From: Amos Jeffries Date: Mon, 15 Jun 2009 06:40:55 +0000 (+1200) Subject: Author: Markus Moeller X-Git-Tag: SQUID_3_0_STABLE16~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c841354d114338f2becd19a58cff0f7e48aa374;p=thirdparty%2Fsquid.git Author: Markus Moeller Better Kerberos support detection --- diff --git a/configure.in b/configure.in index 2f7f7cb3c3..ebce5427e6 100644 --- a/configure.in +++ b/configure.in @@ -1575,6 +1575,81 @@ if test -n "$DIGEST_AUTH_HELPERS"; then fi AC_SUBST(DIGEST_AUTH_HELPERS) +if `echo "$NEGOTIATE_AUTH_HELPERS" | $EGREP "squid_kerb_auth|all" >/dev/null`; then + AC_CHECK_PROG(ac_krb5_config,krb5-config,yes,no) + if test "x$ac_krb5_config" = "xyes" ; then + ac_heimdal=`krb5-config --version 2>/dev/null | grep -i heimdal` + ac_solaris=`krb5-config --version 2>/dev/null | grep -i solaris` + if test "x$ac_heimdal" != "x" ; then + AC_DEFINE(HAVE_HEIMDAL_KERBEROS,1,[Define to 1 if you have Heimdal Kerberos]) + else + AC_DEFINE(HAVE_MIT_KERBEROS,1,[Define to 1 if you have MIT Kerberos]) + fi + if test "x$ac_solaris" != "x" ; then + KRB5INCS="-I/usr/include/gssapi" + KRB5LIBS="-L/usr/lib -R/usr/lib -lgss -lresolv -lsocket -lnsl" + else + KRB5INCS=`krb5-config --cflags gssapi 2>/dev/null` + KRB5LIBS=`krb5-config --libs gssapi 2>/dev/null` + fi + AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h gssapi/gssapi_krb5.h gssapi/gssapi_generic.h) + fi + old_CPPFLAGS=$CPPFLAGS + CPPFLAGS="$CPPFLAGS $KRB5INCS" + old_LIBS=$LIBS + LIBS="$LIBS $KRB5LIBS" + AC_CACHE_CHECK([for SPNEGO support],ac_cv_have_spnego,[ + AC_TRY_RUN([ +#ifdef HAVE_HEIMDAL_KERBEROS +#ifdef HAVE_GSSAPI_GSSAPI_H +#include +#elif defined(HAVE_GSSAPI_H) +#include +#endif +#else +#ifdef HAVE_GSSAPI_GSSAPI_H +#include +#elif defined(HAVE_GSSAPI_H) +#include +#endif +#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H +#include +#endif +#ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H +#include +#endif +#endif +#include +int main(int argc, char *argv[]) { + OM_uint32 major_status,minor_status; + gss_OID_set gss_mech_set; + int i; + +static gss_OID_desc _gss_mech_spnego = {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; +gss_OID gss_mech_spnego = &_gss_mech_spnego; + + major_status = gss_indicate_mechs( &minor_status, &gss_mech_set); + + for (i=0;icount;i++) { + if (!memcmp(gss_mech_set->elements[i].elements,gss_mech_spnego->elements,gss_mech_set->elements[i].length)) { + return 0; + } + } + + return 1; +}], + ac_cv_have_spnego=yes, + ac_cv_have_spnego=no)]) + LIBS=$old_LIBS + CPPFLAGS=$old_CPPFLAGS + if test x"$ac_cv_have_spnego" = x"yes"; then + AC_DEFINE(HAVE_SPNEGO,1, [Define to 1 if you have SPNEGO support]) + fi + AC_SUBST(KRB5INCS) + AC_SUBST(KRB5LIBS) +fi +AM_CONDITIONAL(HAVE_SPNEGO, test x"$ac_cv_have_spnego" = x"yes" ) + dnl Enable "NTLM fail open" AC_ARG_ENABLE(ntlm-fail-open, [ --enable-ntlm-fail-open Enable NTLM fail open, where a helper that fails one of the diff --git a/helpers/negotiate_auth/squid_kerb_auth/Makefile.am b/helpers/negotiate_auth/squid_kerb_auth/Makefile.am index 44908bc521..90a5922e5c 100644 --- a/helpers/negotiate_auth/squid_kerb_auth/Makefile.am +++ b/helpers/negotiate_auth/squid_kerb_auth/Makefile.am @@ -10,18 +10,18 @@ SPNEGO = spnegohelp/derparse.c spnegohelp/derparse.h spnegohelp/Makefile spnegoh SOURCE = squid_kerb_auth.c base64.c base64.h EXTRA_DIST = readme.txt do.sh +if HAVE_SPNEGO +squid_kerb_auth_SOURCES = $(SOURCE) +else squid_kerb_auth_SOURCES = $(SOURCE) $(SPNEGO) +endif -CPPFLAGS = $(KERBINC) -I$(srcdir)/spnegohelp -I. +AM_CPPFLAGS = $(KERBINCS) -I$(srcdir)/spnegohelp -I. #-I$(top_srcdir)/include -I$(top_srcdir)/src LDADD = $(KERBLIBS) #-L$(top_builddir)/lib -lmiscutil $(XTRA_LIBS) -# HEIMDAL -#KERBINC = -DHEIMDAL -I/usr/include/heimdal -#KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken - # MIT -KERBINC = -KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err +KERBINCS = @KRB5INCS@ +KERBLIBS = @KRB5LIBS@ diff --git a/helpers/negotiate_auth/squid_kerb_auth/spnegohelp/derparse.c b/helpers/negotiate_auth/squid_kerb_auth/spnegohelp/derparse.c index 1cac0a1b1b..83b084818d 100644 --- a/helpers/negotiate_auth/squid_kerb_auth/spnegohelp/derparse.c +++ b/helpers/negotiate_auth/squid_kerb_auth/spnegohelp/derparse.c @@ -22,6 +22,7 @@ // ///////////////////////////////////////////////////////////// +#include "config.h" #include #include #include @@ -91,7 +92,7 @@ int ASNDerGetLength( unsigned char* pbLengthData, long nBoundaryLength, long* pn // Bump by 1 byte pbLengthData++; - #ifdef __LITTLE_ENDIAN__ + #if defined(__LITTLE_ENDIAN__) || !defined(WORDS_BIGENDIAN) // There may be a cleaner