svn commit: r253893 - in vendor/serf/dist: . auth buckets build
Peter Wemm
peter at FreeBSD.org
Fri Aug 2 19:12:13 UTC 2013
Author: peter
Date: Fri Aug 2 19:12:12 2013
New Revision: 253893
URL: http://svnweb.freebsd.org/changeset/base/253893
Log:
Import serf-1.3.0
Added:
vendor/serf/dist/SConstruct
vendor/serf/dist/auth/auth_spnego.c
vendor/serf/dist/auth/auth_spnego.h
vendor/serf/dist/auth/auth_spnego_gss.c
vendor/serf/dist/auth/auth_spnego_sspi.c
vendor/serf/dist/build/check.py (contents, props changed)
vendor/serf/dist/build/serf.pc.in
Deleted:
vendor/serf/dist/Makefile.in
vendor/serf/dist/auth/auth_kerb.c
vendor/serf/dist/auth/auth_kerb.h
vendor/serf/dist/auth/auth_kerb_gss.c
vendor/serf/dist/auth/auth_kerb_sspi.c
vendor/serf/dist/build/apr_common.m4
vendor/serf/dist/build/config.guess
vendor/serf/dist/build/config.sub
vendor/serf/dist/build/find_apr.m4
vendor/serf/dist/build/find_apu.m4
vendor/serf/dist/build/get-version.sh
vendor/serf/dist/build/install.sh
vendor/serf/dist/build/serf.def
vendor/serf/dist/buildconf
vendor/serf/dist/config.layout
vendor/serf/dist/configure
vendor/serf/dist/configure.in
vendor/serf/dist/serf.mak
vendor/serf/dist/serf.pc.in
vendor/serf/dist/serfmake
Modified:
vendor/serf/dist/CHANGES
vendor/serf/dist/README
vendor/serf/dist/auth/auth.c
vendor/serf/dist/auth/auth.h
vendor/serf/dist/auth/auth_basic.c
vendor/serf/dist/auth/auth_digest.c
vendor/serf/dist/buckets/aggregate_buckets.c
vendor/serf/dist/buckets/buckets.c
vendor/serf/dist/buckets/dechunk_buckets.c
vendor/serf/dist/buckets/headers_buckets.c
vendor/serf/dist/buckets/limit_buckets.c
vendor/serf/dist/buckets/request_buckets.c
vendor/serf/dist/buckets/response_buckets.c
vendor/serf/dist/buckets/simple_buckets.c
vendor/serf/dist/buckets/ssl_buckets.c
vendor/serf/dist/build/gen_def.py
vendor/serf/dist/context.c
vendor/serf/dist/incoming.c
vendor/serf/dist/outgoing.c
vendor/serf/dist/serf.h
vendor/serf/dist/serf_bucket_types.h
vendor/serf/dist/serf_bucket_util.h
vendor/serf/dist/serf_private.h
vendor/serf/dist/ssltunnel.c
Modified: vendor/serf/dist/CHANGES
==============================================================================
--- vendor/serf/dist/CHANGES Fri Aug 2 19:10:46 2013 (r253892)
+++ vendor/serf/dist/CHANGES Fri Aug 2 19:12:12 2013 (r253893)
@@ -1,4 +1,20 @@
-Serf 1.2.1 [2013-06-03, from /tags/1.2.1]
+Serf 1.3.0 [2013-07-23, from /tags/1.3.0]
+ Fix issue 83: use PATH rather than URI within an ssltunnel (r1952)
+ Fix issue 108: improved error reporting from the underlying socket (r1951)
+ NEW: Switch to the SCons build system; retire serfmake, serf.mak, autotools
+ Improved Basic and Digest authentication:
+ - remember credentials on a per-server basis
+ - properly manage authentication realms
+ - continue functioning when a server sets KeepAlive: off
+ Windows: add support for NTLM authentication
+ Improved 2617 compliance: always use strongest authentication (r1968,1971)
+ Fixed bugs with proxy authentication and SSL tunneling through a proxy
+ Fixed bugs the response parser (r2032,r2036)
+ SSL connection performance improvements
+ Huge expansion of the test suite
+
+
+Serf 1.2.1 [2013-06-03, from /tags/1.2.1, r1906]
Fix issue 95: add gssapi switches to configure (r1864, r1900)
Fix issue 97: skip mmap bucket if APR_HAS_MMAP is undefined (r1877)
Fix issue 100: building against an old Windows Platform SDK (r1881)
@@ -19,7 +35,7 @@ Serf 1.2.0 [2013-02-22, from /tags/1.2.0
Fixed issue 93: cleanup-after-fork interferes with parent (r1714)
Fixed most of issue 89: Support REAL SPNEGO authentication
Enable Negotiate/Kerberos support for proxy servers.
- Return error when C-L, chunked, gzip encoded response bodies where
+ Return error when C-L, chunked, gzip encoded response bodies were
truncated (due to aborted connection) (r1688)
Add a logging mechanism that can be enabled at compile-time.
