Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 2 Aug 2013 19:21:47 +0000 (UTC)
From:      Peter Wemm <peter@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r253895 - in head: contrib/serf contrib/serf/auth contrib/serf/buckets contrib/serf/build usr.bin/svn/lib/libserf
Message-ID:  <201308021921.r72JLlLp072113@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: peter
Date: Fri Aug  2 19:21:46 2013
New Revision: 253895
URL: http://svnweb.freebsd.org/changeset/base/253895

Log:
  Update serf 1.2.1 -> 1.3.0 for svn

Added:
  head/contrib/serf/SConstruct
     - copied unchanged from r253894, vendor/serf/dist/SConstruct
  head/contrib/serf/auth/auth_spnego.c
     - copied unchanged from r253894, vendor/serf/dist/auth/auth_spnego.c
  head/contrib/serf/auth/auth_spnego.h
     - copied unchanged from r253894, vendor/serf/dist/auth/auth_spnego.h
  head/contrib/serf/auth/auth_spnego_gss.c
     - copied unchanged from r253894, vendor/serf/dist/auth/auth_spnego_gss.c
  head/contrib/serf/auth/auth_spnego_sspi.c
     - copied unchanged from r253894, vendor/serf/dist/auth/auth_spnego_sspi.c
  head/contrib/serf/build/check.py
     - copied unchanged from r253894, vendor/serf/dist/build/check.py
  head/contrib/serf/build/serf.pc.in
     - copied unchanged from r253894, vendor/serf/dist/build/serf.pc.in
Deleted:
  head/contrib/serf/Makefile.in
  head/contrib/serf/auth/auth_kerb.c
  head/contrib/serf/auth/auth_kerb.h
  head/contrib/serf/auth/auth_kerb_gss.c
  head/contrib/serf/auth/auth_kerb_sspi.c
  head/contrib/serf/build/apr_common.m4
  head/contrib/serf/build/config.guess
  head/contrib/serf/build/config.sub
  head/contrib/serf/build/find_apr.m4
  head/contrib/serf/build/find_apu.m4
  head/contrib/serf/build/get-version.sh
  head/contrib/serf/build/install.sh
  head/contrib/serf/build/serf.def
  head/contrib/serf/buildconf
  head/contrib/serf/config.layout
  head/contrib/serf/configure
  head/contrib/serf/configure.in
  head/contrib/serf/serf.mak
  head/contrib/serf/serf.pc.in
  head/contrib/serf/serfmake
Modified:
  head/contrib/serf/CHANGES
  head/contrib/serf/README
  head/contrib/serf/auth/auth.c
  head/contrib/serf/auth/auth.h
  head/contrib/serf/auth/auth_basic.c
  head/contrib/serf/auth/auth_digest.c
  head/contrib/serf/buckets/aggregate_buckets.c
  head/contrib/serf/buckets/buckets.c
  head/contrib/serf/buckets/dechunk_buckets.c
  head/contrib/serf/buckets/headers_buckets.c
  head/contrib/serf/buckets/limit_buckets.c
  head/contrib/serf/buckets/request_buckets.c
  head/contrib/serf/buckets/response_buckets.c
  head/contrib/serf/buckets/simple_buckets.c
  head/contrib/serf/buckets/ssl_buckets.c
  head/contrib/serf/build/gen_def.py
  head/contrib/serf/context.c
  head/contrib/serf/incoming.c
  head/contrib/serf/outgoing.c
  head/contrib/serf/serf.h
  head/contrib/serf/serf_bucket_types.h
  head/contrib/serf/serf_bucket_util.h
  head/contrib/serf/serf_private.h
  head/contrib/serf/ssltunnel.c
  head/usr.bin/svn/lib/libserf/Makefile
Directory Properties:
  head/contrib/serf/   (props changed)

Modified: head/contrib/serf/CHANGES
==============================================================================
--- head/contrib/serf/CHANGES	Fri Aug  2 19:14:25 2013	(r253894)
+++ head/contrib/serf/CHANGES	Fri Aug  2 19:21:46 2013	(r253895)
@@ -1,4 +1,20 @@
-Serf 1.2.1 [2013-06-03, from /tags/1.2.1]
+Serf 1.3.0 [2013-07-23, from /tags/1.3.0]
+  Fix issue 83: use PATH rather than URI within an ssltunnel (r1952)
+  Fix issue 108: improved error reporting from the underlying socket (r1951)
+  NEW: Switch to the SCons build system; retire serfmake, serf.mak, autotools
+  Improved Basic and Digest authentication:
+    - remember credentials on a per-server basis
+    - properly manage authentication realms
+    - continue functioning when a server sets KeepAlive: off
+  Windows: add support for NTLM authentication
+  Improved 2617 compliance: always use strongest authentication (r1968,1971)
+  Fixed bugs with proxy authentication and SSL tunneling through a proxy
+  Fixed bugs the response parser (r2032,r2036)
+  SSL connection performance improvements
+  Huge expansion of the test suite
+
+
+Serf 1.2.1 [2013-06-03, from /tags/1.2.1, r1906]
   Fix issue 95: add gssapi switches to configure (r1864, r1900)
   Fix issue 97: skip mmap bucket if APR_HAS_MMAP is undefined (r1877)
   Fix issue 100: building against an old Windows Platform SDK (r1881)
@@ -19,7 +35,7 @@ Serf 1.2.0 [2013-02-22, from /tags/1.2.0
   Fixed issue 93: cleanup-after-fork interferes with parent (r1714)
   Fixed most of issue 89: Support REAL SPNEGO authentication
   Enable Negotiate/Kerberos support for proxy servers.
-  Return error when C-L, chunked, gzip encoded response bodies where
+  Return error when C-L, chunked, gzip encoded response bodies were
     truncated (due to aborted connection) (r1688)
   Add a logging mechanism that can be enabled at compile-time.
   Don't lookup server address if a proxy was configured. (r1706)

