cmake: update Negotiate backend selection

2026-06-22 06:26:26 +00:00 · 2024-12-31 10:46:26 +00:00
parent fb59acb246
commit c9974d28b2
9 changed files with 91 additions and 68 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,9 +34,9 @@ option(USE_NSEC                "Support nanosecond precision file mtimes and cti
   set(USE_HTTPS               "" CACHE STRING "Enable HTTPS support and optionally selects the provider. One of ON, OFF, or a specific provider: OpenSSL, OpenSSL-FIPS, OpenSSL-Dynamic, mbedTLS, SecureTransport, Schannel, or WinHTTP. (Defaults to ON.)")
   set(USE_SHA1                "" CACHE STRING "Selects SHA1 provider. One of builtin, HTTPS, or a specific provider. (Defaults to builtin.)")
   set(USE_SHA256              "" CACHE STRING "Selects SHA256 provider. One of Builtin, HTTPS, or a specific provider. (Defaults to HTTPS.)")
-option(USE_GSSAPI              "Enable SPNEGO authentication using GSSAPI" OFF)
   set(USE_HTTP_PARSER         "" CACHE STRING "Selects HTTP Parser support: http-parser, llhttp, or builtin. (Defaults to builtin.)")
   set(USE_AUTH_NTLM           "" CACHE STRING "Enables NTLM authentication support. One of Builtin or win32.")
+   set(USE_AUTH_NEGOTIATE      "" CACHE STRING "Enable Negotiate (SPNEGO) authentication support. One of GSSAPI or win32.")
 #  set(USE_XDIFF               "" CACHE STRING "Specifies the xdiff implementation; either system or builtin.")
   set(USE_REGEX               "" CACHE STRING "Selects regex provider. One of regcomp_l, pcre2, pcre, regcomp, or builtin.")
   set(USE_COMPRESSION         "" CACHE STRING "Selects compression backend. Either builtin or zlib.")
--- a/cmake/SelectAuthNegotiate.cmake
+++ b/cmake/SelectAuthNegotiate.cmake
@@ -0,0 +1,61 @@
+include(SanitizeBool)
+
+find_package(GSSAPI)
+
+if(CMAKE_SYSTEM_NAME MATCHES "Darwin" OR CMAKE_SYSTEM_NAME MATCHES "iOS")
+	include(FindGSSFramework)
+endif()
+
+if(USE_AUTH_NEGOTIATE STREQUAL "" AND NOT USE_GSSAPI STREQUAL "")
+        sanitizebool(USE_GSSAPI)
+	set(USE_AUTH_NEGOTIATE "${USE_GSSAPI}")
+endif()
+
+sanitizebool(USE_AUTH_NEGOTIATE)
+
+if((USE_AUTH_NEGOTIATE STREQUAL ON OR USE_AUTH_NEGOTIATE STREQUAL "") AND GSSFRAMEWORK_FOUND)
+	set(USE_AUTH_NEGOTIATE "GSS.framework")
+elseif((USE_AUTH_NEGOTIATE STREQUAL ON OR USE_AUTH_NEGOTIATE STREQUAL "") AND GSSAPI_FOUND)
+	set(USE_AUTH_NEGOTIATE "gssapi")
+elseif((USE_AUTH_NEGOTIATE STREQUAL ON OR USE_AUTH_NEGOTIATE STREQUAL "") AND WIN32)
+	set(USE_AUTH_NEGOTIATE "sspi")
+elseif(USE_AUTH_NEGOTIATE STREQUAL "")
+	set(USE_AUTH_NEGOTIATE OFF)
+elseif(USE_AUTH_NEGOTIATE STREQUAL ON)
+	message(FATAL_ERROR "negotiate support was requested but no backend is available")
+endif()
+
+if(USE_AUTH_NEGOTIATE STREQUAL "GSS.framework")
+	if(NOT GSSFRAMEWORK_FOUND)
+		message(FATAL_ERROR "GSS.framework could not be found")
+	endif()
+
+	list(APPEND LIBGIT2_SYSTEM_LIBS ${GSSFRAMEWORK_LIBRARIES})
+
+	set(GIT_AUTH_NEGOTIATE 1)
+	set(GIT_AUTH_NEGOTIATE_GSSFRAMEWORK 1)
+	add_feature_info("Negotiate authentication" ON "using GSS.framework")
+elseif(USE_AUTH_NEGOTIATE STREQUAL "gssapi")
+	if(NOT GSSAPI_FOUND)
+		message(FATAL_ERROR "GSSAPI could not be found")
+	endif()
+
+	list(APPEND LIBGIT2_SYSTEM_LIBS ${GSSAPI_LIBRARIES})
+
+	set(GIT_AUTH_NEGOTIATE 1)
+	set(GIT_AUTH_NEGOTIATE_GSSAPI 1)
+	add_feature_info("Negotiate authentication" ON "using GSSAPI")
+elseif(USE_AUTH_NEGOTIATE STREQUAL "sspi")
+        if(NOT WIN32)
+                message(FATAL_ERROR "SSPI is only available on Win32")
+        endif()
+
+	set(GIT_AUTH_NEGOTIATE 1)
+	set(GIT_AUTH_NEGOTIATE_SSPI 1)
+	add_feature_info("Negotiate authentication" ON "using Win32 SSPI")
+elseif(USE_AUTH_NEGOTIATE STREQUAL OFF)
+	set(GIT_AUTH_NEGOTIATE 0)
+        add_feature_info("Negotiate authentication" OFF "SPNEGO support is disabled")
+else()
+        message(FATAL_ERROR "unknown negotiate option: ${USE_AUTH_NEGOTIATE}")
+endif()
--- a/cmake/SelectGSSAPI.cmake
+++ b/cmake/SelectGSSAPI.cmake
@@ -1,48 +0,0 @@
-include(SanitizeBool)
-
-# We try to find any packages our backends might use
-find_package(GSSAPI)
-if(CMAKE_SYSTEM_NAME MATCHES "Darwin" OR CMAKE_SYSTEM_NAME MATCHES "iOS")
-	include(FindGSSFramework)
-endif()
-
-if(USE_GSSAPI)
-	# Auto-select GSS backend
-	sanitizebool(USE_GSSAPI)
-	if(USE_GSSAPI STREQUAL ON)
-		if(GSSFRAMEWORK_FOUND)
-			set(USE_GSSAPI "GSS.framework")
-		elseif(GSSAPI_FOUND)
-			set(USE_GSSAPI "gssapi")
-		else()
-			message(FATAL_ERROR "Unable to autodetect a usable GSS backend."
-				"Please pass the backend name explicitly (-DUSE_GSS=backend)")
-		endif()
-	endif()
-
-	# Check that we can find what's required for the selected backend
-	if(USE_GSSAPI STREQUAL "GSS.framework")
-		if(NOT GSSFRAMEWORK_FOUND)
-			message(FATAL_ERROR "Asked for GSS.framework backend, but it wasn't found")
-		endif()
-
-		list(APPEND LIBGIT2_SYSTEM_LIBS ${GSSFRAMEWORK_LIBRARIES})
-
-		set(GIT_GSSFRAMEWORK 1)
-		add_feature_info(GSSAPI GIT_GSSFRAMEWORK "GSSAPI support for SPNEGO authentication (${USE_GSSAPI})")
-	elseif(USE_GSSAPI STREQUAL "gssapi")
-		if(NOT GSSAPI_FOUND)
-			message(FATAL_ERROR "Asked for gssapi GSS backend, but it wasn't found")
-		endif()
-
-		list(APPEND LIBGIT2_SYSTEM_LIBS ${GSSAPI_LIBRARIES})
-
-		set(GIT_GSSAPI 1)
-		add_feature_info(GSSAPI GIT_GSSAPI "GSSAPI support for SPNEGO authentication (${USE_GSSAPI})")
-	else()
-		message(FATAL_ERROR "Asked for backend ${USE_GSSAPI} but it wasn't found")
-	endif()
-else()
-	set(GIT_GSSAPI 0)
-	add_feature_info(GSSAPI NO "GSSAPI support for SPNEGO authentication")
-endif()
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -36,7 +36,6 @@ add_feature_info(debugopen GIT_DEBUG_STRICT_OPEN "path validation in open")
 # Optional feature enablement
 #