Don't lookup server address if a proxy was configured. (r1706)
Modified: vendor/serf/dist/README
==============================================================================
--- vendor/serf/dist/README Fri Aug 2 19:10:46 2013 (r253892)
+++ vendor/serf/dist/README Fri Aug 2 19:12:12 2013 (r253893)
@@ -14,25 +14,67 @@ kept to a minimum to provide high perfor
----
-Quick guide for the impatient
+1. INSTALL
- (Unix)
- % ./configure
- % make
- % make install
+1.1. SCons build system
-----
+serf uses SCons 2.x for its build system. If it is not installed on
+your system, then you can install it onto your system. If you do not
+have permissions, then you can download and install the "local"
+version into your home directory. When installed privately, simply
+create a symlink for 'scons' in your PATH to /path/to/scons/scons.py.
+
+Fetch the scons-local package:
+ http://prdownloads.sourceforge.net/scons/scons-local-2.0.1.tar.gz
+
+
+1.2 Building serf
+
+To build serf:
+
+$ scons APR=/path/to/apr APU=/path/to/apu OPENSSL=/openssl/base PREFIX=/path/to/prefix
+
+The switches are recorded into .saved_config, so they only need to be
+specified the first time scons is run.
+
+PREFIX should specify where serf should be installed. PREFIX defaults to
+/usr/local.
+
+The default for the other three switches (APR, APU, OPENSSL) is /usr.
+
+The build system looks for apr-1-config at $APR/bin/apr-1-config, or
+the path should indicate apr-1-config itself. Similarly for the path
+to apu-1-config.
+
+OPENSSL should specify the root of the install (eg. /opt/local). The
+includes will be found OPENSSL/include and libraries at OPENSSL/lib.
+
+If you wish to use VPATH-style builds (where objects are created in a
+distinct directory from the source), you can use:
+
+$ scons -Y /path/to/serf/source
+
+At any point, the current settings can be examined:
+
+$ scons --help
+
+
+1.3 Running the test suite
+
+$ scons check
+
+
+1.4 Installing serf
-Building serf from a Subversion checkout (non-packaged releases)
+$ scons install
-We suggest that you try out 'serfmake'.
+Note that the PREFIX variable should have been specified in a previous
+invocation of scons (and saved into .saved_config), or it can be
+specified on the install command line:
- % ./serfmake --prefix=/usr/local/serf --with-apr=/usr/local/apr install
+$ scons PREFIX=/some/path install
-If you want to use the autoconf build system and are using a Subversion
-checkout, you need to run buildconf and have APR and APR-util sources handy.
- % ./buildconf --with-apr=/path/to/apr --with-apr-util=/path/to/apr-util
- (By default, buildconf will look in . and ../ for apr and apr-util.)
+1.4 Cleaning up the build
-Then, you can use ./configure, make, etc.
+$ scons -c
Added: vendor/serf/dist/SConstruct
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor/serf/dist/SConstruct Fri Aug 2 19:12:12 2013 (r253893)
@@ -0,0 +1,438 @@
+# -*- python -*-
+#
+# Copyright 2011-2012 Justin Erenkrantz and Greg Stein
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+import sys
+import os
+import re
+
+HEADER_FILES = ['serf.h',
+ 'serf_bucket_types.h',
+ 'serf_bucket_util.h',
+ ]
+
+# where we save the configuration variables
+SAVED_CONFIG = '.saved_config'
+
+# Variable class that does no validation on the input
+def _converter(val):
+ """
+ """
+ if val == 'none':
+ val = []
+ else:
+ val = val.split(',')
+ return val
+
+def RawListVariable(key, help, default):
+ """
+ The input parameters describe a 'raw string list' option. This class
+ accepts a comma separated list and converts it to a space separated
+ list.
+ """
+ return (key, '%s' % (help), default, None, lambda val: _converter(val))
+
+# default directories
+if sys.platform == 'win32':
+ default_libdir='..'
+ default_prefix='Debug'
+else:
+ default_libdir='/usr'
+ default_prefix='/usr/local'
+
+opts = Variables(files=[SAVED_CONFIG])
+opts.AddVariables(
+ PathVariable('PREFIX',
+ 'Directory to install under',
+ default_prefix,
+ PathVariable.PathIsDir),
+ PathVariable('APR',
+ "Path to apr-1-config, or to APR's install area",
+ default_libdir,
+ PathVariable.PathAccept),
+ PathVariable('APU',
+ "Path to apu-1-config, or to APR's install area",
+ default_libdir,
+ PathVariable.PathAccept),
+ PathVariable('OPENSSL',
+ "Path to OpenSSL's install area",
+ default_libdir,
+ PathVariable.PathIsDir),
+ PathVariable('ZLIB',
+ "Path to zlib's install area",
+ default_libdir,
+ PathVariable.PathIsDir),
+ PathVariable('GSSAPI',
+ "Path to GSSAPI's install area",
+ None,
+ None),
+ BoolVariable('DEBUG',
+ "Enable debugging info and strict compile warnings",
+ False),
+ BoolVariable('APR_STATIC',
+ "Enable using a static compiled APR",
+ False),
+ RawListVariable('CC', "Command name or path of the C compiler", None),
+ RawListVariable('CFLAGS', "Extra flags for the C compiler (comma separated)",
+ None),
+ RawListVariable('LIBS', "Extra libraries passed to the linker, "
+ "e.g. -l<library> (comma separated)", None),
+ RawListVariable('LINKFLAGS', "Extra flags for the linker (comma separated)",
+ None),
+ RawListVariable('CPPFLAGS', "Extra flags for the C preprocessor "
+ "(comma separated)", None),
+ )
+
+if sys.platform == 'win32':
+ opts.AddVariables(
+ # By default SCons builds for the host platform on Windows, when using
+ # a supported compiler (E.g. VS2010/VS2012). Allow overriding
+
+ # Note that Scons 1.3 only supports this on Windows and only when
+ # constructing Environment(). Later changes to TARGET_ARCH are ignored
+ EnumVariable('TARGET_ARCH',
+ "Platform to build for (x86|x64|win32|x86_64)",
+ 'x86',
+ allowed_values=('x86', 'x86_64', 'ia64'),
+ map={'X86' : 'x86',
+ 'win32': 'x86',
+ 'Win32': 'x86',
+ 'x64' : 'x86_64',
+ 'X64' : 'x86_64'
+ }),
+
+ EnumVariable('MSVC_VERSION',
+ "Visual C++ to use for building (E.g. 11.0, 9.0)",
+ None,
+ allowed_values=('12.0', '11.0', '10.0', '9.0', '8.0', '6.0')
+ ),
+
+ # We always documented that we handle an install layout, but in fact we
+ # hardcoded source layouts. Allow disabling this behavior.
+ # ### Fix default?
+ BoolVariable('SOURCE_LAYOUT',
+ "Assume a source layout instead of install layout",
+ True),
+ )
+
+env = Environment(variables=opts,
+ tools=('default', 'textfile',),
+ CPPPATH=['.', ],
+ )
+
+env.Append(BUILDERS = {
+ 'GenDef' :
+ Builder(action = sys.executable + ' build/gen_def.py $SOURCES > $TARGET',
+ suffix='.def', src_suffix='.h')
+ })
+
+match = re.search('SERF_MAJOR_VERSION ([0-9]+).*'
+ 'SERF_MINOR_VERSION ([0-9]+).*'
+ 'SERF_PATCH_VERSION ([0-9]+)',
+ env.File('serf.h').get_contents(),
+ re.DOTALL)
+MAJOR, MINOR, PATCH = [int(x) for x in match.groups()]
+env.Append(MAJOR=str(MAJOR))
+
+# Calling external programs is okay if we're not cleaning or printing help.
+# (cleaning: no sense in fetching information; help: we may not know where
+# they are)
+CALLOUT_OKAY = not (env.GetOption('clean') or env.GetOption('help'))
+
+
+# HANDLING OF OPTION VARIABLES
+
+unknown = opts.UnknownVariables()
+if unknown:
+ print 'Unknown variables:', ', '.join(unknown.keys())
+ Exit(1)
+
+apr = str(env['APR'])
+apu = str(env['APU'])
+zlib = str(env['ZLIB'])
+gssapi = env.get('GSSAPI', None)
+
+if gssapi and os.path.isdir(gssapi):
+ krb5_config = os.path.join(gssapi, 'bin', 'krb5-config')
+ if os.path.isfile(krb5_config):
+ gssapi = krb5_config
+ env['GSSAPI'] = krb5_config
+
+debug = env.get('DEBUG', None)
+aprstatic = env.get('APR_STATIC', None)
+
+Help(opts.GenerateHelpText(env))
+opts.Save(SAVED_CONFIG, env)
+
+
+# PLATFORM-SPECIFIC BUILD TWEAKS
+
+thisdir = os.getcwd()
+libdir = '$PREFIX/lib'
+incdir = '$PREFIX/include/serf-$MAJOR'
+
+LIBNAME = 'libserf-${MAJOR}'
+if sys.platform != 'win32':
+ LIBNAMESTATIC = LIBNAME
+else:
+ LIBNAMESTATIC = 'serf-${MAJOR}'
+
+env.Append(RPATH=libdir,
+ PDB='${TARGET.filebase}.pdb')
+
+if sys.platform == 'darwin':
+# linkflags.append('-Wl,-install_name, at executable_path/%s.dylib' % (LIBNAME,))
+ env.Append(LINKFLAGS='-Wl,-install_name,%s/%s.dylib' % (thisdir, LIBNAME,))
+ # 'man ld' says positive non-zero for the first number, so we add one.
+ # Mac's interpretation of compatibility is the same as our MINOR version.
+ env.Append(LINKFLAGS='-Wl,-compatibility_version,%d' % (MINOR+1,))
+ env.Append(LINKFLAGS='-Wl,-current_version,%d.%d' % (MINOR+1, PATCH,))
+
+if sys.platform != 'win32':
+ ### gcc only. figure out appropriate test / better way to check these
+ ### flags, and check for gcc.