Modified: head/contrib/serf/README
==============================================================================
--- head/contrib/serf/README	Fri Aug  2 19:14:25 2013	(r253894)
+++ head/contrib/serf/README	Fri Aug  2 19:21:46 2013	(r253895)
@@ -14,25 +14,67 @@ kept to a minimum to provide high perfor
 
 ----
 
-Quick guide for the impatient
+1. INSTALL
 
-  (Unix)
-  % ./configure
-  % make
-  % make install
+1.1. SCons build system
 
-----
+serf uses SCons 2.x for its build system. If it is not installed on
+your system, then you can install it onto your system. If you do not
+have permissions, then you can download and install the "local"
+version into your home directory. When installed privately, simply
+create a symlink for 'scons' in your PATH to /path/to/scons/scons.py.
+
+Fetch the scons-local package:
+  http://prdownloads.sourceforge.net/scons/scons-local-2.0.1.tar.gz
+
+
+1.2 Building serf
+
+To build serf:
+
+$ scons APR=/path/to/apr APU=/path/to/apu OPENSSL=/openssl/base PREFIX=/path/to/prefix
+
+The switches are recorded into .saved_config, so they only need to be
+specified the first time scons is run.
+
+PREFIX should specify where serf should be installed.  PREFIX defaults to
+/usr/local.
+
+The default for the other three switches (APR, APU, OPENSSL) is /usr.
+
+The build system looks for apr-1-config at $APR/bin/apr-1-config, or
+the path should indicate apr-1-config itself. Similarly for the path
+to apu-1-config.
+
+OPENSSL should specify the root of the install (eg. /opt/local). The
+includes will be found OPENSSL/include and libraries at OPENSSL/lib.
+
+If you wish to use VPATH-style builds (where objects are created in a
+distinct directory from the source), you can use:
+
+$ scons -Y /path/to/serf/source
+
+At any point, the current settings can be examined:
+
+$ scons --help
+
+
+1.3 Running the test suite
+
+$ scons check
+
+
+1.4 Installing serf
 
-Building serf from a Subversion checkout (non-packaged releases)
+$ scons install
 
-We suggest that you try out 'serfmake'.
+Note that the PREFIX variable should have been specified in a previous
+invocation of scons (and saved into .saved_config), or it can be
+specified on the install command line:
 
- % ./serfmake --prefix=/usr/local/serf --with-apr=/usr/local/apr install
+$ scons PREFIX=/some/path install
 
-If you want to use the autoconf build system and are using a Subversion
-checkout, you need to run buildconf and have APR and APR-util sources handy.
 
- % ./buildconf --with-apr=/path/to/apr --with-apr-util=/path/to/apr-util
- (By default, buildconf will look in . and ../ for apr and apr-util.)
+1.4 Cleaning up the build
 
