HTTP_AUTH_KRB5 option is not fully implemented. This patch makes it build with security/krb5 and security/heimdal

PR:		226044
Reviewed by:	brnrd
Differential Revision:	https://reviews.freebsd.org/D14973

4 files changed, 31 insertions, 12 deletions

diff --git a/www/nginx/Makefile b/www/nginx/Makefile
index f841e14e487c..c3f9bf4fb71e 100644
--- a/www/nginx/Makefile
+++ b/www/nginx/Makefile
@@ -71,7 +71,7 @@ OPTIONS_GROUP_HTTPGRP=	GOOGLE_PERFTOOLS HTTP HTTP_ADDITION HTTP_AUTH_REQ \
 	HTTP_REWRITE HTTP_SECURE_LINK HTTP_SLICE HTTP_SSL HTTP_STATUS HTTP_SUB \
 	HTTP_XSLT HTTPV2 STREAM STREAM_SSL STREAM_SSL_PREREAD
 # External modules (arrayvar MUST appear after devel_kit for build-dep)
-OPTIONS_GROUP_HTTPGRP+=	AJP  AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \
+OPTIONS_GROUP_HTTPGRP+=	AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \
 	ARRAYVAR DRIZZLE DYNAMIC_UPSTREAM ECHO ENCRYPTSESSION FASTDFS FORMINPUT \
 	GRIDFS HEADERS_MORE HTTP_ACCEPT_LANGUAGE HTTP_AUTH_DIGEST HTTP_AUTH_KRB5 \
 	HTTP_AUTH_LDAP HTTP_AUTH_PAM HTTP_DAV_EXT HTTP_EVAL HTTP_FANCYINDEX \
@@ -84,12 +84,19 @@ OPTIONS_GROUP_HTTPGRP+=	AJP  AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \
 	SET_MISC SFLOW SHIBBOLETH SLOWFS_CACHE SMALL_LIGHT SRCACHE XSS
 OPTIONS_GROUP_MAILGRP=	MAIL MAIL_IMAP MAIL_POP3 MAIL_SMTP MAIL_SSL
 OPTIONS_DEFINE=	DEBUG DEBUGLOG DSO FILE_AIO IPV6 THREADS WWW
-OPTIONS_DEFAULT?=DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \
+OPTIONS_DEFAULT?=	DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \
 		HTTP_DAV HTTP_FLV HTTP_GZIP_STATIC HTTP_GUNZIP_FILTER \
 		HTTP_MP4 HTTP_RANDOM_INDEX HTTP_REALIP HTTP_SECURE_LINK \
 		HTTP_SLICE HTTP_REWRITE HTTP_SSL HTTP_STATUS HTTP_SUB \
 		HTTPV2 MAIL MAIL_SSL STREAM STREAM_SSL STREAM_SSL_PREREAD \
 		THREADS WWW
+
+OPTIONS_RADIO+=		GSSAPI
+OPTIONS_RADIO_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
+GSSAPI_BASE_USES=	gssapi
+GSSAPI_HEIMDAL_USES=	gssapi:heimdal,flags
+GSSAPI_MIT_USES=	gssapi:mit
+
 OPTIONS_SUB=	yes
 
 .include "Makefile.options.desc"
@@ -102,6 +109,10 @@ ${opt}_IMPLIES=	MAIL
 ${opt}_IMPLIES=	HTTP
 .endfor
 
+GSSAPI_BASE_IMPLIES=	HTTP_AUTH_KRB5
+GSSAPI_HEIMDAL_IMPLIES=	HTTP_AUTH_KRB5
+GSSAPI_MIT_IMPLIES=	HTTP_AUTH_KRB5
+
 # If the target is makesum, make sure that every distfile is fetched.
 .if ${.TARGETS:Mmakesum}
 OPTIONS_DEFAULT=	${OPTIONS_DEFINE} ${OPTIONS_GROUP_HTTP} ${OPTIONS_GROUP_MAIL}
diff --git a/www/nginx/Makefile.extmod b/www/nginx/Makefile.extmod
index cf951f7a5466..f6ef8b48d93b 100644
--- a/www/nginx/Makefile.extmod
+++ b/www/nginx/Makefile.extmod
@@ -83,11 +83,7 @@ HTTP_AUTH_DIGEST_VARS=		DSO_EXTMODS+=auth_digest
 