way to do this, but for now, this seems to be // an easy way to do the transformation @@ -503,7 +504,7 @@ int ASNDerWriteLength( unsigned char* pbData, long nLength ) // Point to where we'll actually write the length pbData++; -#ifdef __LITTLE_ENDIAN__ +#if defined(__LITTLE_ENDIAN__) || !defined(WORDS_BIGENDIAN) // There may be a cleaner way to do this, but for now, this seems to be // an easy way to do the transformation diff --git a/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c b/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c index 13adb43f1f..baff529682 100644 --- a/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c +++ b/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c @@ -24,6 +24,7 @@ /* * Hosted at http://sourceforge.net/projects/squidkerbauth */ +#include "config.h" #include #include #include @@ -50,16 +51,26 @@ #define PROGRAM "squid_kerb_auth" -#ifdef HEIMDAL +#ifdef HAVE_HEIMDAL_KERBEROS +#ifdef HAVE_GSSAPI_GSSAPI_H +#include +#elif defined(HAVE_GSSAPI_H) #include +#endif #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE #else +#ifdef HAVE_GSSAPI_GSSAPI_H #include -#ifndef SOLARIS_11 +#elif defined(HAVE_GSSAPI_H) +#include +#endif +#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H +#include +#endif +#ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H #include -#else -#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE #endif +#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE #endif #include @@ -182,7 +193,7 @@ int main(int argc, char * const argv[]) char *c; int length=0; static int err=0; - int opt, rc, debug=0, loging=0; + int opt, debug=0, loging=0; OM_uint32 ret_flags=0, spnego_flag=0; char *service_name=(char *)"HTTP",*host_name=NULL; char *token = NULL; @@ -197,7 +208,10 @@ int main(int argc, char * const argv[]) gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; const unsigned char *kerberosToken = NULL; +#ifndef HAVE_SPNEGO + int rc; size_t kerberosTokenLength = 0; +#endif const unsigned char *spnegoToken = NULL ; size_t spnegoTokenLength = 0; diff --git a/include/autoconf.h.in b/include/autoconf.h.in index 98d82b0a80..adb9779596 100644 --- a/include/autoconf.h.in +++ b/include/autoconf.h.in @@ -1,5 +1,8 @@ /* include/autoconf.h.in. Generated from configure.in by autoheader. */ +/* Define if building universal (internal helper macro) */ +#undef AC_APPLE_UNIVERSAL_BUILD + /* Defines how many threads aufs uses for I/O */ #undef AUFS_IO_THREADS @@ -115,6 +118,10 @@ /* Define to 1 if you have the header file. */ #undef HAVE_DB_H +/* Define to 1 if you have the declaration of `cygwin_conv_path', and to 0 if + you don't. */ +#undef HAVE_DECL_CYGWIN_CONV_PATH + /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_DIRENT_H @@ -194,6 +201,21 @@ /* Define to 1 if you have the header file. */ #undef HAVE_GRP_H +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_GENERIC_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_KRB5_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_H + +/* Define to 1 if you have Heimdal Kerberos */ +#undef HAVE_HEIMDAL_KERBEROS + /* Define to 1 if you have the `htobe16' function. */ #undef HAVE_HTOBE16 @@ -257,6 +279,9 @@ /* Define to 1 if you have the `dl' library (-ldl). */ #undef HAVE_LIBDL +/* Define if libdlloader will be built on this platform */ +#undef HAVE_LIBDLLOADER + /* Define to 1 if you have the `gnumalloc' library (-lgnumalloc). */ #undef HAVE_LIBGNUMALLOC @@ -336,6 +361,9 @@ /* Define to 1 if you have the `memset' function. */ #undef HAVE_MEMSET +/* Define to 1 if you have MIT Kerberos */ +#undef HAVE_MIT_KERBEROS + /* Define to 1 if you have the `mkstemp' function. */ #undef HAVE_MKSTEMP @@ -541,6 +569,9 @@ /* socklen_t is defined by the system headers */ #undef HAVE_SOCKLEN_T +/* Define to 1 if you have SPNEGO support */ +#undef HAVE_SPNEGO + /* Define to 1 if you have the `srand48' function. */ #undef HAVE_SRAND48 @@ -796,6 +827,10 @@ /* Enable real Transparent Proxy support for Netfilter TPROXY v2. */ #undef LINUX_TPROXY2 +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + /* If we need to declare sys_errlist[] as external */ #undef NEED_SYS_ERRLIST @@ -1022,12 +1057,16 @@ #undef WITH_VALGRIND /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most - significant byte first (like Motorola and SPARC, unlike Intel and VAX). */ + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD #if defined __BIG_ENDIAN__ # define WORDS_BIGENDIAN 1 -#elif ! defined __LITTLE_ENDIAN__ +# endif +#else +# ifndef WORDS_BIGENDIAN # undef WORDS_BIGENDIAN #endif +#endif /* Define to have malloc statistics */ #undef XMALLOC_STATISTICS