Use GSS.framework on Mac OS X

On Mac OS X, Apple wants us to use the GSS.framework to compile against GSSAPI, instead of <gssapi/gssapi.h>. With this change we can choose headers to link against at compile time, without changing our source and header files.
pythongssapi · Jan 28, 2015 · d3b83e8 · d3b83e8 · c4milo · Dec 28, 2017
1 parent 416d20c
commit d3b83e8
Show file tree

Hide file tree

Showing 19 changed files with 59 additions and 39 deletions.
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -2,3 +2,4 @@ include *.txt
 recursive-include docs *.txt
 recursive-include gssapi *.pxd
 recursive-include gssapi *.c
+recursive-include gssapi *.h
diff --git a/gssapi/raw/creds.pyx b/gssapi/raw/creds.pyx
@@ -13,7 +13,7 @@ from gssapi.raw.named_tuples import AcquireCredResult, AddCredResult
 from gssapi.raw.named_tuples import InquireCredResult, InquireCredByMechResult
 
 
-cdef extern from "gssapi.h":
+cdef extern from "python_gssapi.h":
     OM_uint32 gss_acquire_cred(OM_uint32 *min_stat,
                                const gss_name_t name,
                                OM_uint32 ttl,

diff --git a/gssapi/raw/cython_types.pxd b/gssapi/raw/cython_types.pxd
@@ -1,7 +1,7 @@
 from libc.stdint cimport uint32_t
 
 
-cdef extern from "gssapi.h":
+cdef extern from "python_gssapi.h":
     # basic types
     ctypedef uint32_t OM_uint32
 

diff --git a/gssapi/raw/exceptions.pyx b/gssapi/raw/exceptions.pyx
@@ -5,7 +5,7 @@ from gssapi.raw.misc import GSSError
 """Specific exceptions for GSSAPI errors"""
 
 
-cdef extern from "gssapi.h":
+cdef extern from "python_gssapi.h":
     # calling errors
     OM_uint32 GSS_S_CALL_INACCESSIBLE_READ
     OM_uint32 GSS_S_CALL_INACCESSIBLE_WRITE

diff --git a/gssapi/raw/ext_cred_imp_exp.pyx b/gssapi/raw/ext_cred_imp_exp.pyx
@@ -12,7 +12,7 @@ from gssapi.raw.misc import GSSError
 from gssapi.raw.named_tuples import AcquireCredResult, AddCredResult
 
 
-cdef extern from "gssapi/gssapi_ext.h":
+cdef extern from "python_gssapi_ext.h":
     OM_uint32 gss_export_cred(OM_uint32 *min_stat, gss_cred_id_t cred_handle,
                               gss_buffer_t token) nogil
 

diff --git a/gssapi/raw/ext_cred_store.pyx b/gssapi/raw/ext_cred_store.pyx
@@ -18,7 +18,7 @@ from gssapi.raw.named_tuples import StoreCredResult
 from gssapi.raw.misc import GSSError
 
 
-cdef extern from "gssapi/gssapi_ext.h":
+cdef extern from "python_gssapi_ext.h":
     ctypedef struct gss_key_value_element_desc:
         const char *key
         const char *value

diff --git a/gssapi/raw/ext_password.pyx b/gssapi/raw/ext_password.pyx
@@ -15,7 +15,7 @@ from gssapi.raw.names cimport Name
 from gssapi.raw.misc import GSSError
 from gssapi.raw.named_tuples import AcquireCredResult
 
-cdef extern from "gssapi/gssapi_ext.h":
+cdef extern from "python_gssapi_ext.h":
     OM_uint32 gss_acquire_cred_with_password(OM_uint32 *min_stat,
                                              const gss_name_t desired_name,
                                              const gss_buffer_t password,

diff --git a/gssapi/raw/ext_password_add.pyx b/gssapi/raw/ext_password_add.pyx
@@ -16,7 +16,7 @@ from gssapi.raw.oids cimport OID
 from gssapi.raw.misc import GSSError
 from gssapi.raw.named_tuples import AddCredResult
 
-cdef extern from "gssapi/gssapi_ext.h":
+cdef extern from "python_gssapi_ext.h":
     OM_uint32 gss_add_cred_with_password(OM_uint32 *min_stat,
                                          const gss_cred_id_t input_cred_handle,
                                          const gss_name_t desired_name,

diff --git a/gssapi/raw/ext_rfc5588.pyx b/gssapi/raw/ext_rfc5588.pyx
@@ -11,7 +11,7 @@ from gssapi.raw.cython_converters cimport c_c_ttl_to_py, c_py_ttl_to_c
 from gssapi.raw.named_tuples import StoreCredResult
 from gssapi.raw.misc import GSSError
 
