diff --git a/CMakeLists.txt b/CMakeLists.txt index 33a392c63..04dab76e7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,9 +34,9 @@ option(USE_NSEC "Support nanosecond precision file mtimes and cti set(USE_HTTPS "" CACHE STRING "Enable HTTPS support and optionally selects the provider. One of ON, OFF, or a specific provider: OpenSSL, OpenSSL-FIPS, OpenSSL-Dynamic, mbedTLS, SecureTransport, Schannel, or WinHTTP. (Defaults to ON.)") set(USE_SHA1 "" CACHE STRING "Selects SHA1 provider. One of builtin, HTTPS, or a specific provider. (Defaults to builtin.)") set(USE_SHA256 "" CACHE STRING "Selects SHA256 provider. One of Builtin, HTTPS, or a specific provider. (Defaults to HTTPS.)") -option(USE_GSSAPI "Enable SPNEGO authentication using GSSAPI" OFF) set(USE_HTTP_PARSER "" CACHE STRING "Selects HTTP Parser support: http-parser, llhttp, or builtin. (Defaults to builtin.)") set(USE_AUTH_NTLM "" CACHE STRING "Enables NTLM authentication support. One of Builtin or win32.") + set(USE_AUTH_NEGOTIATE "" CACHE STRING "Enable Negotiate (SPNEGO) authentication support. One of GSSAPI or win32.") # set(USE_XDIFF "" CACHE STRING "Specifies the xdiff implementation; either system or builtin.") set(USE_REGEX "" CACHE STRING "Selects regex provider. One of regcomp_l, pcre2, pcre, regcomp, or builtin.") set(USE_COMPRESSION "" CACHE STRING "Selects compression backend. Either builtin or zlib.") diff --git a/cmake/SelectAuthNegotiate.cmake b/cmake/SelectAuthNegotiate.cmake new file mode 100644 index 000000000..3615571bc --- /dev/null +++ b/cmake/SelectAuthNegotiate.cmake @@ -0,0 +1,61 @@ +include(SanitizeBool) + +find_package(GSSAPI) + +if(CMAKE_SYSTEM_NAME MATCHES "Darwin" OR CMAKE_SYSTEM_NAME MATCHES "iOS") + include(FindGSSFramework) +endif() + +if(USE_AUTH_NEGOTIATE STREQUAL "" AND NOT USE_GSSAPI STREQUAL "") + sanitizebool(USE_GSSAPI) + set(USE_AUTH_NEGOTIATE "${USE_GSSAPI}") +endif() + +sanitizebool(USE_AUTH_NEGOTIATE) + +if((USE_AUTH_NEGOTIATE STREQUAL ON OR USE_AUTH_NEGOTIATE STREQUAL "") AND GSSFRAMEWORK_FOUND) + set(USE_AUTH_NEGOTIATE "GSS.framework") +elseif((USE_AUTH_NEGOTIATE STREQUAL ON OR USE_AUTH_NEGOTIATE STREQUAL "") AND GSSAPI_FOUND) + set(USE_AUTH_NEGOTIATE "gssapi") +elseif((USE_AUTH_NEGOTIATE STREQUAL ON OR USE_AUTH_NEGOTIATE STREQUAL "") AND WIN32) + set(USE_AUTH_NEGOTIATE "sspi") +elseif(USE_AUTH_NEGOTIATE STREQUAL "") + set(USE_AUTH_NEGOTIATE OFF) +elseif(USE_AUTH_NEGOTIATE STREQUAL ON) + message(FATAL_ERROR "negotiate support was requested but no backend is available") +endif() + +if(USE_AUTH_NEGOTIATE STREQUAL "GSS.framework") + if(NOT GSSFRAMEWORK_FOUND) + message(FATAL_ERROR "GSS.framework could not be found") + endif() + + list(APPEND LIBGIT2_SYSTEM_LIBS ${GSSFRAMEWORK_LIBRARIES}) + + set(GIT_AUTH_NEGOTIATE 1) + set(GIT_AUTH_NEGOTIATE_GSSFRAMEWORK 1) + add_feature_info("Negotiate authentication" ON "using GSS.framework") +elseif(USE_AUTH_NEGOTIATE STREQUAL "gssapi") + if(NOT GSSAPI_FOUND) + message(FATAL_ERROR "GSSAPI could not be found") + endif() + + list(APPEND LIBGIT2_SYSTEM_LIBS ${GSSAPI_LIBRARIES}) + + set(GIT_AUTH_NEGOTIATE 1) + set(GIT_AUTH_NEGOTIATE_GSSAPI 1) + add_feature_info("Negotiate authentication" ON "using GSSAPI") +elseif(USE_AUTH_NEGOTIATE STREQUAL "sspi") + if(NOT WIN32) + message(FATAL_ERROR "SSPI is only available on Win32") + endif() + + set(GIT_AUTH_NEGOTIATE 1) + set(GIT_AUTH_NEGOTIATE_SSPI 1) + add_feature_info("Negotiate authentication" ON "using Win32 SSPI") +elseif(USE_AUTH_NEGOTIATE STREQUAL OFF) + set(GIT_AUTH_NEGOTIATE 0) + add_feature_info("Negotiate authentication" OFF "SPNEGO support is disabled") +else() + message(FATAL_ERROR "unknown negotiate option: ${USE_AUTH_NEGOTIATE}") +endif() diff --git a/cmake/SelectGSSAPI.cmake b/cmake/SelectGSSAPI.cmake deleted file mode 100644 index 829850a4d..000000000 --- a/cmake/SelectGSSAPI.cmake +++ /dev/null @@ -1,48 +0,0 @@ -include(SanitizeBool) - -# We try to find any packages our backends might use -find_package(GSSAPI) -if(CMAKE_SYSTEM_NAME MATCHES "Darwin" OR CMAKE_SYSTEM_NAME MATCHES "iOS") - include(FindGSSFramework) -endif() - -if(USE_GSSAPI) - # Auto-select GSS backend - sanitizebool(USE_GSSAPI) - if(USE_GSSAPI STREQUAL ON) - if(GSSFRAMEWORK_FOUND) - set(USE_GSSAPI "GSS.framework") - elseif(GSSAPI_FOUND) - set(USE_GSSAPI "gssapi") - else() - message(FATAL_ERROR "Unable to autodetect a usable GSS backend." - "Please pass the backend name explicitly (-DUSE_GSS=backend)") - endif() - endif() - - # Check that we can find what's required for the selected backend - if(USE_GSSAPI STREQUAL "GSS.framework") - if(NOT GSSFRAMEWORK_FOUND) - message(FATAL_ERROR "Asked for GSS.framework backend, but it wasn't found") - endif() - - list(APPEND LIBGIT2_SYSTEM_LIBS ${GSSFRAMEWORK_LIBRARIES}) - - set(GIT_GSSFRAMEWORK 1) - add_feature_info(GSSAPI GIT_GSSFRAMEWORK "GSSAPI support for SPNEGO authentication (${USE_GSSAPI})") - elseif(USE_GSSAPI STREQUAL "gssapi") - if(NOT GSSAPI_FOUND) - message(FATAL_ERROR "Asked for gssapi GSS backend, but it wasn't found") - endif() - - list(APPEND LIBGIT2_SYSTEM_LIBS ${GSSAPI_LIBRARIES}) - - set(GIT_GSSAPI 1) - add_feature_info(GSSAPI GIT_GSSAPI "GSSAPI support for SPNEGO authentication (${USE_GSSAPI})") - else() - message(FATAL_ERROR "Asked for backend ${USE_GSSAPI} but it wasn't found") - endif() -else() - set(GIT_GSSAPI 0) - add_feature_info(GSSAPI NO "GSSAPI support for SPNEGO authentication") -endif() diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 02895f980..d6e6cf542 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -36,7 +36,6 @@ add_feature_info(debugopen GIT_DEBUG_STRICT_OPEN "path validation in open") # Optional feature enablement # -include(SelectGSSAPI) include(SelectHTTPSBackend) include(SelectHashes) include(SelectHTTPParser) @@ -46,6 +45,7 @@ include(SelectSSH) include(SelectCompression) include(SelectI18n) include(SelectAuthNTLM) +include(SelectAuthNegotiate) # # Platform support diff --git a/src/libgit2/libgit2.c b/src/libgit2/libgit2.c index f51dce3e0..537a839a1 100644 --- a/src/libgit2/libgit2.c +++ b/src/libgit2/libgit2.c @@ -101,7 +101,7 @@ int git_libgit2_features(void) #if defined(GIT_AUTH_NTLM) | GIT_FEATURE_AUTH_NTLM #endif -#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK) || defined(GIT_WIN32) +#if defined(GIT_AUTH_NEGOTIATE) | GIT_FEATURE_AUTH_NEGOTIATE #endif | GIT_FEATURE_COMPRESSION @@ -210,10 +210,14 @@ const char *git_libgit2_feature_backend(git_feature_t feature) break; case GIT_FEATURE_AUTH_NEGOTIATE: -#if defined(GIT_GSSAPI) +#if defined(GIT_AUTH_NEGOTIATE_GSSFRAMEWORK) + return "gssframework"; +#elif defined(GIT_AUTH_NEGOTIATE_GSSAPI) return "gssapi"; -#elif defined(GIT_WIN32) +#elif defined(GIT_AUTH_NEGOTIATE_SSPI) return "sspi"; +#elif defined(GIT_AUTH_NEGOTIATE) + GIT_ASSERT_WITH_RETVAL(!"Unknown Negotiate backend", NULL); #endif break; diff --git a/src/libgit2/transports/auth_gssapi.c b/src/libgit2/transports/auth_gssapi.c index 500553841..647f3ce3f 100644 --- a/src/libgit2/transports/auth_gssapi.c +++ b/src/libgit2/transports/auth_gssapi.c @@ -7,17 +7,18 @@ #include "auth_negotiate.h" -#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK) +#if defined(GIT_AUTH_NEGOTIATE_GSSAPI) || \ + defined(GIT_AUTH_NEGOTIATE_GSSFRAMEWORK) #include "git2.h" #include "auth.h" #include "git2/sys/credential.h" -#ifdef GIT_GSSFRAMEWORK -#import -#elif defined(GIT_GSSAPI) -#include -#include +#if defined(GIT_AUTH_NEGOTIATE_GSSFRAMEWORK) +# import +#elif defined(GIT_AUTH_NEGOTIATE_GSSAPI) +# include +# include #endif static gss_OID_desc gssapi_oid_spnego = @@ -310,5 +311,4 @@ int git_http_auth_negotiate( return 0; } -#endif /* GIT_GSSAPI */ - +#endif /* GIT_AUTH_NEGOTIATE_GSS... */ diff --git a/src/libgit2/transports/auth_negotiate.h b/src/libgit2/transports/auth_negotiate.h index 4360785c5..e528b402a 100644 --- a/src/libgit2/transports/auth_negotiate.h +++ b/src/libgit2/transports/auth_negotiate.h @@ -12,7 +12,7 @@ #include "git2.h" #include "auth.h" -#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK) || defined(GIT_WIN32) +#ifdef GIT_AUTH_NEGOTIATE extern int git_http_auth_negotiate( git_http_auth_context **out, @@ -22,6 +22,6 @@ extern int git_http_auth_negotiate( #define git_http_auth_negotiate git_http_auth_dummy -#endif /* GIT_GSSAPI */ +#endif /* GIT_AUTH_NEGOTIATE */ #endif diff --git a/src/util/git2_features.h.in b/src/util/git2_features.h.in index 27c2f688f..a5cf6a9e0 100644 --- a/src/util/git2_features.h.in +++ b/src/util/git2_features.h.in @@ -40,8 +40,10 @@ #cmakedefine GIT_AUTH_NTLM_BUILTIN 1 #cmakedefine GIT_AUTH_NTLM_SSPI 1 -#cmakedefine GIT_GSSAPI 1 -#cmakedefine GIT_GSSFRAMEWORK 1 +#cmakedefine GIT_AUTH_NEGOTIATE 1 +#cmakedefine GIT_AUTH_NEGOTIATE_GSSFRAMEWORK 1 +#cmakedefine GIT_AUTH_NEGOTIATE_GSSAPI 1 +#cmakedefine GIT_AUTH_NEGOTIATE_SSPI 1 #cmakedefine GIT_WINHTTP 1 #cmakedefine GIT_HTTPS 1 diff --git a/tests/libgit2/core/features.c b/tests/libgit2/core/features.c index 26e3e51b1..9eaa9f350 100644 --- a/tests/libgit2/core/features.c +++ b/tests/libgit2/core/features.c @@ -36,7 +36,7 @@ void test_core_features__basic(void) #if defined(GIT_AUTH_NTLM) cl_assert((caps & GIT_FEATURE_AUTH_NTLM) != 0); #endif -#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK) || defined(GIT_WIN32) +#if defined(GIT_AUTH_NEGOTIATE) cl_assert((caps & GIT_FEATURE_AUTH_NEGOTIATE) != 0); #endif @@ -174,10 +174,14 @@ void test_core_features__backends(void) cl_assert(ntlm == NULL); #endif -#if defined(GIT_GSSAPI) +#if defined(GIT_AUTH_NEGOTIATE_GSSFRAMEWORK) + cl_assert_equal_s("gssframework", negotiate); +#elif defined(GIT_AUTH_NEGOTIATE_GSSAPI) cl_assert_equal_s("gssapi", negotiate); -#elif defined(GIT_WIN32) +#elif defined(GIT_AUTH_NEGOTIATE_SSPI) cl_assert_equal_s("sspi", negotiate); +#elif defined(GIT_AUTH_NEGOTIATE) + cl_assert(0); #else cl_assert(negotiate == NULL); #endif