 HTTP_AUTH_KRB5_GH_TUPLE=	stnoonan:spnego-http-auth-nginx-module:7e028a5:auth_krb5
 HTTP_AUTH_KRB5_VARS=		DSO_EXTMODS+=auth_krb5
-#HTTP_AUTH_KRB5_EXTRA_PATCHES=${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config
-#OPTIONS_RADIO+=		GSSAPI
-#OPTIONS_RADIO_GSSAPI+=	GSSAPI_HEIMDAL GSSAPI_MIT
-#GSSAPI_HEIMDAL_USES=	gssapi:heimdal,flags
-#GSSAPI_MIT_USES=	gssapi:mit
+HTTP_AUTH_KRB5_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config
 
 HTTP_AUTH_LDAP_GH_TUPLE=	kvspb:nginx-auth-ldap:42d195d:http_auth_ldap
 HTTP_AUTH_LDAP_VARS=		DSO_EXTMODS+=http_auth_ldap
diff --git a/www/nginx/Makefile.options.desc b/www/nginx/Makefile.options.desc
index 6021e5d6a1a3..4da7484c66ca 100644
--- a/www/nginx/Makefile.options.desc
+++ b/www/nginx/Makefile.options.desc
@@ -20,6 +20,7 @@ FILE_AIO_DESC=			Enable file aio
 FORMINPUT_DESC=			3rd party form_input module
 GOOGLE_PERFTOOLS_DESC=		Enable google perftools module
 GRIDFS_DESC=			3rd party gridfs module
+GSSAPI_DESC=			GSSAPI implementation (imply HTTP_AUTH_KRB5)
 HEADERS_MORE_DESC=		3rd party headers_more module
 HTTPGRP_DESC=			Modules that require HTTP module
 HTTPV2_DESC=			Enable HTTP/2 protocol support (SSL req.)
diff --git a/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config b/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config
index 5f8d7523c16e..37543286589a 100644
--- a/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config
+++ b/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config
@@ -1,9 +1,20 @@
 --- ../spnego-http-auth-nginx-module-0c6ff3f/config.orig	2017-04-15 13:07:01.159506000 -0400
-+++ ../spnego-http-auth-nginx-module-0c6ff3f/config	2017-04-15 13:07:36.283398000 -0400
-@@ -1,5 +1,5 @@
++++ ../spnego-http-auth-nginx-module-7e028a5/config	2018-04-20 00:15:08.515289000 +0200
+@@ -1,9 +1,6 @@
  ngx_addon_name=ngx_http_auth_spnego_module
 -ngx_feature_libs="-lgssapi_krb5 -lkrb5 -lcom_err"
-+ngx_feature_libs="%%GSSAPILIBS%% -lcom_err"
+-
+-if uname -o | grep -q FreeBSD; then
+-    ngx_feature_libs="$ngx_feature_libs -lgssapi"
+-fi
++ngx_feature_libs="%%GSSAPILIBS%%"
++ngx_module_incs="%%GSSAPINCDIR%%"
  
- if uname -o | grep -q FreeBSD; then
-     ngx_feature_libs="$ngx_feature_libs -lgssapi"
+ if test -n "$ngx_module_link"; then
+     ngx_module_type=HTTP
+@@ -16,3 +13,5 @@ else
+     NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_spnego_module.c"
+     CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
+ fi
++
++LDFLAGS="-L%%GSSAPILIBDIR%% $LDFLAGS"