+ env.Append(CFLAGS='-std=c89')
+ env.Append(CCFLAGS=[
+ '-Wdeclaration-after-statement',
+ '-Wmissing-prototypes',
+ ])
+
+ ### -Wall is not available on Solaris
+ if sys.platform != 'sunos5':
+ env.Append(CCFLAGS='-Wall')
+
+ if debug:
+ env.Append(CCFLAGS='-g')
+ env.Append(CPPDEFINES=['DEBUG', '_DEBUG'])
+ else:
+ env.Append(CCFLAGS='-O2')
+ env.Append(CPPDEFINES='NDEBUG')
+
+ ### works for Mac OS. probably needs to change
+ env.Append(LIBS=['ssl', 'crypto', 'z', ])
+
+ if sys.platform == 'sunos5':
+ env.Append(LIBS='m')
+else:
+ # Warning level 4, no unused argument warnings
+ env.Append(CCFLAGS=['/W4', '/wd4100'])
+
+ # Choose runtime and optimization
+ if debug:
+ # Disable optimizations for debugging, use debug DLL runtime
+ env.Append(CCFLAGS=['/Od', '/MDd'])
+ env.Append(CPPDEFINES=['DEBUG', '_DEBUG'])
+ else:
+ # Optimize for speed, use DLL runtime
+ env.Append(CCFLAGS=['/O2', '/MD'])
+ env.Append(CPPDEFINES='NDEBUG')
+
+# PLAN THE BUILD
+SHARED_SOURCES = []
+if sys.platform == 'win32':
+ env.GenDef(['serf.h','serf_bucket_types.h', 'serf_bucket_util.h'])
+ SHARED_SOURCES.append(['serf.def'])
+
+SOURCES = Glob('*.c') + Glob('buckets/*.c') + Glob('auth/*.c')
+
+lib_static = env.StaticLibrary(LIBNAMESTATIC, SOURCES)
+lib_shared = env.SharedLibrary(LIBNAME, SOURCES + SHARED_SOURCES)
+
+if aprstatic:
+ env.Append(CPPDEFINES=['APR_DECLARE_STATIC', 'APU_DECLARE_STATIC'])
+
+if sys.platform == 'win32':
+ env.Append(LIBS=['user32.lib', 'advapi32.lib', 'gdi32.lib', 'ws2_32.lib',
+ 'crypt32.lib', 'mswsock.lib', 'rpcrt4.lib', 'secur32.lib'])
+
+ # Get apr/apu information into our build
+ env.Append(CPPDEFINES=['WIN32','WIN32_LEAN_AND_MEAN','NOUSER',
+ 'NOGDI', 'NONLS','NOCRYPT'])
+
+ if env.get('TARGET_ARCH', None) == 'x86_64':
+ env.Append(CPPDEFINES=['WIN64'])
+
+ if aprstatic:
+ apr_libs='apr-1.lib'
+ apu_libs='aprutil-1.lib'
+ else:
+ apr_libs='libapr-1.lib'
+ apu_libs='libaprutil-1.lib'
+
+ env.Append(LIBS=[apr_libs, apu_libs])
+ if not env.get('SOURCE_LAYOUT', None):
+ env.Append(LIBPATH=['$APR/lib', '$APU/lib'],
+ CPPPATH=['$APR/include/apr-1', '$APU/include/apr-1'])
+ elif aprstatic:
+ env.Append(LIBPATH=['$APR/LibR','$APU/LibR'],
+ CPPPATH=['$APR/include', '$APU/include'])
+ else:
+ env.Append(LIBPATH=['$APR/Release','$APU/Release'],
+ CPPPATH=['$APR/include', '$APU/include'])
+
+ # zlib
+ env.Append(LIBS='zlib.lib')
+ if not env.get('SOURCE_LAYOUT', None):
+ env.Append(CPPPATH='$ZLIB/include',
+ LIBPATH='$ZLIB/lib')
+ else:
+ env.Append(CPPPATH='$ZLIB',
+ LIBPATH='$ZLIB')
+
+ # openssl
+ env.Append(LIBS=['libeay32.lib', 'ssleay32.lib'])
+ if not env.get('SOURCE_LAYOUT', None):
+ env.Append(CPPPATH='$OPENSSL/include/openssl',
+ LIBPATH='$OPENSSL/lib')
+ elif 0: # opensslstatic:
+ env.Append(CPPPATH='$OPENSSL/inc32',
+ LIBPATH='$OPENSSL/out32')
+ else:
+ env.Append(CPPPATH='$OPENSSL/inc32',
+ LIBPATH='$OPENSSL/out32dll')
+else:
+ if os.path.isdir(apr):
+ apr = os.path.join(apr, 'bin', 'apr-1-config')
+ env['APR'] = apr
+ if os.path.isdir(apu):
+ apu = os.path.join(apu, 'bin', 'apu-1-config')
+ env['APU'] = apu
+
+ ### we should use --cc, but that is giving some scons error about an implict
+ ### dependency upon gcc. probably ParseConfig doesn't know what to do with
+ ### the apr-1-config output
+ if CALLOUT_OKAY:
+ env.ParseConfig('$APR --cflags --cppflags --ldflags --includes'
+ ' --link-ld --libs')
+ env.ParseConfig('$APU --ldflags --includes --link-ld --libs')
+
+ ### there is probably a better way to run/capture output.