-cdef extern from "gssapi.h":
+cdef extern from "python_gssapi.h":
     OM_uint32 gss_store_cred(OM_uint32 *min_stat,
                              gss_cred_id_t input_creds,
                              gss_cred_usage_t cred_usage,

diff --git a/gssapi/raw/ext_s4u.pyx b/gssapi/raw/ext_s4u.pyx
@@ -12,7 +12,7 @@ from gssapi.raw.misc import GSSError
 from gssapi.raw.named_tuples import AcquireCredResult, AddCredResult
 
 
-cdef extern from "gssapi/gssapi_ext.h":
+cdef extern from "python_gssapi_ext.h":
     OM_uint32 gss_acquire_cred_impersonate_name(OM_uint32 *min_stat,
                                                 const gss_cred_id_t imp_creds,
                                                 const gss_name_t name,

diff --git a/gssapi/raw/mech_krb5.pyx b/gssapi/raw/mech_krb5.pyx
@@ -13,7 +13,7 @@ and MechType.
 """
 
 
-cdef extern from "gssapi/gssapi_krb5.h":
+cdef extern from "python_gssapi_krb5.h":
     gss_OID gss_mech_krb5
     gss_OID GSS_KRB5_NT_PRINCIPAL_NAME
 

diff --git a/gssapi/raw/message.pyx b/gssapi/raw/message.pyx
@@ -7,7 +7,7 @@ from gssapi.raw.misc import GSSError
 from gssapi.raw.named_tuples import VerifyMICResult, WrapResult, UnwrapResult
 
 
-cdef extern from "gssapi.h":
+cdef extern from "python_gssapi.h":
     OM_uint32 gss_get_mic(OM_uint32 *min_stat,
                           const gss_ctx_id_t context,
                           gss_qop_t qop,

diff --git a/gssapi/raw/misc.pyx b/gssapi/raw/misc.pyx
@@ -12,7 +12,7 @@ from gssapi.raw.oids cimport OID
 from gssapi.raw.types import MechType
 
 
-cdef extern from "gssapi.h":
+cdef extern from "python_gssapi.h":
     OM_uint32 gss_display_status(OM_uint32 *minor_status,
                                  OM_uint32 status_value,
                                  int status_type,

diff --git a/gssapi/raw/names.pyx b/gssapi/raw/names.pyx
@@ -7,7 +7,7 @@ from gssapi.raw.misc import GSSError
 from gssapi.raw.named_tuples import DisplayNameResult
 
 
-cdef extern from "gssapi.h":
+cdef extern from "python_gssapi.h":
     OM_uint32 gss_import_name(OM_uint32 *min_stat,
                               const gss_buffer_t input_buffer,
                               const gss_OID name_type,

diff --git a/gssapi/raw/python_gssapi.h b/gssapi/raw/python_gssapi.h
@@ -0,0 +1,5 @@
+#ifdef OSX_HAS_GSS_FRAMEWORK
+#include <GSS/GSS.h>
+#else
+#include <gssapi/gssapi.h>
+#endif
diff --git a/gssapi/raw/python_gssapi_ext.h b/gssapi/raw/python_gssapi_ext.h
@@ -0,0 +1,9 @@
+#ifdef OSX_HAS_GSS_FRAMEWORK
+#include <GSS/GSS.h>
+#else
+#ifdef HAS_GSSAPI_EXT_H
+#include <gssapi/gssapi_ext.h>
+#else
+#include <gssapi/gssapi.h>
+#endif
+#endif
diff --git a/gssapi/raw/python_gssapi_krb5.h b/gssapi/raw/python_gssapi_krb5.h
@@ -0,0 +1,5 @@
+#ifdef OSX_HAS_GSS_FRAMEWORK
+#include <GSS/gssapi_krb5.h>
+#else
+#include <gssapi/gssapi_krb5.h>
+#endif
diff --git a/gssapi/raw/sec_contexts.pyx b/gssapi/raw/sec_contexts.pyx
@@ -16,7 +16,7 @@ from gssapi.raw.named_tuples import InitSecContextResult
 from gssapi.raw.named_tuples import InquireContextResult
 