-Then, you can use ./configure, make, etc.
+$ scons -c

Copied: head/contrib/serf/SConstruct (from r253894, vendor/serf/dist/SConstruct)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/contrib/serf/SConstruct	Fri Aug  2 19:21:46 2013	(r253895, copy of r253894, vendor/serf/dist/SConstruct)
@@ -0,0 +1,438 @@
+# -*- python -*-
+#
+# Copyright 2011-2012 Justin Erenkrantz and Greg Stein
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+import sys
+import os
+import re
+
+HEADER_FILES = ['serf.h',
+                'serf_bucket_types.h',
+                'serf_bucket_util.h',
+                ]
+
+# where we save the configuration variables
+SAVED_CONFIG = '.saved_config'
+
+# Variable class that does no validation on the input
+def _converter(val):
+    """
+    """
+    if val == 'none':
+      val = []
+    else:
+      val = val.split(',')
+    return val
+
+def RawListVariable(key, help, default):
+    """
+    The input parameters describe a 'raw string list' option. This class
+    accepts a comma separated list and converts it to a space separated
+    list.
+    """
+    return (key, '%s' % (help), default, None, lambda val: _converter(val))
+
+# default directories
+if sys.platform == 'win32':
+  default_libdir='..'
+  default_prefix='Debug'
+else:
+  default_libdir='/usr'
+  default_prefix='/usr/local'
+
+opts = Variables(files=[SAVED_CONFIG])
+opts.AddVariables(
+  PathVariable('PREFIX',
+               'Directory to install under',
+               default_prefix,
+               PathVariable.PathIsDir),
+  PathVariable('APR',
+               "Path to apr-1-config, or to APR's install area",
+               default_libdir,
+               PathVariable.PathAccept),
+  PathVariable('APU',
+               "Path to apu-1-config, or to APR's install area",
+               default_libdir,
+               PathVariable.PathAccept),
+  PathVariable('OPENSSL',
+               "Path to OpenSSL's install area",
+               default_libdir,
+               PathVariable.PathIsDir),
+  PathVariable('ZLIB',
+               "Path to zlib's install area",
+               default_libdir,
+               PathVariable.PathIsDir),
+  PathVariable('GSSAPI',
+               "Path to GSSAPI's install area",
+               None,
+               None),
+  BoolVariable('DEBUG',
+               "Enable debugging info and strict compile warnings",
+               False),
+  BoolVariable('APR_STATIC',
+               "Enable using a static compiled APR",
+               False),
+  RawListVariable('CC', "Command name or path of the C compiler", None),
+  RawListVariable('CFLAGS', "Extra flags for the C compiler (comma separated)",
+                  None),
+  RawListVariable('LIBS', "Extra libraries passed to the linker, "
+                  "e.g. -l<library> (comma separated)", None),
+  RawListVariable('LINKFLAGS', "Extra flags for the linker (comma separated)",
+                  None),
+  RawListVariable('CPPFLAGS', "Extra flags for the C preprocessor "
+                  "(comma separated)", None), 
+  )
+
+if sys.platform == 'win32':
+  opts.AddVariables(
+    # By default SCons builds for the host platform on Windows, when using
+    # a supported compiler (E.g. VS2010/VS2012). Allow overriding
+
+    # Note that Scons 1.3 only supports this on Windows and only when
+    # constructing Environment(). Later changes to TARGET_ARCH are ignored
+    EnumVariable('TARGET_ARCH',
+                 "Platform to build for (x86|x64|win32|x86_64)",
+                 'x86',
+                 allowed_values=('x86', 'x86_64', 'ia64'),
+                 map={'X86'  : 'x86',
+                      'win32': 'x86',
+                      'Win32': 'x86',
+                      'x64'  : 'x86_64',
+                      'X64'  : 'x86_64'
+                     }),
+
+    EnumVariable('MSVC_VERSION',
+                 "Visual C++ to use for building (E.g. 11.0, 9.0)",
+                 None,
+                 allowed_values=('12.0', '11.0', '10.0', '9.0', '8.0', '6.0')
+                ),
+
+    # We always documented that we handle an install layout, but in fact we
+    # hardcoded source layouts. Allow disabling this behavior.
+    # ### Fix default?
+    BoolVariable('SOURCE_LAYOUT',
+                 "Assume a source layout instead of install layout",
+                 True),
+    )
+
+env = Environment(variables=opts,
+                  tools=('default', 'textfile',),
+                  CPPPATH=['.', ],
+                  )
+
+env.Append(BUILDERS = {
+    'GenDef' : 
+      Builder(action = sys.executable + ' build/gen_def.py $SOURCES > $TARGET',
+              suffix='.def', src_suffix='.h')
+  })
+
+match = re.search('SERF_MAJOR_VERSION ([0-9]+).*'
+                  'SERF_MINOR_VERSION ([0-9]+).*'
+                  'SERF_PATCH_VERSION ([0-9]+)',
+                  env.File('serf.h').get_contents(),
