config: drop support for Heimdal

The kerberos5 library Heimdal is one of three GSS libraries curl
support. It has a memory leak triggered by the new test in #18917 and
the project seems mostly abandoned.

Drop support and steer users to the MIT krb5 or GNU GSS libraries.

diff --git a/CMake/FindGSS.cmake b/CMake/FindGSS.cmake
index 78a9194cd604f3600212f53948bb2c2d510536ba..456ec0a1f090a34e01dc6c998655abdbe495a5e1 100644 (file)
--- a/CMake/FindGSS.cmake
+++ b/CMake/FindGSS.cmake
@@ -29,8 +29,8 @@
 #
 # Result variables:
 #
-# - `GSS_FOUND`:         System has the Heimdal library.
-# - `GSS_FLAVOUR`:       "GNU", "MIT" or "Heimdal" if anything found.
+# - `GSS_FOUND`:         System has a GSS library.
+# - `GSS_FLAVOUR`:       "GNU" or "MIT" if anything found.
 # - `GSS_INCLUDE_DIRS`:  The GSS include directories.
 # - `GSS_LIBRARIES`:     The GSS library names.
 # - `GSS_LIBRARY_DIRS`:  The GSS library directories.
@@ -41,7 +41,6 @@
 
 set(_gnu_modname "gss")
 set(_mit_modname "mit-krb5-gssapi")
-set(_heimdal_modname "heimdal-gssapi")
 
 include(CheckIncludeFile)
 include(CheckIncludeFiles)
@@ -59,7 +58,7 @@ set(_gss_LIBRARY_DIRS "")
 if(NOT GSS_ROOT_DIR AND NOT "$ENV{GSS_ROOT_DIR}")
   if(CURL_USE_PKGCONFIG)
     find_package(PkgConfig QUIET)
-    pkg_search_module(_gss ${_gnu_modname} ${_mit_modname} ${_heimdal_modname})
+    pkg_search_module(_gss ${_gnu_modname} ${_mit_modname})
     list(APPEND _gss_root_hints "${_gss_PREFIX}")
     set(_gss_version "${_gss_VERSION}")
   endif()
@@ -161,14 +160,7 @@ if(NOT _gss_FOUND)  # Not found by pkg-config. Let us take more traditional appr
     )
 
     # Older versions may not have the "--vendor" parameter. In this case we just do not care.
-    if(_gss_configure_failed)
-      set(GSS_FLAVOUR "Heimdal")  # most probably, should not really matter
-    else()
-      if(_gss_vendor MATCHES "H|heimdal")
-        set(GSS_FLAVOUR "Heimdal")
-      else()
-        set(GSS_FLAVOUR "MIT")
-      endif()
+    set(GSS_FLAVOUR "MIT")  # most probably, should not really matter
     endif()
 
   else()  # Either there is no config script or we are on a platform that does not provide one (Windows?)
@@ -195,7 +187,7 @@ if(NOT _gss_FOUND)  # Not found by pkg-config. Let us take more traditional appr
 
         check_include_file("heimdal/roken.h" _gss_have_heimdal_roken_h)
         if(_gss_have_roken_h OR _gss_have_heimdal_roken_h)
-          set(GSS_FLAVOUR "Heimdal")
+          message(FATAL_ERROR "Heimdal is not supported")
         endif()
       endif()
       cmake_pop_check_state()
@@ -210,7 +202,7 @@ if(NOT _gss_FOUND)  # Not found by pkg-config. Let us take more traditional appr
       )
 