+ ### env.ParseConfig() may be handy for getting this stuff into the build
+ if CALLOUT_OKAY:
+ apr_libs = os.popen(env.subst('$APR --link-libtool --libs')).read().strip()
+ apu_libs = os.popen(env.subst('$APU --link-libtool --libs')).read().strip()
+ else:
+ apr_libs = ''
+ apu_libs = ''
+
+ env.Append(CPPPATH='$OPENSSL/include')
+ env.Append(LIBPATH='$OPENSSL/lib')
+
+
+# If build with gssapi, get its information and define SERF_HAVE_GSSAPI
+if gssapi and CALLOUT_OKAY:
+ env.ParseConfig('$GSSAPI --libs gssapi')
+ env.Append(CPPDEFINES='SERF_HAVE_GSSAPI')
+if sys.platform == 'win32':
+ env.Append(CPPDEFINES=['SERF_HAVE_SSPI'])
+
+# On Solaris, the -R values that APR describes never make it into actual
+# RPATH flags. We'll manually map all directories in LIBPATH into new
+# flags to set RPATH values.
+if sys.platform == 'sunos5':
+ for d in env['LIBPATH']:
+ env.Append(RPATH=d)
+
+# Set up the construction of serf-*.pc
+# TODO: add gssapi libs
+pkgconfig = env.Textfile('serf-%d.pc' % (MAJOR,),
+ env.File('build/serf.pc.in'),
+ SUBST_DICT = {
+ '@MAJOR@': str(MAJOR),
+ '@PREFIX@': '$PREFIX',
+ '@INCLUDE_SUBDIR@': 'serf-%d' % (MAJOR,),
+ '@VERSION@': '%d.%d.%d' % (MAJOR, MINOR, PATCH),
+ '@LIBS@': '%s %s -lz' % (apu_libs, apr_libs),
+ })
+
+env.Default(lib_static, lib_shared, pkgconfig)
+
+if CALLOUT_OKAY:
+ conf = Configure(env)
+
+ ### some configuration stuffs
+
+ env = conf.Finish()
+
+
+# INSTALLATION STUFF
+
+install_static = env.Install(libdir, lib_static)
+install_shared = env.Install(libdir, lib_shared)
+
+if sys.platform == 'darwin':
+ install_shared_path = install_shared[0].abspath
+ env.AddPostAction(install_shared, ('install_name_tool -id %s %s'
+ % (install_shared_path,
+ install_shared_path)))
+ ### construct shared lib symlinks. this also means install the lib
+ ### as libserf-2.1.0.0.dylib, then add the symlinks.
+ ### note: see InstallAs
+
+env.Alias('install-lib', [install_static, install_shared,
+ ])
+env.Alias('install-inc', env.Install(incdir, HEADER_FILES))
+env.Alias('install-pc', env.Install(os.path.join(libdir, 'pkgconfig'),
+ pkgconfig))
+env.Alias('install', ['install-lib', 'install-inc', 'install-pc', ])
+
+
+# TESTS
+### make move to a separate scons file in the test/ subdir?
+
+tenv = env.Clone()
+
+TEST_PROGRAMS = [ 'serf_get', 'serf_response', 'serf_request', 'serf_spider',
+ 'test_all', 'serf_bwtp' ]
+if sys.platform == 'win32':
+ TEST_EXES = [ os.path.join('test', '%s.exe' % (prog)) for prog in TEST_PROGRAMS ]
+else:
+ TEST_EXES = [ os.path.join('test', '%s' % (prog)) for prog in TEST_PROGRAMS ]
+
+env.AlwaysBuild(env.Alias('check', TEST_EXES, sys.executable + ' build/check.py',
+ ENV={'PATH' : os.environ['PATH']}))
+
+# Find the (dynamic) library in this directory
+tenv.Replace(RPATH=thisdir)
+tenv.Prepend(LIBS=[LIBNAMESTATIC, ],
+ LIBPATH=[thisdir, ])
+
+testall_files = [
+ 'test/test_all.c',
+ 'test/CuTest.c',
+ 'test/test_util.c',
+ 'test/test_context.c',
+ 'test/test_buckets.c',
+ 'test/test_auth.c',
+ 'test/mock_buckets.c',
+ 'test/test_ssl.c',
+ 'test/server/test_server.c',
+ 'test/server/test_sslserver.c',
+ ]
+
+for proggie in TEST_EXES:
+ if 'test_all' in proggie:
+ tenv.Program(proggie, testall_files )
+ else:
+ tenv.Program(target = proggie, source = [proggie.replace('.exe','') + '.c'])
+
+
+# HANDLE CLEANING
+
+if env.GetOption('clean'):
+ # When we're cleaning, we want the dependency tree to include "everything"
+ # that could be built. Thus, include all of the tests.