+                  re.DOTALL)
+MAJOR, MINOR, PATCH = [int(x) for x in match.groups()]
+env.Append(MAJOR=str(MAJOR))
+
+# Calling external programs is okay if we're not cleaning or printing help.
+# (cleaning: no sense in fetching information; help: we may not know where
+# they are)
+CALLOUT_OKAY = not (env.GetOption('clean') or env.GetOption('help'))
+
+
+# HANDLING OF OPTION VARIABLES
+
+unknown = opts.UnknownVariables()
+if unknown:
+  print 'Unknown variables:', ', '.join(unknown.keys())
+  Exit(1)
+
+apr = str(env['APR'])
+apu = str(env['APU'])
+zlib = str(env['ZLIB'])
+gssapi = env.get('GSSAPI', None)
+
+if gssapi and os.path.isdir(gssapi):
+  krb5_config = os.path.join(gssapi, 'bin', 'krb5-config')
+  if os.path.isfile(krb5_config):
+    gssapi = krb5_config
+    env['GSSAPI'] = krb5_config
+
+debug = env.get('DEBUG', None)
+aprstatic = env.get('APR_STATIC', None)
+
+Help(opts.GenerateHelpText(env))
+opts.Save(SAVED_CONFIG, env)
+
+
+# PLATFORM-SPECIFIC BUILD TWEAKS
+
+thisdir = os.getcwd()
+libdir = '$PREFIX/lib'
+incdir = '$PREFIX/include/serf-$MAJOR'
+
+LIBNAME = 'libserf-${MAJOR}'
+if sys.platform != 'win32':
+  LIBNAMESTATIC = LIBNAME
+else:
+  LIBNAMESTATIC = 'serf-${MAJOR}'
+
+env.Append(RPATH=libdir,
+           PDB='${TARGET.filebase}.pdb')
+
+if sys.platform == 'darwin':
+#  linkflags.append('-Wl,-install_name,@executable_path/%s.dylib' % (LIBNAME,))
+  env.Append(LINKFLAGS='-Wl,-install_name,%s/%s.dylib' % (thisdir, LIBNAME,))
+  # 'man ld' says positive non-zero for the first number, so we add one.
+  # Mac's interpretation of compatibility is the same as our MINOR version.
+  env.Append(LINKFLAGS='-Wl,-compatibility_version,%d' % (MINOR+1,))
+  env.Append(LINKFLAGS='-Wl,-current_version,%d.%d' % (MINOR+1, PATCH,))
+
+if sys.platform != 'win32':
+  ### gcc only. figure out appropriate test / better way to check these
+  ### flags, and check for gcc.
+  env.Append(CFLAGS='-std=c89')
+  env.Append(CCFLAGS=[
+               '-Wdeclaration-after-statement',
+               '-Wmissing-prototypes',
+             ])
+
+  ### -Wall is not available on Solaris
+  if sys.platform != 'sunos5': 
+    env.Append(CCFLAGS='-Wall')
+
+  if debug:
+    env.Append(CCFLAGS='-g')
+    env.Append(CPPDEFINES=['DEBUG', '_DEBUG'])
+  else:
+    env.Append(CCFLAGS='-O2')
+    env.Append(CPPDEFINES='NDEBUG')
+
+  ### works for Mac OS. probably needs to change
+  env.Append(LIBS=['ssl', 'crypto', 'z', ])
+
+  if sys.platform == 'sunos5':
+    env.Append(LIBS='m')
+else:
+  # Warning level 4, no unused argument warnings
+  env.Append(CCFLAGS=['/W4', '/wd4100'])
+
+  # Choose runtime and optimization
+  if debug:
+    # Disable optimizations for debugging, use debug DLL runtime
+    env.Append(CCFLAGS=['/Od', '/MDd'])
+    env.Append(CPPDEFINES=['DEBUG', '_DEBUG'])
+  else:
+    # Optimize for speed, use DLL runtime
+    env.Append(CCFLAGS=['/O2', '/MD'])
+    env.Append(CPPDEFINES='NDEBUG')
+
+# PLAN THE BUILD
+SHARED_SOURCES = []
+if sys.platform == 'win32':
+  env.GenDef(['serf.h','serf_bucket_types.h', 'serf_bucket_util.h'])
+  SHARED_SOURCES.append(['serf.def'])
+
+SOURCES = Glob('*.c') + Glob('buckets/*.c') + Glob('auth/*.c')
+
+lib_static = env.StaticLibrary(LIBNAMESTATIC, SOURCES)
+lib_shared = env.SharedLibrary(LIBNAME, SOURCES + SHARED_SOURCES)
+
+if aprstatic:
+  env.Append(CPPDEFINES=['APR_DECLARE_STATIC', 'APU_DECLARE_STATIC'])
+
+if sys.platform == 'win32':
+  env.Append(LIBS=['user32.lib', 'advapi32.lib', 'gdi32.lib', 'ws2_32.lib',
+                   'crypt32.lib', 'mswsock.lib', 'rpcrt4.lib', 'secur32.lib'])
+
+  # Get apr/apu information into our build
+  env.Append(CPPDEFINES=['WIN32','WIN32_LEAN_AND_MEAN','NOUSER',
+                         'NOGDI', 'NONLS','NOCRYPT'])
+
+  if env.get('TARGET_ARCH', None) == 'x86_64':
+    env.Append(CPPDEFINES=['WIN64'])
+
+  if aprstatic:
+    apr_libs='apr-1.lib'
+    apu_libs='aprutil-1.lib'
+  else:
+    apr_libs='libapr-1.lib'
+    apu_libs='libaprutil-1.lib'
+
+  env.Append(LIBS=[apr_libs, apu_libs])
+  if not env.get('SOURCE_LAYOUT', None):
+    env.Append(LIBPATH=['$APR/lib', '$APU/lib'],
+               CPPPATH=['$APR/include/apr-1', '$APU/include/apr-1'])
+  elif aprstatic:
+    env.Append(LIBPATH=['$APR/LibR','$APU/LibR'],
+               CPPPATH=['$APR/include', '$APU/include'])
+  else:
+    env.Append(LIBPATH=['$APR/Release','$APU/Release'],
+               CPPPATH=['$APR/include', '$APU/include'])
+
+  # zlib
+  env.Append(LIBS='zlib.lib')
+  if not env.get('SOURCE_LAYOUT', None):
+    env.Append(CPPPATH='$ZLIB/include',
+               LIBPATH='$ZLIB/lib')
+  else:
+    env.Append(CPPPATH='$ZLIB',
+               LIBPATH='$ZLIB')
+
+  # openssl
+  env.Append(LIBS=['libeay32.lib', 'ssleay32.lib'])
+  if not env.get('SOURCE_LAYOUT', None):
+    env.Append(CPPPATH='$OPENSSL/include/openssl',
+               LIBPATH='$OPENSSL/lib')