       if(_gss_INCLUDE_DIRS)
-        set(GSS_FLAVOUR "Heimdal")
+        message(FATAL_ERROR "Heimdal is not supported")
       else()
         find_path(_gss_INCLUDE_DIRS NAMES "gss.h"
           HINTS
@@ -290,12 +282,6 @@ else()
     if(NOT _gss_version)  # for old CMake versions?
       set(_gss_version ${_gss_${_mit_modname}_VERSION})
     endif()
-  else()
-    set(GSS_FLAVOUR "Heimdal")
-    set(GSS_PC_REQUIRES "heimdal-gssapi")
-    if(NOT _gss_version)  # for old CMake versions?
-      set(_gss_version ${_gss_${_heimdal_modname}_VERSION})
-    endif()
   endif()
   message(STATUS "Found GSS/${GSS_FLAVOUR} (via pkg-config): ${_gss_INCLUDE_DIRS} (found version \"${_gss_version}\")")
 endif()
@@ -309,24 +295,7 @@ set(GSS_CFLAGS ${_gss_CFLAGS})
 set(GSS_VERSION ${_gss_version})
 
 if(GSS_FLAVOUR)
-  if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "Heimdal")
-    if(CMAKE_SIZEOF_VOID_P EQUAL 8)
-      set(_heimdal_manifest_file "Heimdal.Application.amd64.manifest")
-    else()
-      set(_heimdal_manifest_file "Heimdal.Application.x86.manifest")
-    endif()
-
-    if(EXISTS "${GSS_INCLUDE_DIRS}/${_heimdal_manifest_file}")
-      file(STRINGS "${GSS_INCLUDE_DIRS}/${_heimdal_manifest_file}" _heimdal_version_str
-        REGEX "^.*version=\"[0-9]\\.[^\"]+\".*$")
-
-      string(REGEX MATCH "[0-9]\\.[^\"]+" GSS_VERSION "${_heimdal_version_str}")
-    endif()
-
-    if(NOT GSS_VERSION)
-      set(GSS_VERSION "Heimdal Unknown")
-    endif()
-  elseif(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT")
+  if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT")
     if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.24)
       cmake_host_system_information(RESULT _mit_version QUERY WINDOWS_REGISTRY
         "HKLM/SOFTWARE/MIT/Kerberos/SDK/CurrentVersion" VALUE "VersionString")

diff --git a/configure.ac b/configure.ac
index c90606f5078095e4f8e0059918a0b2a578093cb3..94039b62596a4172914669af86535512b0a019e1 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1840,7 +1840,7 @@ if test x"$want_gss" = xyes; then
       gnu_gss=yes
     ],
     [
-      dnl not found, check Heimdal or MIT
+      dnl not found, check for MIT
       AC_CHECK_HEADERS([gssapi/gssapi.h], [], [not_mit=1])
       AC_CHECK_HEADERS(
         [gssapi/gssapi_generic.h gssapi/gssapi_krb5.h],
@@ -1853,15 +1853,8 @@ if test x"$want_gss" = xyes; then
           #endif
         ])
       if test "x$not_mit" = "x1"; then
-        dnl MIT not found, check for Heimdal
-        AC_CHECK_HEADER(gssapi.h,
-          [],
-          [
-            dnl no header found, disabling GSS
-            want_gss=no
-            AC_MSG_WARN(disabling GSS-API support since no header files were found)
-          ]
-        )
+        dnl MIT not found
+        AC_MSG_ERROR([incompatible GSS library found (heimdal?)])
       else
         dnl MIT found
         dnl check if we have a really old MIT Kerberos version (<= 1.2)
@@ -1894,7 +1887,7 @@ fi
 if test x"$want_gss" = xyes; then
   AC_DEFINE(HAVE_GSSAPI, 1, [if you have GSS-API libraries])
   HAVE_GSSAPI=1
-  curl_gss_msg="enabled (MIT Kerberos/Heimdal)"
+  curl_gss_msg="enabled (MIT Kerberos)"
   link_pkgconfig=''
 
   if test -n "$gnu_gss"; then
@@ -1961,8 +1954,6 @@ if test x"$want_gss" = xyes; then
   if test -n "$link_pkgconfig"; then
     if test -n "$gnu_gss"; then
       LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE gss"
-    elif test "x$not_mit" = "x1"; then
-      LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE heimdal-gssapi"
     else
       LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE mit-krb5-gssapi"
     fi