir)/lib -lmiscutil $(XTRA_LIBS)
-# HEIMDAL
-#KERBINC = -DHEIMDAL -I/usr/include/heimdal
-#KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken
-
# MIT
-KERBINC =
-KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err
+KERBINCS = @KRB5INCS@
+KERBLIBS = @KRB5LIBS@
//
/////////////////////////////////////////////////////////////
+#include "config.h"
#include <stdlib.h>
#include <stdio.h>
#include <memory.h>
// Bump by 1 byte
pbLengthData++;
- #ifdef __LITTLE_ENDIAN__
+ #if defined(__LITTLE_ENDIAN__) || !defined(WORDS_BIGENDIAN)
// There may be a cleaner way to do this, but for now, this seems to be
// an easy way to do the transformation
// Point to where we'll actually write the length
pbData++;
-#ifdef __LITTLE_ENDIAN__
+#if defined(__LITTLE_ENDIAN__) || !defined(WORDS_BIGENDIAN)
// There may be a cleaner way to do this, but for now, this seems to be
// an easy way to do the transformation
/*
* Hosted at http://sourceforge.net/projects/squidkerbauth
*/
+#include "config.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#define PROGRAM "squid_kerb_auth"
-#ifdef HEIMDAL
+#ifdef HAVE_HEIMDAL_KERBEROS
+#ifdef HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#elif defined(HAVE_GSSAPI_H)
#include <gssapi.h>
+#endif
#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
#else
+#ifdef HAVE_GSSAPI_GSSAPI_H
#include <gssapi/gssapi.h>
-#ifndef SOLARIS_11
+#elif defined(HAVE_GSSAPI_H)
+#include <gssapi.h>
+#endif
+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
+#include <gssapi/gssapi_krb5.h>
+#endif
+#ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H
#include <gssapi/gssapi_generic.h>
-#else
-#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
#endif
+#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
#endif
#include <krb5.h>
char *c;
int length=0;
static int err=0;
- int opt, rc, debug=0, loging=0;
+ int opt, debug=0, loging=0;
OM_uint32 ret_flags=0, spnego_flag=0;
char *service_name=(char *)"HTTP",*host_name=NULL;
char *token = NULL;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
const unsigned char *kerberosToken = NULL;
+#ifndef HAVE_SPNEGO
+ int rc;
size_t kerberosTokenLength = 0;
+#endif
const unsigned char *spnegoToken = NULL ;
size_t spnegoTokenLength = 0;
/* include/autoconf.h.in. Generated from configure.in by autoheader. */
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
/* Defines how many threads aufs uses for I/O */
#undef AUFS_IO_THREADS
/* Define to 1 if you have the <db.h> header file. */
#undef HAVE_DB_H
+/* Define to 1 if you have the declaration of `cygwin_conv_path', and to 0 if
+ you don't. */
+#undef HAVE_DECL_CYGWIN_CONV_PATH
+
/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
*/
#undef HAVE_DIRENT_H
/* Define to 1 if you have the <grp.h> header file. */
#undef HAVE_GRP_H
+/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_GENERIC_H
+
+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_H
+
+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_KRB5_H
+
+/* Define to 1 if you have the <gssapi.h> header file. */
+#undef HAVE_GSSAPI_H
+
+/* Define to 1 if you have Heimdal Kerberos */
+#undef HAVE_HEIMDAL_KERBEROS
+
/* Define to 1 if you have the `htobe16' function. */
#undef HAVE_HTOBE16
/* Define to 1 if you have the `dl' library (-ldl). */
#undef HAVE_LIBDL
+/* Define if libdlloader will be built on this platform */
+#undef HAVE_LIBDLLOADER
+
/* Define to 1 if you have the `gnumalloc' library (-lgnumalloc). */
#undef HAVE_LIBGNUMALLOC
/* Define to 1 if you have the `memset' function. */
#undef HAVE_MEMSET
+/* Define to 1 if you have MIT Kerberos */
+#undef HAVE_MIT_KERBEROS
+
/* Define to 1 if you have the `mkstemp' function. */
#undef HAVE_MKSTEMP
/* socklen_t is defined by the system headers */
#undef HAVE_SOCKLEN_T
+/* Define to 1 if you have SPNEGO support */
+#undef HAVE_SPNEGO
+
/* Define to 1 if you have the `srand48' function. */
#undef HAVE_SRAND48
/* Enable real Transparent Proxy support for Netfilter TPROXY v2. */
#undef LINUX_TPROXY2
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#undef LT_OBJDIR
+
/* If we need to declare sys_errlist[] as external */
#undef NEED_SYS_ERRLIST
#undef WITH_VALGRIND
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
- significant byte first (like Motorola and SPARC, unlike Intel and VAX). */
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
#if defined __BIG_ENDIAN__
# define WORDS_BIGENDIAN 1
-#elif ! defined __LITTLE_ENDIAN__
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
# undef WORDS_BIGENDIAN
#endif
+#endif
/* Define to have malloc statistics */
#undef XMALLOC_STATISTICS
projects / thirdparty / squid.git / commitdiff