+  elif 0: # opensslstatic:
+    env.Append(CPPPATH='$OPENSSL/inc32',
+               LIBPATH='$OPENSSL/out32')
+  else:
+    env.Append(CPPPATH='$OPENSSL/inc32',
+               LIBPATH='$OPENSSL/out32dll')
+else:
+  if os.path.isdir(apr):
+    apr = os.path.join(apr, 'bin', 'apr-1-config')
+    env['APR'] = apr
+  if os.path.isdir(apu):
+    apu = os.path.join(apu, 'bin', 'apu-1-config')
+    env['APU'] = apu
+
+  ### we should use --cc, but that is giving some scons error about an implict
+  ### dependency upon gcc. probably ParseConfig doesn't know what to do with
+  ### the apr-1-config output
+  if CALLOUT_OKAY:
+    env.ParseConfig('$APR --cflags --cppflags --ldflags --includes'
+                    ' --link-ld --libs')
+    env.ParseConfig('$APU --ldflags --includes --link-ld --libs')
+
+  ### there is probably a better way to run/capture output.
+  ### env.ParseConfig() may be handy for getting this stuff into the build
+  if CALLOUT_OKAY:
+    apr_libs = os.popen(env.subst('$APR --link-libtool --libs')).read().strip()
+    apu_libs = os.popen(env.subst('$APU --link-libtool --libs')).read().strip()
+  else:
+    apr_libs = ''
+    apu_libs = ''
+
+  env.Append(CPPPATH='$OPENSSL/include')
+  env.Append(LIBPATH='$OPENSSL/lib')
+
+
+# If build with gssapi, get its information and define SERF_HAVE_GSSAPI
+if gssapi and CALLOUT_OKAY:
+    env.ParseConfig('$GSSAPI --libs gssapi')
+    env.Append(CPPDEFINES='SERF_HAVE_GSSAPI')
+if sys.platform == 'win32':
+  env.Append(CPPDEFINES=['SERF_HAVE_SSPI'])
+
+# On Solaris, the -R values that APR describes never make it into actual
+# RPATH flags. We'll manually map all directories in LIBPATH into new
+# flags to set RPATH values.
+if sys.platform == 'sunos5':
+  for d in env['LIBPATH']:
+    env.Append(RPATH=d)
+
+# Set up the construction of serf-*.pc
+# TODO: add gssapi libs
+pkgconfig = env.Textfile('serf-%d.pc' % (MAJOR,),
+                         env.File('build/serf.pc.in'),
+                         SUBST_DICT = {
+                           '@MAJOR@': str(MAJOR),
+                           '@PREFIX@': '$PREFIX',
+                           '@INCLUDE_SUBDIR@': 'serf-%d' % (MAJOR,),
+                           '@VERSION@': '%d.%d.%d' % (MAJOR, MINOR, PATCH),
+                           '@LIBS@': '%s %s -lz' % (apu_libs, apr_libs),
+                           })
+
+env.Default(lib_static, lib_shared, pkgconfig)
+
+if CALLOUT_OKAY:
+  conf = Configure(env)
+
+  ### some configuration stuffs
+
+  env = conf.Finish()
+
+
+# INSTALLATION STUFF
+
+install_static = env.Install(libdir, lib_static)
+install_shared = env.Install(libdir, lib_shared)
+
+if sys.platform == 'darwin':
+  install_shared_path = install_shared[0].abspath
+  env.AddPostAction(install_shared, ('install_name_tool -id %s %s'
+                                     % (install_shared_path,
+                                        install_shared_path)))
+  ### construct shared lib symlinks. this also means install the lib
+  ### as libserf-2.1.0.0.dylib, then add the symlinks.
+  ### note: see InstallAs
+
+env.Alias('install-lib', [install_static, install_shared,
+                          ])
+env.Alias('install-inc', env.Install(incdir, HEADER_FILES))
+env.Alias('install-pc', env.Install(os.path.join(libdir, 'pkgconfig'),
+                                    pkgconfig))
+env.Alias('install', ['install-lib', 'install-inc', 'install-pc', ])
+
+
+# TESTS
+### make move to a separate scons file in the test/ subdir?
+
+tenv = env.Clone()
+
+TEST_PROGRAMS = [ 'serf_get', 'serf_response', 'serf_request', 'serf_spider',
+                  'test_all', 'serf_bwtp' ]
+if sys.platform == 'win32':
+  TEST_EXES = [ os.path.join('test', '%s.exe' % (prog)) for prog in TEST_PROGRAMS ]
+else:
+  TEST_EXES = [ os.path.join('test', '%s' % (prog)) for prog in TEST_PROGRAMS ]
+
+env.AlwaysBuild(env.Alias('check', TEST_EXES, sys.executable + ' build/check.py',
+                          ENV={'PATH' : os.environ['PATH']}))
+
+# Find the (dynamic) library in this directory
+tenv.Replace(RPATH=thisdir)
+tenv.Prepend(LIBS=[LIBNAMESTATIC, ],
+             LIBPATH=[thisdir, ])
+
+testall_files = [
+        'test/test_all.c',
+        'test/CuTest.c',
+        'test/test_util.c',
+        'test/test_context.c',
+        'test/test_buckets.c',
+        'test/test_auth.c',
+        'test/mock_buckets.c',
+        'test/test_ssl.c',
+        'test/server/test_server.c',
+        'test/server/test_sslserver.c',
+        ]
+
+for proggie in TEST_EXES:
+  if 'test_all' in proggie:
+    tenv.Program(proggie, testall_files )
+  else:
+    tenv.Program(target = proggie, source = [proggie.replace('.exe','') + '.c'])
+
+
+# HANDLE CLEANING
+
+if env.GetOption('clean'):
+  # When we're cleaning, we want the dependency tree to include "everything"
+  # that could be built. Thus, include all of the tests.
+  env.Default('check')

