Skip to content

kerberos: drop logic for MIT Kerberos <1.2.3 (pre-2002) versions #18978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vszakats wants to merge 4 commits into from
Closed

kerberos: drop logic for MIT Kerberos <1.2.3 (pre-2002) versions #18978

vszakats wants to merge 4 commits into from

Conversation

@vszakats
Copy link
Member

@vszakats vszakats commented Oct 9, 2025
edited
Loading

curl requires 1.2.4 or newer.

Also:

  • vms: stop defining gss_nt_service_name. Added in
    f9cf3de, symbol not used in curl code
    since 355bf01.

@vszakats vszakats changed the title kerberos: drop logic for MIT Kerberos <1.2 (pre-2002) versions kerberos: drop logic for MIT Kerberos <1.2.4 (pre-2002) versions Oct 9, 2025
@vszakats vszakats changed the title kerberos: drop logic for MIT Kerberos <1.2.4 (pre-2002) versions kerberos: drop logic for MIT Kerberos <1.2.3 (pre-2002) versions Oct 9, 2025
@vszakats vszakats marked this pull request as draft October 9, 2025 19:17
@vszakats
Copy link
Member Author

vszakats commented Oct 9, 2025
edited
Loading

I accidentally deleted the detection of HAVE_GSSAPI_GSSAPI_H and HAVE_GSSAPI_GSSAPI_GENERIC_H in cmake. It had no adverse effect, with the CI-tested versions of 1.15+.

So far it looks like the raw gssapi.h header is a legacy (redirecting to the new header). gssapi/gssapi.h is the new style which received support in curl in 2004. Then, a check for gssapi/gssapi_generic.h is used to detect the MIT implementation (vs. Heimdal, which misses this header). This check has been added to curl in 2008. gssapi/gssapi_generic.h contains legacy stuff, that's no longer use by curl (though curl still includes it when detected). In the past it used gss_nt_service_name from it, with an apparently obsolete line still defining in the VMS code.

(curl replaced (355bf01) the last gss_nt_service_name with GSS_C_NT_HOSTBASED_SERVICE, which was available since Kerberos 1.2.3.)

While investigating I'll restore these detections to cmake, and tackle the rest in a follow-up PR.

@vszakats
cmake: keep two header checks for now
c780d88 
The code uses them, autotools defines them.
Having another look whether they are still necessary or useful.
@vszakats
vms: stop defining gss_nt_service_name, no longer used in curl
a49998d 
355bf01
f9cf3de
@vszakats
fixup
697707b
@vszakats vszakats marked this pull request as ready for review October 9, 2025 22:19
@vszakats vszakats closed this in 0d560d0 Oct 10, 2025
@vszakats vszakats deleted the krbold1 branch October 10, 2025 00:08
@vszakats vszakats mentioned this pull request Oct 10, 2025
Closed
vszakats added a commit that referenced this pull request Oct 10, 2025
@vszakats
kerberos: stop including gssapi/gssapi_generic.h
e5950b2 
It's a legacy MIT Kerberos header that's no longer used by curl since:
355bf01 (2015-01-09)

There were still mentions of it after this patch, when using versions
<1.2.3, but those versions aren't supported since:
9918541 (2008-06-12)

This header remains in use by autotools and cmake to detect MIT Kerberos
(vs. Heimdal, which doesn't have it.)

Ref: #18978 (comment)

Closes #18990
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bagder bagder bagder approved these changes

Assignees

No one assigned

Labels

authentication build tidy-up

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vszakats @bagder