From 61f5d5b50c7cbc3057a01dfe9daf0d6be9b9fef4 Mon Sep 17 00:00:00 2001 From: Jochen Neumeister Date: Sun, 22 Apr 2018 14:59:23 +0000 Subject: [PATCH] HTTP_AUTH_KRB5 option is not fully implemented. This patch makes it build with security/krb5 and security/heimdal PR: 226044 Reviewed by: brnrd Differential Revision: https://reviews.freebsd.org/D14973 --- www/nginx/Makefile | 15 +++++++++++-- www/nginx/Makefile.extmod | 6 +----- www/nginx/Makefile.options.desc | 1 + ...patch-spnego-http-auth-nginx-module-config | 21 ++++++++++++++----- 4 files changed, 31 insertions(+), 12 deletions(-) diff --git a/www/nginx/Makefile b/www/nginx/Makefile index f841e14e487c..c3f9bf4fb71e 100644 --- a/www/nginx/Makefile +++ b/www/nginx/Makefile @@ -71,7 +71,7 @@ OPTIONS_GROUP_HTTPGRP= GOOGLE_PERFTOOLS HTTP HTTP_ADDITION HTTP_AUTH_REQ \ HTTP_REWRITE HTTP_SECURE_LINK HTTP_SLICE HTTP_SSL HTTP_STATUS HTTP_SUB \ HTTP_XSLT HTTPV2 STREAM STREAM_SSL STREAM_SSL_PREREAD # External modules (arrayvar MUST appear after devel_kit for build-dep) -OPTIONS_GROUP_HTTPGRP+= AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \ +OPTIONS_GROUP_HTTPGRP+= AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \ ARRAYVAR DRIZZLE DYNAMIC_UPSTREAM ECHO ENCRYPTSESSION FASTDFS FORMINPUT \ GRIDFS HEADERS_MORE HTTP_ACCEPT_LANGUAGE HTTP_AUTH_DIGEST HTTP_AUTH_KRB5 \ HTTP_AUTH_LDAP HTTP_AUTH_PAM HTTP_DAV_EXT HTTP_EVAL HTTP_FANCYINDEX \ @@ -84,12 +84,19 @@ OPTIONS_GROUP_HTTPGRP+= AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \ SET_MISC SFLOW SHIBBOLETH SLOWFS_CACHE SMALL_LIGHT SRCACHE XSS OPTIONS_GROUP_MAILGRP= MAIL MAIL_IMAP MAIL_POP3 MAIL_SMTP MAIL_SSL OPTIONS_DEFINE= DEBUG DEBUGLOG DSO FILE_AIO IPV6 THREADS WWW -OPTIONS_DEFAULT?=DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \ +OPTIONS_DEFAULT?= DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \ HTTP_DAV HTTP_FLV HTTP_GZIP_STATIC HTTP_GUNZIP_FILTER \ HTTP_MP4 HTTP_RANDOM_INDEX HTTP_REALIP HTTP_SECURE_LINK \ HTTP_SLICE HTTP_REWRITE HTTP_SSL HTTP_STATUS HTTP_SUB \ HTTPV2 MAIL MAIL_SSL STREAM STREAM_SSL STREAM_SSL_PREREAD \ THREADS WWW + +OPTIONS_RADIO+= GSSAPI +OPTIONS_RADIO_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +GSSAPI_BASE_USES= gssapi +GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags +GSSAPI_MIT_USES= gssapi:mit + OPTIONS_SUB= yes .include "Makefile.options.desc" @@ -102,6 +109,10 @@ ${opt}_IMPLIES= MAIL ${opt}_IMPLIES= HTTP .endfor +GSSAPI_BASE_IMPLIES= HTTP_AUTH_KRB5 +GSSAPI_HEIMDAL_IMPLIES= HTTP_AUTH_KRB5 +GSSAPI_MIT_IMPLIES= HTTP_AUTH_KRB5 + # If the target is makesum, make sure that every distfile is fetched. .if ${.TARGETS:Mmakesum} OPTIONS_DEFAULT= ${OPTIONS_DEFINE} ${OPTIONS_GROUP_HTTP} ${OPTIONS_GROUP_MAIL} diff --git a/www/nginx/Makefile.extmod b/www/nginx/Makefile.extmod index cf951f7a5466..f6ef8b48d93b 100644 --- a/www/nginx/Makefile.extmod +++ b/www/nginx/Makefile.extmod @@ -83,11 +83,7 @@ HTTP_AUTH_DIGEST_VARS= DSO_EXTMODS+=auth_digest HTTP_AUTH_KRB5_GH_TUPLE= stnoonan:spnego-http-auth-nginx-module:7e028a5:auth_krb5 HTTP_AUTH_KRB5_VARS= DSO_EXTMODS+=auth_krb5 -#HTTP_AUTH_KRB5_EXTRA_PATCHES=${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config -#OPTIONS_RADIO+= GSSAPI -#OPTIONS_RADIO_GSSAPI+= GSSAPI_HEIMDAL GSSAPI_MIT -#GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags -#GSSAPI_MIT_USES= gssapi:mit +HTTP_AUTH_KRB5_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config HTTP_AUTH_LDAP_GH_TUPLE= kvspb:nginx-auth-ldap:42d195d:http_auth_ldap HTTP_AUTH_LDAP_VARS= DSO_EXTMODS+=http_auth_ldap diff --git a/www/nginx/Makefile.options.desc b/www/nginx/Makefile.options.desc index 6021e5d6a1a3..4da7484c66ca 100644 --- a/www/nginx/Makefile.options.desc +++ b/www/nginx/Makefile.options.desc @@ -20,6 +20,7 @@ FILE_AIO_DESC= Enable file aio FORMINPUT_DESC= 3rd party form_input module GOOGLE_PERFTOOLS_DESC= Enable google perftools module GRIDFS_DESC= 3rd party gridfs module +GSSAPI_DESC= GSSAPI implementation (imply HTTP_AUTH_KRB5) HEADERS_MORE_DESC= 3rd party headers_more module HTTPGRP_DESC= Modules that require HTTP module HTTPV2_DESC= Enable HTTP/2 protocol support (SSL req.) diff --git a/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config b/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config index 5f8d7523c16e..37543286589a 100644 --- a/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config +++ b/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config @@ -1,9 +1,20 @@ --- ../spnego-http-auth-nginx-module-0c6ff3f/config.orig 2017-04-15 13:07:01.159506000 -0400 -+++ ../spnego-http-auth-nginx-module-0c6ff3f/config 2017-04-15 13:07:36.283398000 -0400 -@@ -1,5 +1,5 @@ ++++ ../spnego-http-auth-nginx-module-7e028a5/config 2018-04-20 00:15:08.515289000 +0200 +@@ -1,9 +1,6 @@ ngx_addon_name=ngx_http_auth_spnego_module -ngx_feature_libs="-lgssapi_krb5 -lkrb5 -lcom_err" -+ngx_feature_libs="%%GSSAPILIBS%% -lcom_err" +- +-if uname -o | grep -q FreeBSD; then +- ngx_feature_libs="$ngx_feature_libs -lgssapi" +-fi ++ngx_feature_libs="%%GSSAPILIBS%%" ++ngx_module_incs="%%GSSAPINCDIR%%" - if uname -o | grep -q FreeBSD; then - ngx_feature_libs="$ngx_feature_libs -lgssapi" + if test -n "$ngx_module_link"; then + ngx_module_type=HTTP +@@ -16,3 +13,5 @@ else + NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_spnego_module.c" + CORE_LIBS="$CORE_LIBS $ngx_feature_libs" + fi ++ ++LDFLAGS="-L%%GSSAPILIBDIR%% $LDFLAGS"