+ env.Default('check')
Modified: vendor/serf/dist/auth/auth.c
==============================================================================
--- vendor/serf/dist/auth/auth.c Fri Aug 2 19:10:46 2013 (r253892)
+++ vendor/serf/dist/auth/auth.c Fri Aug 2 19:12:12 2013 (r253893)
@@ -20,6 +20,7 @@
#include <apr.h>
#include <apr_base64.h>
#include <apr_strings.h>
+#include <apr_lib.h>
static apr_status_t
default_auth_response_handler(peer_t peer,
@@ -32,30 +33,42 @@ default_auth_response_handler(peer_t pee
return APR_SUCCESS;
}
+/* These authentication schemes are in order of decreasing security, the topmost
+ scheme will be used first when the server supports it.
+
+ Each set of handlers should support both server (401) and proxy (407)
+ authentication.
+
+ Use lower case for the scheme names to enable case insensitive matching.
+ */
static const serf__authn_scheme_t serf_authn_schemes[] = {
+#ifdef SERF_HAVE_SPNEGO
{
- 401,
- "Basic",
- SERF_AUTHN_BASIC,
- serf__init_basic,
- serf__init_basic_connection,
- serf__handle_basic_auth,
- serf__setup_request_basic_auth,
- default_auth_response_handler,
+ "Negotiate",
+ "negotiate",
+ SERF_AUTHN_NEGOTIATE,
+ serf__init_spnego,
+ serf__init_spnego_connection,
+ serf__handle_spnego_auth,
+ serf__setup_request_spnego_auth,
+ serf__validate_response_spnego_auth,
},
+#ifdef WIN32
{
- 407,
- "Basic",
- SERF_AUTHN_BASIC,
- serf__init_basic,
- serf__init_basic_connection,
- serf__handle_basic_auth,
- serf__setup_request_basic_auth,
- default_auth_response_handler,
+ "NTLM",
+ "ntlm",
+ SERF_AUTHN_NTLM,
+ serf__init_spnego,
+ serf__init_spnego_connection,
+ serf__handle_spnego_auth,
+ serf__setup_request_spnego_auth,
+ serf__validate_response_spnego_auth,
},
+#endif /* #ifdef WIN32 */
+#endif /* SERF_HAVE_SPNEGO */
{
- 401,
"Digest",
+ "digest",
SERF_AUTHN_DIGEST,
serf__init_digest,
serf__init_digest_connection,
@@ -64,37 +77,15 @@ static const serf__authn_scheme_t serf_a
serf__validate_response_digest_auth,
},
{
- 407,
- "Digest",
- SERF_AUTHN_DIGEST,
- serf__init_digest,
- serf__init_digest_connection,
- serf__handle_digest_auth,
- serf__setup_request_digest_auth,
- serf__validate_response_digest_auth,
- },
-#ifdef SERF_HAVE_KERB
- {
- 401,
- "Negotiate",
- SERF_AUTHN_NEGOTIATE,
- serf__init_kerb,
- serf__init_kerb_connection,
- serf__handle_kerb_auth,
- serf__setup_request_kerb_auth,
- serf__validate_response_kerb_auth,
- },
- {
- 407,
- "Negotiate",
- SERF_AUTHN_NEGOTIATE,
- serf__init_kerb,
- serf__init_kerb_connection,
- serf__handle_kerb_auth,
- serf__setup_request_kerb_auth,
- serf__validate_response_kerb_auth,
+ "Basic",
+ "basic",
+ SERF_AUTHN_BASIC,
+ serf__init_basic,
+ serf__init_basic_connection,
+ serf__handle_basic_auth,
+ serf__setup_request_basic_auth,
+ default_auth_response_handler,
},
-#endif
/* ADD NEW AUTHENTICATION IMPLEMENTATIONS HERE (as they're written) */
/* sentinel */
@@ -102,21 +93,6 @@ static const serf__authn_scheme_t serf_a
};
-/**
- * Baton passed to the response header callback function
- */
-typedef struct {
- int code;
- apr_status_t status;
- const char *header;
- serf_request_t *request;
- serf_bucket_t *response;
- void *baton;
- apr_pool_t *pool;
- const serf__authn_scheme_t *scheme;
- const char *last_scheme_name;
-} auth_baton_t;
-
/* Reads and discards all bytes in the response body. */
static apr_status_t discard_body(serf_bucket_t *response)
{
@@ -142,99 +118,128 @@ static apr_status_t discard_body(serf_bu
*
* Returns a non-0 value of a matching handler was found.
