diff options
Diffstat (limited to 'src/modules/rlm_krb5/configure.ac')
-rw-r--r-- | src/modules/rlm_krb5/configure.ac | 184 |
1 files changed, 184 insertions, 0 deletions
diff --git a/src/modules/rlm_krb5/configure.ac b/src/modules/rlm_krb5/configure.ac new file mode 100644 index 0000000..2f718bb --- /dev/null +++ b/src/modules/rlm_krb5/configure.ac @@ -0,0 +1,184 @@ +AC_PREREQ([2.68]) +AC_INIT(rlm_krb5.c) +AC_REVISION($Revision$) +FR_INIT_MODULE([rlm_krb5], [Kerberos support]) + +if test x$with_[]modname != xno; then + + AC_PROG_CC + AC_PROG_CPP + + dnl extra argument: --with-rlm-krb5-dir + rlm_krb5_dir= + AC_ARG_WITH(rlm-krb5-dir, + [ --with-rlm-krb5-dir=DIR Directory for krb5 files []], + [ case "$withval" in + no) + AC_MSG_ERROR(Need rlm-krb5-dir) + ;; + yes) + ;; + *) + rlm_krb5_dir="$withval" + ;; + esac ] + ) + + AC_PATH_PROG(krb5_config, krb5-config, not-found, [${rlm_krb5_dir}/bin:${PATH}:/usr/bin:/usr/local/bin]) + dnl # + dnl # If we can find krb5-config we can get the version of the library and determine + dnl # whether it's safe to enable threading. + dnl # + if test "$krb5_config" != 'not-found'; then + AC_MSG_CHECKING([krb5-config CFLAGS]) + SMART_CPPFLAGS=$($krb5_config --cflags) + SMART_CPPFLAGS=[$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')] + AC_MSG_RESULT("$SMART_CPPFLAGS") + + AC_MSG_CHECKING([krb5-config LDFLAGS]) + SMART_LIBS=$($krb5_config --libs) + AC_MSG_RESULT(${SMART_LIBS}) + + AC_MSG_CHECKING([krb5-config reported version]) + krb5_version_raw=$($krb5_config --version) + + dnl # AWK originally from from https://github.com/hpc/lustre + krb5_version=$(echo "$krb5_version_raw" | head -n 1 | \ + awk '{split($(4),v,"."); if (v@<:@"3"@:>@ = "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }') + AC_MSG_RESULT([${krb5_version_raw} ($krb5_version)]) + + AC_MSG_CHECKING([krb5-config reported vendor]) + krb5_vendor=$($krb5_config --vendor) + AC_MSG_RESULT([${krb5_vendor}]) + + AC_MSG_CHECKING([canonical API type]) + if test "$krb5_vendor" = "Massachusetts Institute of Technology" || \ + echo "$krb5_vendor" | grep -i 'MIT' > /dev/null 2>&1 || \ + echo "$krb5_version_raw" | grep -i 'MIT' > /dev/null 2>&1 ; then + AC_MSG_RESULT([MIT]) + krb5_api_type='mit' + else + AC_MSG_RESULT([HEIMDAL]) + krb5_api_type='heimdal' + fi + else + smart_try_dir="$rlm_krb5_dir/include" + FR_SMART_CHECK_INCLUDE(krb5.h) + if test "$ac_cv_header_krb5_h" != "yes"; then + fail="$fail krb5.h" + fi + + krb5libcrypto= + smart_try_dir="$rlm_krb5_dir/lib" + FR_SMART_CHECK_LIB(k5crypto, krb5_encrypt_data) + if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then + krb5libcrypto="-lk5crypto" + fi + + if test "x$krb5libcrypto" = x; then + FR_SMART_CHECK_LIB(crypto, DH_new) + if test "x$ac_cv_lib_crypto_DH_new" = xyes; then + krb5libcrypto="-lcrypto" + fi + fi + + if test "x$krb5libcrypto" = x; then + AC_MSG_WARN([neither krb5 'k5crypto' nor 'crypto' libraries are found!]) + fi + + FR_SMART_CHECK_LIB(com_err, set_com_err_hook) + if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then + AC_MSG_WARN([the comm_err library isn't found!]) + fi + + dnl # + dnl # Only the heimdal version of the library has this function + dnl # + FR_SMART_CHECK_LIB(krb5, krb5_verify_user_opt) + if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" = xyes; then + krb5_api_type='heimdal' + else + krb5_api_type='mit' + + FR_SMART_CHECK_LIB(krb5, krb5_get_init_creds_password) + if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then + fail="$fail krb5" + fi + fi + + fi + + dnl # + dnl # Need to ensure the test program(s) link against the right library + dnl # + LDFLAGS="${LDFLAGS} ${SMART_LIBS}" + CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}" + + dnl # + dnl # Check how to free things returned by krb5_get_error_message + dnl # + AC_CHECK_FUNCS([krb5_get_error_message krb5_free_error_string krb5_free_error_message]) + if test "x$ac_cv_func_krb5_get_error_message" = xyes; then + krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_GET_ERROR_MESSAGE" + fi + if test "x$ac_cv_func_krb5_free_error_message" = xyes; then + krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_MESSAGE" + fi + if test "x$ac_cv_func_krb5_free_error_string" = xyes; then + krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_STRING" + fi + + dnl # + dnl # Only check if version checks have not found kerberos to be thread unsafe + dnl # + if test "$krb5threadsafe" != "no"; then + krb5threadsafe= + + FR_SMART_CHECK_LIB(krb5, krb5_is_thread_safe) + if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" = xyes; then + AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[return krb5_is_thread_safe() ? 0 : 1]])], + [krb5threadsafe="-DKRB5_IS_THREAD_SAFE"], [AC_MSG_WARN([[libkrb5 is not threadsafe]])]) + fi + else + krb5threadsafe="" + fi + + if test "$krb5_api_type" = "mit"; then + dnl # + dnl # This lives in different places depending on the distro + dnl # + FR_SMART_CHECK_INCLUDE([com_err.h]) + if test "$ac_cv_header_com_err_h" != "yes"; then + FR_SMART_CHECK_INCLUDE([et/com_err.h]) + if test "$ac_cv_header_et_com_err_h" != "yes"; then + fail="$fail com_err.h" + else + krb5mod_cflags="$krb5mod_cflags -DET_COMM_ERR " + fi + fi + else + krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5" + fi + targetname=modname +else + targetname= + echo \*\*\* module modname is disabled. +fi + +if test x"$fail" != x""; then + if test x"${enable_strict_dependencies}" = x"yes"; then + AC_MSG_ERROR([set --without-]modname[ to disable it explicitly.]) + else + AC_MSG_WARN([silently not building ]modname[.]) + AC_MSG_WARN([FAILURE: ]modname[ requires: $fail.]); + targetname="" + fi +fi + +mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS" +mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS" + +AC_SUBST(mod_ldflags) +AC_SUBST(mod_cflags) +AC_SUBST(targetname) +AC_OUTPUT(all.mk) |