Index: head/www/nginx/Makefile =================================================================== --- head/www/nginx/Makefile +++ head/www/nginx/Makefile @@ -71,7 +71,7 @@ HTTP_REWRITE HTTP_SECURE_LINK HTTP_SLICE HTTP_SSL HTTP_STATUS HTTP_SUB \ HTTP_XSLT HTTPV2 STREAM STREAM_SSL STREAM_SSL_PREREAD # External modules (arrayvar MUST appear after devel_kit for build-dep) -OPTIONS_GROUP_HTTPGRP+= AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \ +OPTIONS_GROUP_HTTPGRP+= AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \ ARRAYVAR DRIZZLE DYNAMIC_UPSTREAM ECHO ENCRYPTSESSION FASTDFS FORMINPUT \ GRIDFS HEADERS_MORE HTTP_ACCEPT_LANGUAGE HTTP_AUTH_DIGEST HTTP_AUTH_KRB5 \ HTTP_AUTH_LDAP HTTP_AUTH_PAM HTTP_DAV_EXT HTTP_EVAL HTTP_FANCYINDEX \ @@ -84,12 +84,19 @@ SET_MISC SFLOW SHIBBOLETH SLOWFS_CACHE SMALL_LIGHT SRCACHE XSS OPTIONS_GROUP_MAILGRP= MAIL MAIL_IMAP MAIL_POP3 MAIL_SMTP MAIL_SSL OPTIONS_DEFINE= DEBUG DEBUGLOG DSO FILE_AIO IPV6 THREADS WWW -OPTIONS_DEFAULT?=DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \ +OPTIONS_DEFAULT?= DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \ HTTP_DAV HTTP_FLV HTTP_GZIP_STATIC HTTP_GUNZIP_FILTER \ HTTP_MP4 HTTP_RANDOM_INDEX HTTP_REALIP HTTP_SECURE_LINK \ HTTP_SLICE HTTP_REWRITE HTTP_SSL HTTP_STATUS HTTP_SUB \ HTTPV2 MAIL MAIL_SSL STREAM STREAM_SSL STREAM_SSL_PREREAD \ THREADS WWW + +OPTIONS_RADIO+= GSSAPI +OPTIONS_RADIO_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +GSSAPI_BASE_USES= gssapi +GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags +GSSAPI_MIT_USES= gssapi:mit + OPTIONS_SUB= yes .include "Makefile.options.desc" @@ -101,6 +108,10 @@ .for opt in ${OPTIONS_GROUP_HTTPGRP:NHTTP} WWW ${opt}_IMPLIES= HTTP .endfor + +GSSAPI_BASE_IMPLIES= HTTP_AUTH_KRB5 +GSSAPI_HEIMDAL_IMPLIES= HTTP_AUTH_KRB5 +GSSAPI_MIT_IMPLIES= HTTP_AUTH_KRB5 # If the target is makesum, make sure that every distfile is fetched. .if ${.TARGETS:Mmakesum} Index: head/www/nginx/Makefile.extmod =================================================================== --- head/www/nginx/Makefile.extmod +++ head/www/nginx/Makefile.extmod @@ -83,11 +83,7 @@ HTTP_AUTH_KRB5_GH_TUPLE= stnoonan:spnego-http-auth-nginx-module:7e028a5:auth_krb5 HTTP_AUTH_KRB5_VARS= DSO_EXTMODS+=auth_krb5 -#HTTP_AUTH_KRB5_EXTRA_PATCHES=${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config -#OPTIONS_RADIO+= GSSAPI -#OPTIONS_RADIO_GSSAPI+= GSSAPI_HEIMDAL GSSAPI_MIT -#GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags -#GSSAPI_MIT_USES= gssapi:mit +HTTP_AUTH_KRB5_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config HTTP_AUTH_LDAP_GH_TUPLE= kvspb:nginx-auth-ldap:42d195d:http_auth_ldap HTTP_AUTH_LDAP_VARS= DSO_EXTMODS+=http_auth_ldap Index: head/www/nginx/Makefile.options.desc =================================================================== --- head/www/nginx/Makefile.options.desc +++ head/www/nginx/Makefile.options.desc @@ -20,6 +20,7 @@ FORMINPUT_DESC= 3rd party form_input module GOOGLE_PERFTOOLS_DESC= Enable google perftools module GRIDFS_DESC= 3rd party gridfs module +GSSAPI_DESC= GSSAPI implementation (imply HTTP_AUTH_KRB5) HEADERS_MORE_DESC= 3rd party headers_more module HTTPGRP_DESC= Modules that require HTTP module HTTPV2_DESC= Enable HTTP/2 protocol support (SSL req.) Index: head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config =================================================================== --- head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config +++ head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config @@ -1,9 +1,20 @@ --- ../spnego-http-auth-nginx-module-0c6ff3f/config.orig 2017-04-15 13:07:01.159506000 -0400 -+++ ../spnego-http-auth-nginx-module-0c6ff3f/config 2017-04-15 13:07:36.283398000 -0400 -@@ -1,5 +1,5 @@ ++++ ../spnego-http-auth-nginx-module-7e028a5/config 2018-04-20 00:15:08.515289000 +0200 +@@ -1,9 +1,6 @@ ngx_addon_name=ngx_http_auth_spnego_module -ngx_feature_libs="-lgssapi_krb5 -lkrb5 -lcom_err" -+ngx_feature_libs="%%GSSAPILIBS%% -lcom_err" +- +-if uname -o | grep -q FreeBSD; then +- ngx_feature_libs="$ngx_feature_libs -lgssapi" +-fi ++ngx_feature_libs="%%GSSAPILIBS%%" ++ngx_module_incs="%%GSSAPINCDIR%%" - if uname -o | grep -q FreeBSD; then - ngx_feature_libs="$ngx_feature_libs -lgssapi" + if test -n "$ngx_module_link"; then + ngx_module_type=HTTP +@@ -16,3 +13,5 @@ else + NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_spnego_module.c" + CORE_LIBS="$CORE_LIBS $ngx_feature_libs" + fi ++ ++LDFLAGS="-L%%GSSAPILIBDIR%% $LDFLAGS"