*/
-static int handle_auth_header(void *baton,
- const char *key,
- const char *header)
+static int handle_auth_headers(int code,
+ void *baton,
+ apr_hash_t *hdrs,
+ serf_request_t *request,
+ serf_bucket_t *response,
+ apr_pool_t *pool)
{
- auth_baton_t *ab = baton;
- int scheme_found = FALSE;
- const char *auth_name;
- const char *auth_attr;
- const serf__authn_scheme_t *scheme = NULL;
- serf_connection_t *conn = ab->request->conn;
+ const serf__authn_scheme_t *scheme;
+ serf_connection_t *conn = request->conn;
serf_context_t *ctx = conn->ctx;
+ apr_status_t status;
- /* We're only interested in xxxx-Authenticate headers. */
- if (strcmp(key, ab->header) != 0)
- return 0;
-
- /* Extract the authentication scheme name, and prepare for reading
- the attributes. */
- auth_attr = strchr(header, ' ');
- if (auth_attr) {
- auth_name = apr_pstrmemdup(ab->pool, header, auth_attr - header);
- ++auth_attr;
- }
- else
- auth_name = header;
-
- ab->last_scheme_name = auth_name;
+ status = SERF_ERROR_AUTHN_NOT_SUPPORTED;
/* Find the matching authentication handler.
Note that we don't reuse the auth scheme stored in the context,
as that may have changed. (ex. fallback from ntlm to basic.) */
- for (scheme = serf_authn_schemes; scheme->code != 0; ++scheme) {
- if (! (ab->code == scheme->code &&
- ctx->authn_types & scheme->type))
+ for (scheme = serf_authn_schemes; scheme->name != 0; ++scheme) {
+ const char *auth_hdr;
+ serf__auth_handler_func_t handler;
+ serf__authn_info_t *authn_info;
+
+ if (! (ctx->authn_types & scheme->type))
continue;
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"Client supports: %s\n", scheme->name);
- if (strcmp(auth_name, scheme->name) == 0) {
- serf__auth_handler_func_t handler = scheme->handle_func;
- apr_status_t status = 0;
-
- serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
- "... matched: %s\n", scheme->name);
- /* If this is the first time we use this scheme on this connection,
- make sure to initialize the authentication handler first. */
- if (ab->code == 401 && ctx->authn_info.scheme != scheme) {
- status = scheme->init_ctx_func(ab->code, ctx, ctx->pool);
- if (!status) {
- status = scheme->init_conn_func(ab->code, conn, conn->pool);
-
- if (!status)
- ctx->authn_info.scheme = scheme;
- else
- ctx->authn_info.scheme = NULL;
- }
- }
- else if (ab->code == 407 && ctx->proxy_authn_info.scheme != scheme) {
- status = scheme->init_ctx_func(ab->code, ctx, ctx->pool);
- if (!status) {
- status = scheme->init_conn_func(ab->code, conn, conn->pool);
-
- if (!status)
- ctx->proxy_authn_info.scheme = scheme;
- else
- ctx->proxy_authn_info.scheme = NULL;
- }
- }
+ auth_hdr = apr_hash_get(hdrs, scheme->key, APR_HASH_KEY_STRING);
+
+ if (!auth_hdr)
+ continue;
+
+ /* Found a matching scheme */
+ status = APR_SUCCESS;
+
+ handler = scheme->handle_func;
+
+ serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
+ "... matched: %s\n", scheme->name);
+
+ if (code == 401) {
+ authn_info = serf__get_authn_info_for_server(conn);
+ } else {
+ authn_info = &ctx->proxy_authn_info;
+ }
+ /* If this is the first time we use this scheme on this context and/or
+ this connection, make sure to initialize the authentication handler
+ first. */
+ if (authn_info->scheme != scheme) {
+ status = scheme->init_ctx_func(code, ctx, ctx->pool);
if (!status) {
- scheme_found = TRUE;
- ab->scheme = scheme;
- status = handler(ab->code, ab->request, ab->response,
- header, auth_attr, ab->baton, ctx->pool);
+ status = scheme->init_conn_func(scheme, code, conn,
+ conn->pool);
+ if (!status)
+ authn_info->scheme = scheme;
+ else
+ authn_info->scheme = NULL;
}
+ }
- /* If the authentication fails, cache the error for now. Try the
- next available scheme. If there's none raise the error. */
- if (status) {
- scheme_found = FALSE;
- scheme = NULL;
+ if (!status) {
+ const char *auth_attr = strchr(auth_hdr, ' ');
+ if (auth_attr) {
+ auth_attr++;
}
- /* Let the caller now if the authentication setup was succesful
- or not. */
- ab->status = status;
- break;
+ status = handler(code, request, response,
+ auth_hdr, auth_attr, baton, ctx->pool);
}
+
+ if (status == APR_SUCCESS)
+ break;
+
+ /* No success authenticating with this scheme, try the next.
+ If no more authn schemes are found the status of this scheme will be
+ returned.