Modified: head/contrib/serf/auth/auth.c
==============================================================================
--- head/contrib/serf/auth/auth.c	Fri Aug  2 19:14:25 2013	(r253894)
+++ head/contrib/serf/auth/auth.c	Fri Aug  2 19:21:46 2013	(r253895)
@@ -20,6 +20,7 @@
 #include <apr.h>
 #include <apr_base64.h>
 #include <apr_strings.h>
+#include <apr_lib.h>
 
 static apr_status_t
 default_auth_response_handler(peer_t peer,
@@ -32,30 +33,42 @@ default_auth_response_handler(peer_t pee
     return APR_SUCCESS;
 }
 
+/* These authentication schemes are in order of decreasing security, the topmost
+   scheme will be used first when the server supports it.
+ 
+   Each set of handlers should support both server (401) and proxy (407)
+   authentication.
+ 
+   Use lower case for the scheme names to enable case insensitive matching.
+ */
 static const serf__authn_scheme_t serf_authn_schemes[] = {
+#ifdef SERF_HAVE_SPNEGO
     {
-        401,
-        "Basic",
-        SERF_AUTHN_BASIC,
-        serf__init_basic,
-        serf__init_basic_connection,
-        serf__handle_basic_auth,
-        serf__setup_request_basic_auth,
-        default_auth_response_handler,
+        "Negotiate",
+        "negotiate",
+        SERF_AUTHN_NEGOTIATE,
+        serf__init_spnego,
+        serf__init_spnego_connection,
+        serf__handle_spnego_auth,
+        serf__setup_request_spnego_auth,
+        serf__validate_response_spnego_auth,
     },
+#ifdef WIN32
     {
-          407,
-          "Basic",
-          SERF_AUTHN_BASIC,
-          serf__init_basic,
-          serf__init_basic_connection,
-          serf__handle_basic_auth,
-          serf__setup_request_basic_auth,
-          default_auth_response_handler,
+        "NTLM",
+        "ntlm",
+        SERF_AUTHN_NTLM,
+        serf__init_spnego,
+        serf__init_spnego_connection,
+        serf__handle_spnego_auth,
+        serf__setup_request_spnego_auth,
+        serf__validate_response_spnego_auth,
     },
+#endif /* #ifdef WIN32 */
+#endif /* SERF_HAVE_SPNEGO */
     {
-        401,
         "Digest",
+        "digest",
         SERF_AUTHN_DIGEST,
         serf__init_digest,
         serf__init_digest_connection,
@@ -64,37 +77,15 @@ static const serf__authn_scheme_t serf_a
         serf__validate_response_digest_auth,
     },
     {
-        407,
-        "Digest",
-        SERF_AUTHN_DIGEST,
-        serf__init_digest,
-        serf__init_digest_connection,
-        serf__handle_digest_auth,
-        serf__setup_request_digest_auth,
-        serf__validate_response_digest_auth,
-    },
-#ifdef SERF_HAVE_KERB
-    {
-        401,
-        "Negotiate",
-        SERF_AUTHN_NEGOTIATE,
-        serf__init_kerb,
-        serf__init_kerb_connection,
-        serf__handle_kerb_auth,
-        serf__setup_request_kerb_auth,
-        serf__validate_response_kerb_auth,
-    },
-    {
-        407,
-        "Negotiate",
-        SERF_AUTHN_NEGOTIATE,
-        serf__init_kerb,
-        serf__init_kerb_connection,
-        serf__handle_kerb_auth,
-        serf__setup_request_kerb_auth,
-        serf__validate_response_kerb_auth,
+        "Basic",
+        "basic",
+        SERF_AUTHN_BASIC,
+        serf__init_basic,
+        serf__init_basic_connection,
+        serf__handle_basic_auth,
+        serf__setup_request_basic_auth,
+        default_auth_response_handler,
     },
-#endif
     /* ADD NEW AUTHENTICATION IMPLEMENTATIONS HERE (as they're written) */
 
     /* sentinel */
@@ -102,21 +93,6 @@ static const serf__authn_scheme_t serf_a
 };
 
 
-/**
- * Baton passed to the response header callback function
- */
-typedef struct {
-    int code;
-    apr_status_t status;
-    const char *header;
-    serf_request_t *request;
-    serf_bucket_t *response;
-    void *baton;
-    apr_pool_t *pool;
-    const serf__authn_scheme_t *scheme;
-    const char *last_scheme_name;
-} auth_baton_t;
-
 /* Reads and discards all bytes in the response body. */
 static apr_status_t discard_body(serf_bucket_t *response)
 {
@@ -142,99 +118,128 @@ static apr_status_t discard_body(serf_bu
  *
  * Returns a non-0 value of a matching handler was found.
  */
-static int handle_auth_header(void *baton,
-                              const char *key,
-                              const char *header)
+static int handle_auth_headers(int code,
+                               void *baton,
+                               apr_hash_t *hdrs,
+                               serf_request_t *request,
+                               serf_bucket_t *response,
+                               apr_pool_t *pool)
 {
-    auth_baton_t *ab = baton;
-    int scheme_found = FALSE;
-    const char *auth_name;
-    const char *auth_attr;
-    const serf__authn_scheme_t *scheme = NULL;
-    serf_connection_t *conn = ab->request->conn;
+    const serf__authn_scheme_t *scheme;
+    serf_connection_t *conn = request->conn;
     serf_context_t *ctx = conn->ctx;
+    apr_status_t status;
 