 
-cdef extern from "gssapi.h":
+cdef extern from "python_gssapi.h":
     OM_uint32 gss_init_sec_context(OM_uint32 *min_stat,
                                    const gss_cred_id_t initiator_creds,
                                    gss_ctx_id_t *context,

diff --git a/setup.py b/setup.py
@@ -5,6 +5,7 @@
 from setuptools.command.build_ext import build_ext
 from setuptools.command.sdist import sdist
 from setuptools.extension import Extension
+import platform
 import re
 import sys
 import os
@@ -21,7 +22,7 @@
         print("Building from Cython files...", file=sys.stderr)
         SOURCE_EXT = 'pyx'
     except ImportError:
-        print("Cython not found, building from Cython files...",
+        print("Cython not found, building from C files...",
               file=sys.stderr)
         SOURCE_EXT = 'c'
 
@@ -43,12 +44,22 @@ def _get_output(*args, **kwargs):
 # get the compile and link args
 link_args = os.environ.get('GSSAPI_LINKER_ARGS', None)
 compile_args = os.environ.get('GSSAPI_COMPILER_ARGS', None)
+osx_has_gss_framework = False
+if sys.platform == 'darwin':
+    mac_ver = [int(v) for v in platform.mac_ver()[0].split('.')]
+    osx_has_gss_framework = (mac_ver >= [10, 7, 0])
 
 if link_args is None:
-    link_args = get_output('krb5-config --libs gssapi')
+    if osx_has_gss_framework:
+        link_args = '-framework GSS'
+    else:
+        link_args = get_output('krb5-config --libs gssapi')
 
 if compile_args is None:
-    compile_args = get_output('krb5-config --cflags gssapi')
+    if osx_has_gss_framework:
+        compile_args = '-framework GSS -DOSX_HAS_GSS_FRAMEWORK'
+    else:
+        compile_args = get_output('krb5-config --cflags gssapi')
 
 link_args = link_args.split()
 compile_args = compile_args.split()
@@ -57,42 +68,31 @@ def _get_output(*args, **kwargs):
     (os.environ.get('GSSAPI_SUPPORT_DETECT', 'true').lower() == 'true')
 
 if ENABLE_SUPPORT_DETECTION:
+    import ctypes.util
+
     main_lib = os.environ.get('GSSAPI_MAIN_LIB', None)
-    if main_lib is None:
+    if main_lib is None and osx_has_gss_framework:
+        main_lib = ctypes.util.find_library('GSS')
+    elif main_lib is None:
         for opt in link_args:
             if opt.startswith('-lgssapi'):
                 main_lib = 'lib%s.so' % opt[2:]
 
     if main_lib is None:
-        raise Exception("Could not find main GSSAPI shared libary.  Please "
+        raise Exception("Could not find main GSSAPI shared library.  Please "
                         "try setting GSSAPI_MAIN_LIB yourself or setting "
                         "ENABLE_SUPPORT_DETECTION to 'false'")
 
-    import ctypes
     GSSAPI_LIB = ctypes.CDLL(main_lib)
 
 
 class build_gssapi_ext(build_ext):
     def run(self):
-        if not self.dry_run:
-            # optionally fake gssapi_ext.h using gssapi.h
-            prefix = get_output('krb5-config gssapi --prefix')
-            gssapi_ext_h = os.path.join(prefix, 'include/gssapi/gssapi_ext.h')
-
-            if not os.path.exists(gssapi_ext_h):
-                target_dir = os.path.join(self.build_temp, 'c_include')
-                gssapi_dir = os.path.join(target_dir, 'gssapi')
-                if not os.path.exists(gssapi_dir):
-                    os.makedirs(gssapi_dir)
-
-                target_file = os.path.join(target_dir, 'gssapi/gssapi_ext.h')
-                if not os.path.exists(target_file):
-                    with open(target_file, 'w') as header:
-                        header.write('#include "gssapi.h"')
-
-                for ext in self.extensions:
-                    ext.extra_compile_args.append("-I%s" %
-                                                  os.path.abspath(target_dir))
+        prefix = get_output('krb5-config gssapi --prefix')
+        gssapi_ext_h = os.path.join(prefix, 'include/gssapi/gssapi_ext.h')
+        if os.path.exists(gssapi_ext_h):
+            for ext in self.extensions:
+                ext.extra_compile_args.append("-DHAS_GSSAPI_EXT_H")
 
         build_ext.run(self)