From 9c0db27e38f3402dcaa218d3f33add75cb62a847 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 8 Oct 2025 11:36:56 +0200 Subject: [PATCH] config: drop support for Heimdal The kerberos5 library Heimdal is one of three GSS libraries curl support. It has a memory leak triggered by the new test in #18917 and the project seems mostly abandoned. Drop support and steer users to the MIT krb5 or GNU GSS libraries. --- CMake/FindGSS.cmake | 45 +++++++-------------------------------------- configure.ac | 17 ++++------------- 2 files changed, 11 insertions(+), 51 deletions(-) diff --git a/CMake/FindGSS.cmake b/CMake/FindGSS.cmake index 78a9194cd6..456ec0a1f0 100644 --- a/CMake/FindGSS.cmake +++ b/CMake/FindGSS.cmake @@ -29,8 +29,8 @@ # # Result variables: # -# - `GSS_FOUND`: System has the Heimdal library. -# - `GSS_FLAVOUR`: "GNU", "MIT" or "Heimdal" if anything found. +# - `GSS_FOUND`: System has a GSS library. +# - `GSS_FLAVOUR`: "GNU" or "MIT" if anything found. # - `GSS_INCLUDE_DIRS`: The GSS include directories. # - `GSS_LIBRARIES`: The GSS library names. # - `GSS_LIBRARY_DIRS`: The GSS library directories. @@ -41,7 +41,6 @@ set(_gnu_modname "gss") set(_mit_modname "mit-krb5-gssapi") -set(_heimdal_modname "heimdal-gssapi") include(CheckIncludeFile) include(CheckIncludeFiles) @@ -59,7 +58,7 @@ set(_gss_LIBRARY_DIRS "") if(NOT GSS_ROOT_DIR AND NOT "$ENV{GSS_ROOT_DIR}") if(CURL_USE_PKGCONFIG) find_package(PkgConfig QUIET) - pkg_search_module(_gss ${_gnu_modname} ${_mit_modname} ${_heimdal_modname}) + pkg_search_module(_gss ${_gnu_modname} ${_mit_modname}) list(APPEND _gss_root_hints "${_gss_PREFIX}") set(_gss_version "${_gss_VERSION}") endif() @@ -161,14 +160,7 @@ if(NOT _gss_FOUND) # Not found by pkg-config. Let us take more traditional appr ) # Older versions may not have the "--vendor" parameter. In this case we just do not care. - if(_gss_configure_failed) - set(GSS_FLAVOUR "Heimdal") # most probably, should not really matter - else() - if(_gss_vendor MATCHES "H|heimdal") - set(GSS_FLAVOUR "Heimdal") - else() - set(GSS_FLAVOUR "MIT") - endif() + set(GSS_FLAVOUR "MIT") # most probably, should not really matter endif() else() # Either there is no config script or we are on a platform that does not provide one (Windows?) @@ -195,7 +187,7 @@ if(NOT _gss_FOUND) # Not found by pkg-config. Let us take more traditional appr check_include_file("heimdal/roken.h" _gss_have_heimdal_roken_h) if(_gss_have_roken_h OR _gss_have_heimdal_roken_h) - set(GSS_FLAVOUR "Heimdal") + message(FATAL_ERROR "Heimdal is not supported") endif() endif() cmake_pop_check_state() @@ -210,7 +202,7 @@ if(NOT _gss_FOUND) # Not found by pkg-config. Let us take more traditional appr ) if(_gss_INCLUDE_DIRS) - set(GSS_FLAVOUR "Heimdal") + message(FATAL_ERROR "Heimdal is not supported") else() find_path(_gss_INCLUDE_DIRS NAMES "gss.h" HINTS @@ -290,12 +282,6 @@ else() if(NOT _gss_version) # for old CMake versions? set(_gss_version ${_gss_${_mit_modname}_VERSION}) endif() - else() - set(GSS_FLAVOUR "Heimdal") - set(GSS_PC_REQUIRES "heimdal-gssapi") - if(NOT _gss_version) # for old CMake versions? - set(_gss_version ${_gss_${_heimdal_modname}_VERSION}) - endif() endif() message(STATUS "Found GSS/${GSS_FLAVOUR} (via pkg-config): ${_gss_INCLUDE_DIRS} (found version \"${_gss_version}\")") endif() @@ -309,24 +295,7 @@ set(GSS_CFLAGS ${_gss_CFLAGS}) set(GSS_VERSION ${_gss_version}) if(GSS_FLAVOUR) - if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "Heimdal") - if(CMAKE_SIZEOF_VOID_P EQUAL 8) - set(_heimdal_manifest_file "Heimdal.Application.amd64.manifest") - else() - set(_heimdal_manifest_file "Heimdal.Application.x86.manifest") - endif() - - if(EXISTS "${GSS_INCLUDE_DIRS}/${_heimdal_manifest_file}") - file(STRINGS "${GSS_INCLUDE_DIRS}/${_heimdal_manifest_file}" _heimdal_version_str - REGEX "^.*version=\"[0-9]\\.[^\"]+\".*$") - - string(REGEX MATCH "[0-9]\\.[^\"]+" GSS_VERSION "${_heimdal_version_str}") - endif() - - if(NOT GSS_VERSION) - set(GSS_VERSION "Heimdal Unknown") - endif() - elseif(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT") + if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT") if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.24) cmake_host_system_information(RESULT _mit_version QUERY WINDOWS_REGISTRY "HKLM/SOFTWARE/MIT/Kerberos/SDK/CurrentVersion" VALUE "VersionString") diff --git a/configure.ac b/configure.ac index c90606f507..94039b6259 100644 --- a/configure.ac +++ b/configure.ac @@ -1840,7 +1840,7 @@ if test x"$want_gss" = xyes; then gnu_gss=yes ], [ - dnl not found, check Heimdal or MIT + dnl not found, check for MIT AC_CHECK_HEADERS([gssapi/gssapi.h], [], [not_mit=1]) AC_CHECK_HEADERS( [gssapi/gssapi_generic.h gssapi/gssapi_krb5.h], @@ -1853,15 +1853,8 @@ if test x"$want_gss" = xyes; then #endif ]) if test "x$not_mit" = "x1"; then - dnl MIT not found, check for Heimdal - AC_CHECK_HEADER(gssapi.h, - [], - [ - dnl no header found, disabling GSS - want_gss=no - AC_MSG_WARN(disabling GSS-API support since no header files were found) - ] - ) + dnl MIT not found + AC_MSG_ERROR([incompatible GSS library found (heimdal?)]) else dnl MIT found dnl check if we have a really old MIT Kerberos version (<= 1.2) @@ -1894,7 +1887,7 @@ fi if test x"$want_gss" = xyes; then AC_DEFINE(HAVE_GSSAPI, 1, [if you have GSS-API libraries]) HAVE_GSSAPI=1 - curl_gss_msg="enabled (MIT Kerberos/Heimdal)" + curl_gss_msg="enabled (MIT Kerberos)" link_pkgconfig='' if test -n "$gnu_gss"; then @@ -1961,8 +1954,6 @@ if test x"$want_gss" = xyes; then if test -n "$link_pkgconfig"; then if test -n "$gnu_gss"; then LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE gss" - elif test "x$not_mit" = "x1"; then - LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE heimdal-gssapi" else LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE mit-krb5-gssapi" fi -- 2.47.3