-include(SelectGSSAPI)
 include(SelectHTTPSBackend)
 include(SelectHashes)
 include(SelectHTTPParser)
@@ -46,6 +45,7 @@ include(SelectSSH)
 include(SelectCompression)
 include(SelectI18n)
 include(SelectAuthNTLM)
+include(SelectAuthNegotiate)

 #
 # Platform support
--- a/src/libgit2/libgit2.c
+++ b/src/libgit2/libgit2.c
@@ -101,7 +101,7 @@ int git_libgit2_features(void)
 #if defined(GIT_AUTH_NTLM)
 		| GIT_FEATURE_AUTH_NTLM
 #endif
-#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK) || defined(GIT_WIN32)
+#if defined(GIT_AUTH_NEGOTIATE)
 		| GIT_FEATURE_AUTH_NEGOTIATE
 #endif
 		| GIT_FEATURE_COMPRESSION
@@ -210,10 +210,14 @@ const char *git_libgit2_feature_backend(git_feature_t feature)
 		break;

 	case GIT_FEATURE_AUTH_NEGOTIATE:
-#if defined(GIT_GSSAPI)
+#if defined(GIT_AUTH_NEGOTIATE_GSSFRAMEWORK)
+		return "gssframework";
+#elif defined(GIT_AUTH_NEGOTIATE_GSSAPI)
 		return "gssapi";
-#elif defined(GIT_WIN32)
+#elif defined(GIT_AUTH_NEGOTIATE_SSPI)
 		return "sspi";
+#elif defined(GIT_AUTH_NEGOTIATE)
+		GIT_ASSERT_WITH_RETVAL(!"Unknown Negotiate backend", NULL);
 #endif
 		break;

