From 1a81a8e478ec426316c98e24a30d16df483ed8db Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Wed, 15 Oct 2025 15:06:08 +0200
Subject: [PATCH] version: add GSS backend name and version

MIT Kerberos version detection is implemented for autotools and cmake.

Examples:
```
curl 8.17.0-DEV (x86_64-pc-linux-gnu) ... mbedTLS/3.6.4 libidn2/2.3.7 nghttp2/1.59.0 libgss/1.0.4 OpenLDAP/2.6.7
curl 8.17.0-DEV (x86_64-pc-linux-gnu) ... LibreSSL/4.1.1 libidn2/2.3.7 nghttp2/1.59.0 mit-krb5/1.20.1 OpenLDAP/2.6.7
curl 8.17.0-DEV (x86_64-pc-linux-gnu) ... LibreSSL/4.1.1 libidn2/2.3.7 nghttp2/1.59.0 mit-krb5 OpenLDAP/2.6.7
curl 8.17.0-DEV (x86_64-pc-linux-gnu) ... LibreSSL/4.1.1 nghttp2/1.59.0 mit-krb5/1.20.1 OpenLDAP/2.6.7
curl 8.17.0-DEV (aarch64e-apple-darwin24.6.0) ... GnuTLS/3.8.10 libidn2/2.3.8 libssh2/1.11.1 nghttp2/1.67.1 mit-krb5/1.22.1
```

Also:
- cmake/FindGSS: strip project name ("Kerberos 5 release") from
  the version string when detected via `krb5-config`.

Closes #19073
---
 CMake/FindGSS.cmake     |  3 +++
 CMakeLists.txt          |  2 ++
 configure.ac            | 12 ++++++++++++
 lib/curl_config.h.cmake |  3 +++
 lib/version.c           | 23 +++++++++++++++++++++++
 5 files changed, 43 insertions(+)

diff --git a/CMake/FindGSS.cmake b/CMake/FindGSS.cmake
index db36cf2100..1661f208d2 100644
--- a/CMake/FindGSS.cmake
+++ b/CMake/FindGSS.cmake
@@ -128,6 +128,9 @@ if(NOT _gss_FOUND)  # Not found by pkg-config. Let us take more traditional appr
     # Older versions may not have the "--version" parameter. In this case we just do not care.
     if(_gss_configure_failed)
       set(_gss_version 0)
+    else()
+      # Strip prefix string to leave the version number only
+      string(REPLACE "Kerberos 5 release " "" _gss_version "${_gss_version}")
     endif()
 
     execute_process(COMMAND ${_gss_configure_script} "--vendor"
diff --git a/CMakeLists.txt b/CMakeLists.txt
index bb2dc54f1d..65eaaf670a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1445,6 +1445,8 @@ if(CURL_USE_GSSAPI)
 
     if(GSS_FLAVOUR STREQUAL "GNU")
       set(HAVE_GSSGNU 1)
+    elseif(GSS_VERSION)  # MIT
+      set(CURL_KRB5_VERSION "\"${GSS_VERSION}\"")
     endif()
   else()
     message(WARNING "GSSAPI has been requested, but no supporting libraries found. Skipping.")
diff --git a/configure.ac b/configure.ac
index 3b4ebf9649..999ab122a3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1909,6 +1909,18 @@ if test x"$want_gss" = xyes; then
         fi
       fi
     fi
+    gss_version=""
+    if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
+      gss_version=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --version | $SED 's/Kerberos 5 release //'`
+    elif test "$PKGCONFIG" != "no"; then
+      gss_version=`$PKGCONFIG --modversion mit-krb5-gssapi`
+    elif test -f "$KRB5CONFIG"; then
+      gss_version=`$KRB5CONFIG --version | $SED 's/Kerberos 5 release //'`
+    fi
+    if test -n "$gss_version"; then
+      AC_MSG_NOTICE([GSS-API MIT Kerberos version detected: $gss_version])
+      AC_DEFINE_UNQUOTED([CURL_KRB5_VERSION], ["$gss_version"], [MIT Kerberos version])
+    fi
   else
     LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR"
     LDFLAGSPC="$LDFLAGSPC $GSSAPI_LIB_DIR"
diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
index be6fe4176e..1fabc24c18 100644
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@@ -318,6 +318,9 @@
 /* if you have the GNU gssapi libraries */
 #cmakedefine HAVE_GSSGNU 1
 
+/* MIT Kerberos version */
+#cmakedefine CURL_KRB5_VERSION ${CURL_KRB5_VERSION}
+
 /* Define to 1 if you have the <ifaddrs.h> header file. */
 #cmakedefine HAVE_IFADDRS_H 1
 
diff --git a/lib/version.c b/lib/version.c
index 7c9ac12fb9..4c7e5712f0 100644
--- a/lib/version.c
+++ b/lib/version.c
@@ -77,6 +77,14 @@
 #include <gsasl.h>
 #endif
 
+#ifdef HAVE_GSSAPI
+# ifdef HAVE_GSSGNU
+#  include <gss.h>
+# else
+#  include <gssapi/gssapi.h>
+# endif
+#endif
+
 #ifdef USE_OPENLDAP
 #include <ldap.h>
 #endif
@@ -208,6 +216,9 @@ char *curl_version(void)
 #ifdef USE_GSASL
   char gsasl_buf[30];
 #endif
+#ifdef HAVE_GSSAPI
+  char gss_buf[40];
+#endif
 #ifdef USE_OPENLDAP
   char ldap_buf[30];
 #endif
@@ -274,6 +285,18 @@ char *curl_version(void)
                  gsasl_check_version(NULL));
   src[i++] = gsasl_buf;
 #endif
+#ifdef HAVE_GSSAPI
+#ifdef HAVE_GSSGNU
+  curl_msnprintf(gss_buf, sizeof(gss_buf), "libgss/%s",
+                 GSS_VERSION);
+#elif defined(CURL_KRB5_VERSION)
+  curl_msnprintf(gss_buf, sizeof(gss_buf), "mit-krb5/%s",
+                 CURL_KRB5_VERSION);
+#else
+  curl_msnprintf(gss_buf, sizeof(gss_buf), "mit-krb5");
+#endif
+  src[i++] = gss_buf;
+#endif /* HAVE_GSSAPI */
 #ifdef USE_OPENLDAP
   oldap_version(ldap_buf, sizeof(ldap_buf));
   src[i++] = ldap_buf;
-- 
2.47.3