+ */
+ serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
+ "%s authentication failed.\n", scheme->name);
}
- /* If a matching scheme handler was found, we can stop iterating
- over the response headers - so return a non-0 value. */
- return scheme_found;
+ return status;
+}
+
+/**
+ * Baton passed to the store_header_in_dict callback function
+ */
+typedef struct {
+ const char *header;
+ apr_pool_t *pool;
+ apr_hash_t *hdrs;
+} auth_baton_t;
+
+static int store_header_in_dict(void *baton,
+ const char *key,
+ const char *header)
+{
+ auth_baton_t *ab = baton;
+ const char *auth_attr;
+ char *auth_name, *c;
+
+ /* We're only interested in xxxx-Authenticate headers. */
+ if (strcmp(key, ab->header) != 0)
+ return 0;
+
+ /* Extract the authentication scheme name. */
+ auth_attr = strchr(header, ' ');
+ if (auth_attr) {
+ auth_name = apr_pstrmemdup(ab->pool, header, auth_attr - header);
+ }
+ else
+ auth_name = apr_pstrmemdup(ab->pool, header, strlen(header));
+
+ /* Convert scheme name to lower case to enable case insensitive matching. */
+ for (c = auth_name; *c != '\0'; c++)
+ *c = (char)apr_tolower(*c);
+
+ apr_hash_set(ab->hdrs, auth_name, APR_HASH_KEY_STRING,
+ apr_pstrdup(ab->pool, header));
+
+ return 0;
}
/* Dispatch authentication handling. This function matches the possible
@@ -252,11 +257,7 @@ static apr_status_t dispatch_auth(int co
auth_baton_t ab = { 0 };
const char *auth_hdr;
- ab.code = code;
- ab.status = APR_SUCCESS;
- ab.request = request;
- ab.response = response;
- ab.baton = baton;
+ ab.hdrs = apr_hash_make(pool);
ab.pool = pool;
/* Before iterating over all authn headers, check if there are any. */
@@ -275,8 +276,8 @@ static apr_status_t dispatch_auth(int co
"%s authz required. Response header(s): %s\n",
code == 401 ? "Server" : "Proxy", auth_hdr);
- /* Iterate over all headers. Try to find a matching authentication scheme
- handler.
+
+ /* Store all WWW- or Proxy-Authenticate headers in a dictionary.
Note: it is possible to have multiple Authentication: headers. We do
not want to combine them (per normal header combination rules) as that
@@ -285,15 +286,13 @@ static apr_status_t dispatch_auth(int co
work with.
*/
serf_bucket_headers_do(hdrs,
- handle_auth_header,
+ store_header_in_dict,
&ab);
- if (ab.status != APR_SUCCESS)
- return ab.status;
- if (!ab.scheme || ab.scheme->name == NULL) {
- /* No matching authentication found. */
- return SERF_ERROR_AUTHN_NOT_SUPPORTED;
- }
+ /* Iterate over all authentication schemes, in order of decreasing
+ security. Try to find a authentication schema the server support. */
+ return handle_auth_headers(code, baton, ab.hdrs,
+ request, response, pool);
}
return APR_SUCCESS;
@@ -356,28 +355,41 @@ apr_status_t serf__handle_auth_response(
/* Requeue the request with the necessary auth headers. */
/* ### Application doesn't know about this request! */
- serf_connection_priority_request_create(request->conn,
- request->setup,
- request->setup_baton);
+ if (request->ssltunnel) {
+ serf__ssltunnel_request_create(request->conn,
+ request->setup,
+ request->setup_baton);
+ } else {
+ serf_connection_priority_request_create(request->conn,
+ request->setup,
+ request->setup_baton);
+ }
return APR_EOF;
} else {
- /* Validate the response authn headers if needed. */
serf__validate_response_func_t validate_resp;
serf_connection_t *conn = request->conn;
serf_context_t *ctx = conn->ctx;
+ serf__authn_info_t *authn_info;
apr_status_t resp_status = APR_SUCCESS;
-
- if (ctx->authn_info.scheme) {
- validate_resp = ctx->authn_info.scheme->validate_response_func;
+
+
+ /* Validate the response server authn headers. */
+ authn_info = serf__get_authn_info_for_server(conn);
+ if (authn_info->scheme) {
+ validate_resp = authn_info->scheme->validate_response_func;
resp_status = validate_resp(HOST, sl.code, conn, request, response,
pool);
}
- if (!resp_status && ctx->proxy_authn_info.scheme) {
- validate_resp = ctx->proxy_authn_info.scheme->validate_response_func;
+
+ /* Validate the response proxy authn headers. */
+ authn_info = &ctx->proxy_authn_info;
+ if (!resp_status && authn_info->scheme) {
+ validate_resp = authn_info->scheme->validate_response_func;
resp_status = validate_resp(PROXY, sl.code, conn, request, response,
pool);
}
+
if (resp_status) {
/* If there was an error in the final step of the authentication,
consider the reponse body as invalid and discard it. */
@@ -419,3 +431,42 @@ void serf__encode_auth_header(const char
apr_base64_encode(ptr, data, data_len);
}
+
+const char *serf__construct_realm(peer_t peer,
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list