Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Start adding GSSAPI support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 19, 2014
1 parent da43d43 commit 20ef463
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 3 deletions.
9 changes: 6 additions & 3 deletions Makefile.am
Expand Up @@ -20,11 +20,14 @@ openconnect_LDADD = libopenconnect.la $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL

library_srcs = ssl.c http.c auth.c library.c compat.c dtls.c cstp.c \
mainloop.c script.c ntlm.c
if OPENCONNECT_GSSAPI
library_srcs += gssapi.c
endif
lib_srcs_gnutls = gnutls.c gnutls_pkcs12.c gnutls_tpm.c
lib_srcs_openssl = openssl.c

POTFILES = $(openconnect_SOURCES) $(lib_srcs_openssl) $(lib_srcs_gnutls) \
$(library_srcs) tun-win32.c tun.c
$(library_srcs) tun-win32.c tun.c gssapi.c

if OPENCONNECT_GNUTLS
library_srcs += $(lib_srcs_gnutls)
Expand All @@ -38,8 +41,8 @@ else
library_srcs += tun.c
endif
libopenconnect_la_SOURCES = version.c $(library_srcs)
libopenconnect_la_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) $(P11KIT_CFLAGS) $(TSS_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBOATH_CFLAGS)
libopenconnect_la_LIBADD = $(SSL_LIBS) $(DTLS_SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(LIBINTL) $(P11KIT_LIBS) $(TSS_LIBS) $(LIBSTOKEN_LIBS) $(LIBOATH_LIBS)
libopenconnect_la_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) $(P11KIT_CFLAGS) $(TSS_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBOATH_CFLAGS) $(GSSAPI_CFLAGS)
libopenconnect_la_LIBADD = $(SSL_LIBS) $(DTLS_SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(LIBINTL) $(P11KIT_LIBS) $(TSS_LIBS) $(LIBSTOKEN_LIBS) $(LIBOATH_LIBS) $(GSSAPI_LIBS)
if OPENBSD_LIBTOOL
# OpenBSD's libtool doesn't have -version-number, but its -version-info arg
# does what GNU libtool's -version-number does. Which arguably is what the
Expand Down
17 changes: 17 additions & 0 deletions configure.ac
Expand Up @@ -584,6 +584,23 @@ AS_IF([test "x$with_liboath" != "xno"], [
liboath_pkg=no)
])

have_gssapi=no
AC_ARG_WITH([gssapi],
AS_HELP_STRING([--without-gssapi],
[Build without GSSAPI support [default=auto]]))
AS_IF([test "x$with_gssapi" != "xno"], [
AC_PATH_PROG([KRB5_CONFIG], krb5-config, [], $PATH:/usr/kerberos/bin)
if test "$KRB5_CONFIG" != ""; then
have_gssapi=yes
GSSAPI_LIBS="`${KRB5_CONFIG} --libs gssapi`"
GSSAPI_CFLAGS="`${KRB5_CONFIG} --cflags gssapi`"
AC_SUBST(GSSAPI_CFLAGS)
AC_SUBST(GSSAPI_LIBS)
AC_DEFINE([HAVE_GSSAPI], 1)
fi
])
AM_CONDITIONAL(OPENCONNECT_GSSAPI, [test "$have_gssapi" = "yes"])

AC_ARG_WITH([java],
AS_HELP_STRING([--with-java(=DIR)],
[Build JNI bindings using jni.h from DIR [default=no]]),
Expand Down
6 changes: 6 additions & 0 deletions http.c
Expand Up @@ -1587,6 +1587,12 @@ void buf_append_base64(struct oc_text_buf *buf, const void *bytes, int len)
/* Generate Proxy-Authorization: header for request if appropriate */
static int proxy_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf)
{
#ifdef HAVE_GSSAPI
if (vpninfo->gssapi_auth.state > AUTH_UNSEEN &&
!gssapi_authorization(vpninfo, buf))
return 0;
#endif

if (vpninfo->ntlm_auth.state > AUTH_UNSEEN &&
!ntlm_authorization(vpninfo, buf))
return 0;
Expand Down
3 changes: 3 additions & 0 deletions openconnect-internal.h
Expand Up @@ -581,6 +581,9 @@ int internal_parse_url(char *url, char **res_proto, char **res_host,
/* ntlm.c */
int ntlm_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf);

/* gssapi.c */
int gssapi_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf);

/* ssl_ui.c */
int set_openssl_ui(void);

Expand Down

0 comments on commit 20ef463

Please sign in to comment.