--- a/src/libgit2/transports/auth_gssapi.c
+++ b/src/libgit2/transports/auth_gssapi.c
@@ -7,17 +7,18 @@

 #include "auth_negotiate.h"

-#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK)
+#if defined(GIT_AUTH_NEGOTIATE_GSSAPI) || \
+    defined(GIT_AUTH_NEGOTIATE_GSSFRAMEWORK)

 #include "git2.h"
 #include "auth.h"
 #include "git2/sys/credential.h"

-#ifdef GIT_GSSFRAMEWORK
-#import <GSS/GSS.h>
-#elif defined(GIT_GSSAPI)
-#include <gssapi.h>
-#include <krb5.h>
+#if defined(GIT_AUTH_NEGOTIATE_GSSFRAMEWORK)
+# import <GSS/GSS.h>
+#elif defined(GIT_AUTH_NEGOTIATE_GSSAPI)
+# include <gssapi.h>
+# include <krb5.h>
 #endif

 static gss_OID_desc gssapi_oid_spnego =
@@ -310,5 +311,4 @@ int git_http_auth_negotiate(
 	return 0;
 }

-#endif /* GIT_GSSAPI */
-
+#endif /* GIT_AUTH_NEGOTIATE_GSS... */
--- a/src/libgit2/transports/auth_negotiate.h
+++ b/src/libgit2/transports/auth_negotiate.h
@@ -12,7 +12,7 @@
 #include "git2.h"
 #include "auth.h"

-#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK) || defined(GIT_WIN32)
+#ifdef GIT_AUTH_NEGOTIATE

 extern int git_http_auth_negotiate(
 	git_http_auth_context **out,
@@ -22,6 +22,6 @@ extern int git_http_auth_negotiate(

 #define git_http_auth_negotiate git_http_auth_dummy

-#endif /* GIT_GSSAPI */
+#endif /* GIT_AUTH_NEGOTIATE */

 #endif
--- a/src/util/git2_features.h.in
+++ b/src/util/git2_features.h.in
@@ -40,8 +40,10 @@
 #cmakedefine GIT_AUTH_NTLM_BUILTIN 1
 #cmakedefine GIT_AUTH_NTLM_SSPI 1

-#cmakedefine GIT_GSSAPI 1
-#cmakedefine GIT_GSSFRAMEWORK 1
+#cmakedefine GIT_AUTH_NEGOTIATE 1
+#cmakedefine GIT_AUTH_NEGOTIATE_GSSFRAMEWORK 1
+#cmakedefine GIT_AUTH_NEGOTIATE_GSSAPI 1
+#cmakedefine GIT_AUTH_NEGOTIATE_SSPI 1

 #cmakedefine GIT_WINHTTP 1
 #cmakedefine GIT_HTTPS 1
--- a/tests/libgit2/core/features.c
+++ b/tests/libgit2/core/features.c
@@ -36,7 +36,7 @@ void test_core_features__basic(void)
 #if defined(GIT_AUTH_NTLM)
 	cl_assert((caps & GIT_FEATURE_AUTH_NTLM) != 0);
 #endif
-#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK) || defined(GIT_WIN32)
+#if defined(GIT_AUTH_NEGOTIATE)
 	cl_assert((caps & GIT_FEATURE_AUTH_NEGOTIATE) != 0);
 #endif

@@ -174,10 +174,14 @@ void test_core_features__backends(void)
 	cl_assert(ntlm == NULL);
 #endif

-#if defined(GIT_GSSAPI)
+#if defined(GIT_AUTH_NEGOTIATE_GSSFRAMEWORK)
+	cl_assert_equal_s("gssframework", negotiate);
+#elif defined(GIT_AUTH_NEGOTIATE_GSSAPI)
 	cl_assert_equal_s("gssapi", negotiate);
-#elif defined(GIT_WIN32)
+#elif defined(GIT_AUTH_NEGOTIATE_SSPI)
 	cl_assert_equal_s("sspi", negotiate);
+#elif defined(GIT_AUTH_NEGOTIATE)
+	cl_assert(0);
 #else
 	cl_assert(negotiate == NULL);
 #endif