-    /* We're only interested in xxxx-Authenticate headers. */
-    if (strcmp(key, ab->header) != 0)
-        return 0;
-
-    /* Extract the authentication scheme name, and prepare for reading
-       the attributes.  */
-    auth_attr = strchr(header, ' ');
-    if (auth_attr) {
-        auth_name = apr_pstrmemdup(ab->pool, header, auth_attr - header);
-        ++auth_attr;
-    }
-    else
-        auth_name = header;
-
-    ab->last_scheme_name = auth_name;
+    status = SERF_ERROR_AUTHN_NOT_SUPPORTED;
 
     /* Find the matching authentication handler.
        Note that we don't reuse the auth scheme stored in the context,
        as that may have changed. (ex. fallback from ntlm to basic.) */
-    for (scheme = serf_authn_schemes; scheme->code != 0; ++scheme) {
-        if (! (ab->code == scheme->code &&
-               ctx->authn_types & scheme->type))
+    for (scheme = serf_authn_schemes; scheme->name != 0; ++scheme) {
+        const char *auth_hdr;
+        serf__auth_handler_func_t handler;
+        serf__authn_info_t *authn_info;
+
+        if (! (ctx->authn_types & scheme->type))
             continue;
 
         serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
                       "Client supports: %s\n", scheme->name);
-        if (strcmp(auth_name, scheme->name) == 0) {
-            serf__auth_handler_func_t handler = scheme->handle_func;
-            apr_status_t status = 0;
-
-            serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
-                          "... matched: %s\n", scheme->name);
-            /* If this is the first time we use this scheme on this connection,
-               make sure to initialize the authentication handler first. */
-            if (ab->code == 401 && ctx->authn_info.scheme != scheme) {
-                status = scheme->init_ctx_func(ab->code, ctx, ctx->pool);
-                if (!status) {
-                    status = scheme->init_conn_func(ab->code, conn, conn->pool);
-
-                    if (!status)
-                        ctx->authn_info.scheme = scheme;
-                    else
-                        ctx->authn_info.scheme = NULL;
-                }
-            }
-            else if (ab->code == 407 && ctx->proxy_authn_info.scheme != scheme) {
-                status = scheme->init_ctx_func(ab->code, ctx, ctx->pool);
-                if (!status) {
-                    status = scheme->init_conn_func(ab->code, conn, conn->pool);
-
-                    if (!status)
-                        ctx->proxy_authn_info.scheme = scheme;
-                    else
-                        ctx->proxy_authn_info.scheme = NULL;
-                }
-            }
 
+        auth_hdr = apr_hash_get(hdrs, scheme->key, APR_HASH_KEY_STRING);
+
+        if (!auth_hdr)
+            continue;
+
+        /* Found a matching scheme */
+        status = APR_SUCCESS;
+
+        handler = scheme->handle_func;
+
+        serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
+                      "... matched: %s\n", scheme->name);
+
+        if (code == 401) {
+            authn_info = serf__get_authn_info_for_server(conn);
+        } else {
+            authn_info = &ctx->proxy_authn_info;
+        }
+        /* If this is the first time we use this scheme on this context and/or
+           this connection, make sure to initialize the authentication handler 
+           first. */
+        if (authn_info->scheme != scheme) {
+            status = scheme->init_ctx_func(code, ctx, ctx->pool);
             if (!status) {
-                scheme_found = TRUE;
-                ab->scheme = scheme;
-                status = handler(ab->code, ab->request, ab->response,
-                                 header, auth_attr, ab->baton, ctx->pool);
+                status = scheme->init_conn_func(scheme, code, conn,
+                                                conn->pool);
+                if (!status)
+                    authn_info->scheme = scheme;
+                else
+                    authn_info->scheme = NULL;
             }
+        }
 
-            /* If the authentication fails, cache the error for now. Try the
-               next available scheme. If there's none raise the error. */
-            if (status) {
-                scheme_found = FALSE;
-                scheme = NULL;
+        if (!status) {
+            const char *auth_attr = strchr(auth_hdr, ' ');
+            if (auth_attr) {
+                auth_attr++;
             }
-            /* Let the caller now if the authentication setup was succesful
-               or not. */
-            ab->status = status;
 
-            break;
+            status = handler(code, request, response,
+                             auth_hdr, auth_attr, baton, ctx->pool);
         }
+
+        if (status == APR_SUCCESS)
+            break;
+
+        /* No success authenticating with this scheme, try the next.
+           If no more authn schemes are found the status of this scheme will be
+           returned.
+        */
+        serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
+                      "%s authentication failed.\n", scheme->name);
     }
 
