Commit 20ef4632 authored by David Woodhouse's avatar David Woodhouse

Start adding GSSAPI support

Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent da43d436
......@@ -20,11 +20,14 @@ openconnect_LDADD = libopenconnect.la $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL
library_srcs = ssl.c http.c auth.c library.c compat.c dtls.c cstp.c \
mainloop.c script.c ntlm.c
if OPENCONNECT_GSSAPI
library_srcs += gssapi.c
endif
lib_srcs_gnutls = gnutls.c gnutls_pkcs12.c gnutls_tpm.c
lib_srcs_openssl = openssl.c
POTFILES = $(openconnect_SOURCES) $(lib_srcs_openssl) $(lib_srcs_gnutls) \
$(library_srcs) tun-win32.c tun.c
$(library_srcs) tun-win32.c tun.c gssapi.c
if OPENCONNECT_GNUTLS
library_srcs += $(lib_srcs_gnutls)
......@@ -38,8 +41,8 @@ else
library_srcs += tun.c
endif
libopenconnect_la_SOURCES = version.c $(library_srcs)
libopenconnect_la_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) $(P11KIT_CFLAGS) $(TSS_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBOATH_CFLAGS)
libopenconnect_la_LIBADD = $(SSL_LIBS) $(DTLS_SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(LIBINTL) $(P11KIT_LIBS) $(TSS_LIBS) $(LIBSTOKEN_LIBS) $(LIBOATH_LIBS)
libopenconnect_la_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) $(P11KIT_CFLAGS) $(TSS_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBOATH_CFLAGS) $(GSSAPI_CFLAGS)
libopenconnect_la_LIBADD = $(SSL_LIBS) $(DTLS_SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(LIBINTL) $(P11KIT_LIBS) $(TSS_LIBS) $(LIBSTOKEN_LIBS) $(LIBOATH_LIBS) $(GSSAPI_LIBS)
if OPENBSD_LIBTOOL
# OpenBSD's libtool doesn't have -version-number, but its -version-info arg
# does what GNU libtool's -version-number does. Which arguably is what the
......
......@@ -584,6 +584,23 @@ AS_IF([test "x$with_liboath" != "xno"], [
liboath_pkg=no)
])
have_gssapi=no
AC_ARG_WITH([gssapi],
AS_HELP_STRING([--without-gssapi],
[Build without GSSAPI support [default=auto]]))
AS_IF([test "x$with_gssapi" != "xno"], [
AC_PATH_PROG([KRB5_CONFIG], krb5-config, [], $PATH:/usr/kerberos/bin)
if test "$KRB5_CONFIG" != ""; then
have_gssapi=yes
GSSAPI_LIBS="`${KRB5_CONFIG} --libs gssapi`"
GSSAPI_CFLAGS="`${KRB5_CONFIG} --cflags gssapi`"
AC_SUBST(GSSAPI_CFLAGS)
AC_SUBST(GSSAPI_LIBS)
AC_DEFINE([HAVE_GSSAPI], 1)
fi
])
AM_CONDITIONAL(OPENCONNECT_GSSAPI, [test "$have_gssapi" = "yes"])
AC_ARG_WITH([java],
AS_HELP_STRING([--with-java(=DIR)],
[Build JNI bindings using jni.h from DIR [default=no]]),
......
......@@ -1587,6 +1587,12 @@ void buf_append_base64(struct oc_text_buf *buf, const void *bytes, int len)
/* Generate Proxy-Authorization: header for request if appropriate */
static int proxy_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf)
{
#ifdef HAVE_GSSAPI
if (vpninfo->gssapi_auth.state > AUTH_UNSEEN &&
!gssapi_authorization(vpninfo, buf))
return 0;
#endif
if (vpninfo->ntlm_auth.state > AUTH_UNSEEN &&
!ntlm_authorization(vpninfo, buf))
return 0;
......
......@@ -581,6 +581,9 @@ int internal_parse_url(char *url, char **res_proto, char **res_host,
/* ntlm.c */
int ntlm_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
/* gssapi.c */
int gssapi_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
/* ssl_ui.c */
int set_openssl_ui(void);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment