diff -rubwBEN squid-2/configure.in squid-2-fix/configure.in --- squid-2/configure.in 2009-08-02 12:55:31.000000000 +0100 +++ squid-2-fix/configure.in 2009-08-03 11:38:58.000000000 +0100 @@ -1588,6 +1588,7 @@ AC_SUBST(KRB5INCS) AC_SUBST(KRB5LIBS) fi +AM_CONDITIONAL(HAVE_SPNEGO, test x"$ac_cv_have_spnego" = x"yes" ) dnl Enable "NTLM fail open" AC_ARG_ENABLE(ntlm-fail-open, diff -rubwBEN squid-2/helpers/negotiate_auth/squid_kerb_auth/Makefile.am squid-2-fix/helpers/negotiate_auth/squid_kerb_auth/Makefile.am --- squid-2/helpers/negotiate_auth/squid_kerb_auth/Makefile.am 2008-07-29 20:01:16.000000000 +0100 +++ squid-2-fix/helpers/negotiate_auth/squid_kerb_auth/Makefile.am 2009-08-03 11:45:26.000000000 +0100 @@ -10,18 +10,17 @@ SOURCE = squid_kerb_auth.c base64.c base64.h EXTRA_DIST = readme.txt do.sh +if HAVE_SPNEGO +squid_kerb_auth_SOURCES = $(SOURCE) +else squid_kerb_auth_SOURCES = $(SOURCE) $(SPNEGO) +endif -CPPFLAGS = $(KERBINC) -I$(srcdir)/spnegohelp -I. +AM_CPPFLAGS = $(KERBINCS) -I$(srcdir)/spnegohelp -I. #-I$(top_srcdir)/include -I$(top_srcdir)/src LDADD = $(KERBLIBS) #-L$(top_builddir)/lib -lmiscutil $(XTRA_LIBS) -# HEIMDAL -#KERBINC = -DHEIMDAL -I/usr/include/heimdal -#KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken - # MIT -KERBINC = -KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err - +KERBINCS = @KRB5INCS@ +KERBLIBS = @KRB5LIBS@ diff -rubwBEN squid-2/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c squid-2-fix/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c --- squid-2/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c 2009-08-02 12:55:32.000000000 +0100 +++ squid-2-fix/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c 2009-08-03 12:06:39.000000000 +0100 @@ -24,6 +24,7 @@ /* * Hosted at http://sourceforge.net/projects/squidkerbauth */ +#include "config.h" #include #include #include @@ -37,28 +38,39 @@ #include "spnegohelp.h" #endif +// AYJ: must match the definition in src/auth/negotiate/auth_negotiate.cc +#define MAX_AUTHTOKEN_LEN 32768 + +// AYJ: match define in include/rfc2181.h #ifndef HOST_NAME_MAX #define HOST_NAME_MAX 256 #endif #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN HOST_NAME_MAX #endif -#ifndef MAX_AUTHTOKEN_LEN -#define MAX_AUTHTOKEN_LEN 65535 -#endif #define PROGRAM "squid_kerb_auth" -#ifdef HEIMDAL +#ifdef HAVE_HEIMDAL_KERBEROS +#ifdef HAVE_GSSAPI_GSSAPI_H +#include +#elif defined(HAVE_GSSAPI_H) #include +#endif #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE #else +#ifdef HAVE_GSSAPI_GSSAPI_H #include -#ifndef SOLARIS_11 +#elif defined(HAVE_GSSAPI_H) +#include +#endif +#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H +#include +#endif +#ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H #include -#else -#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE #endif +#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE #endif #include @@ -114,7 +126,7 @@ } freeaddrinfo(hres); - hostname[MAXHOSTNAMELEN]='\0'; + hostname[MAXHOSTNAMELEN-1]='\0'; return(strdup(hostname)); } @@ -183,7 +194,7 @@ char *user=NULL; int length=0; static int err=0; - int opt, rc, debug=0, loging=0; + int opt, debug=0, loging=0; OM_uint32 ret_flags=0, spnego_flag=0; char *service_name=(char *)"HTTP",*host_name=NULL; char *token = NULL; @@ -198,7 +209,10 @@ gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; const unsigned char *kerberosToken = NULL; +#ifndef HAVE_SPNEGO + int rc; size_t kerberosTokenLength = 0; +#endif const unsigned char *spnegoToken = NULL ; size_t spnegoTokenLength = 0;