-    /* If a matching scheme handler was found, we can stop iterating
-       over the response headers - so return a non-0 value. */
-    return scheme_found;
+    return status;
+}
+
+/**
+ * Baton passed to the store_header_in_dict callback function
+ */
+typedef struct {
+    const char *header;
+    apr_pool_t *pool;
+    apr_hash_t *hdrs;
+} auth_baton_t;
+
+static int store_header_in_dict(void *baton,
+                                const char *key,
+                                const char *header)
+{
+    auth_baton_t *ab = baton;
+    const char *auth_attr;
+    char *auth_name, *c;
+
+    /* We're only interested in xxxx-Authenticate headers. */
+    if (strcmp(key, ab->header) != 0)
+        return 0;
+
+    /* Extract the authentication scheme name.  */
+    auth_attr = strchr(header, ' ');
+    if (auth_attr) {
+        auth_name = apr_pstrmemdup(ab->pool, header, auth_attr - header);
+    }
+    else
+        auth_name = apr_pstrmemdup(ab->pool, header, strlen(header));
+
+    /* Convert scheme name to lower case to enable case insensitive matching. */
+    for (c = auth_name; *c != '\0'; c++)
+        *c = (char)apr_tolower(*c);
+
+    apr_hash_set(ab->hdrs, auth_name, APR_HASH_KEY_STRING,
+                 apr_pstrdup(ab->pool, header));
+
+    return 0;
 }
 
 /* Dispatch authentication handling. This function matches the possible
@@ -252,11 +257,7 @@ static apr_status_t dispatch_auth(int co
         auth_baton_t ab = { 0 };
         const char *auth_hdr;
 
-        ab.code = code;
-        ab.status = APR_SUCCESS;
-        ab.request = request;
-        ab.response = response;
-        ab.baton = baton;
+        ab.hdrs = apr_hash_make(pool);
         ab.pool = pool;
 
         /* Before iterating over all authn headers, check if there are any. */
@@ -275,8 +276,8 @@ static apr_status_t dispatch_auth(int co
                       "%s authz required. Response header(s): %s\n",
                       code == 401 ? "Server" : "Proxy", auth_hdr);
 
-        /* Iterate over all headers. Try to find a matching authentication scheme
-           handler.
+
+        /* Store all WWW- or Proxy-Authenticate headers in a dictionary.
 
            Note: it is possible to have multiple Authentication: headers. We do
            not want to combine them (per normal header combination rules) as that
@@ -285,15 +286,13 @@ static apr_status_t dispatch_auth(int co
            work with.
         */
         serf_bucket_headers_do(hdrs,
-                               handle_auth_header,
+                               store_header_in_dict,
                                &ab);
-        if (ab.status != APR_SUCCESS)
-            return ab.status;
 
-        if (!ab.scheme || ab.scheme->name == NULL) {
-            /* No matching authentication found. */
-            return SERF_ERROR_AUTHN_NOT_SUPPORTED;
-        }
+        /* Iterate over all authentication schemes, in order of decreasing
+           security. Try to find a authentication schema the server support. */
+        return handle_auth_headers(code, baton, ab.hdrs,
+                                   request, response, pool);
     }
 
     return APR_SUCCESS;
@@ -356,28 +355,41 @@ apr_status_t serf__handle_auth_response(
 
         /* Requeue the request with the necessary auth headers. */
         /* ### Application doesn't know about this request! */
-        serf_connection_priority_request_create(request->conn,
-                                                request->setup,
-                                                request->setup_baton);
+        if (request->ssltunnel) {
+            serf__ssltunnel_request_create(request->conn,
+                                           request->setup,
+                                           request->setup_baton);
+        } else {
+            serf_connection_priority_request_create(request->conn,
+                                                    request->setup,
+                                                    request->setup_baton);
+        }
 
         return APR_EOF;
     } else {
-        /* Validate the response authn headers if needed. */
         serf__validate_response_func_t validate_resp;
         serf_connection_t *conn = request->conn;
         serf_context_t *ctx = conn->ctx;
+        serf__authn_info_t *authn_info;
         apr_status_t resp_status = APR_SUCCESS;
-        
-        if (ctx->authn_info.scheme) {
-            validate_resp = ctx->authn_info.scheme->validate_response_func;
+
+
+        /* Validate the response server authn headers. */
+        authn_info = serf__get_authn_info_for_server(conn);
+        if (authn_info->scheme) {
+            validate_resp = authn_info->scheme->validate_response_func;
             resp_status = validate_resp(HOST, sl.code, conn, request, response,
                                         pool);
         }
-        if (!resp_status && ctx->proxy_authn_info.scheme) {
-            validate_resp = ctx->proxy_authn_info.scheme->validate_response_func;
+
+        /* Validate the response proxy authn headers. */
+        authn_info = &ctx->proxy_authn_info;
+        if (!resp_status && authn_info->scheme) {
+            validate_resp = authn_info->scheme->validate_response_func;
             resp_status = validate_resp(PROXY, sl.code, conn, request, response,
                                         pool);
         }
+
         if (resp_status) {
             /* If there was an error in the final step of the authentication,
                consider the reponse body as invalid and discard it. */
@@ -419,3 +431,42 @@ void serf__encode_auth_header(const char
 
     apr_base64_encode(ptr, data, data_len);
 }
+
+const char *serf__construct_realm(peer_t peer,

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308021921.r72JLlLp072113>