1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
AC_PREREQ([2.68])
AC_INIT(rlm_krb5.c)
AC_REVISION($Revision$)
FR_INIT_MODULE([rlm_krb5], [Kerberos support])
if test x$with_[]modname != xno; then
AC_PROG_CC
AC_PROG_CPP
dnl extra argument: --with-rlm-krb5-dir
rlm_krb5_dir=
AC_ARG_WITH(rlm-krb5-dir,
[ --with-rlm-krb5-dir=DIR Directory for krb5 files []],
[ case "$withval" in
no)
AC_MSG_ERROR(Need rlm-krb5-dir)
;;
yes)
;;
*)
rlm_krb5_dir="$withval"
;;
esac ]
)
AC_PATH_PROG(krb5_config, krb5-config, not-found, [${rlm_krb5_dir}/bin:${PATH}:/usr/bin:/usr/local/bin])
dnl #
dnl # If we can find krb5-config we can get the version of the library and determine
dnl # whether it's safe to enable threading.
dnl #
if test "$krb5_config" != 'not-found'; then
AC_MSG_CHECKING([krb5-config CFLAGS])
SMART_CPPFLAGS=$($krb5_config --cflags)
SMART_CPPFLAGS=[$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')]
AC_MSG_RESULT("$SMART_CPPFLAGS")
AC_MSG_CHECKING([krb5-config LDFLAGS])
SMART_LIBS=$($krb5_config --libs)
AC_MSG_RESULT(${SMART_LIBS})
AC_MSG_CHECKING([krb5-config reported version])
krb5_version_raw=$($krb5_config --version)
dnl # AWK originally from from https://github.com/hpc/lustre
krb5_version=$(echo "$krb5_version_raw" | head -n 1 | \
awk '{split($(4),v,"."); if (v@<:@"3"@:>@ = "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }')
AC_MSG_RESULT([${krb5_version_raw} ($krb5_version)])
AC_MSG_CHECKING([krb5-config reported vendor])
krb5_vendor=$($krb5_config --vendor)
AC_MSG_RESULT([${krb5_vendor}])
AC_MSG_CHECKING([canonical API type])
if test "$krb5_vendor" = "Massachusetts Institute of Technology" || \
echo "$krb5_vendor" | grep -i 'MIT' > /dev/null 2>&1 || \
echo "$krb5_version_raw" | grep -i 'MIT' > /dev/null 2>&1 ; then
AC_MSG_RESULT([MIT])
krb5_api_type='mit'
else
AC_MSG_RESULT([HEIMDAL])
krb5_api_type='heimdal'
fi
else
smart_try_dir="$rlm_krb5_dir/include"
FR_SMART_CHECK_INCLUDE(krb5.h)
if test "$ac_cv_header_krb5_h" != "yes"; then
fail="$fail krb5.h"
fi
krb5libcrypto=
smart_try_dir="$rlm_krb5_dir/lib"
FR_SMART_CHECK_LIB(k5crypto, krb5_encrypt_data)
if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
krb5libcrypto="-lk5crypto"
fi
if test "x$krb5libcrypto" = x; then
FR_SMART_CHECK_LIB(crypto, DH_new)
if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
krb5libcrypto="-lcrypto"
fi
fi
if test "x$krb5libcrypto" = x; then
AC_MSG_WARN([neither krb5 'k5crypto' nor 'crypto' libraries are found!])
fi
FR_SMART_CHECK_LIB(com_err, set_com_err_hook)
if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
AC_MSG_WARN([the comm_err library isn't found!])
fi
dnl #
dnl # Only the heimdal version of the library has this function
dnl #
FR_SMART_CHECK_LIB(krb5, krb5_verify_user_opt)
if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" = xyes; then
krb5_api_type='heimdal'
else
krb5_api_type='mit'
FR_SMART_CHECK_LIB(krb5, krb5_get_init_creds_password)
if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
fail="$fail krb5"
fi
fi
fi
dnl #
dnl # Need to ensure the test program(s) link against the right library
dnl #
LDFLAGS="${LDFLAGS} ${SMART_LIBS}"
CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}"
dnl #
dnl # Check how to free things returned by krb5_get_error_message
dnl #
AC_CHECK_FUNCS([krb5_get_error_message krb5_free_error_string krb5_free_error_message])
if test "x$ac_cv_func_krb5_get_error_message" = xyes; then
krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_GET_ERROR_MESSAGE"
fi
if test "x$ac_cv_func_krb5_free_error_message" = xyes; then
krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_MESSAGE"
fi
if test "x$ac_cv_func_krb5_free_error_string" = xyes; then
krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_STRING"
fi
dnl #
dnl # Only check if version checks have not found kerberos to be thread unsafe
dnl #
if test "$krb5threadsafe" != "no"; then
krb5threadsafe=
FR_SMART_CHECK_LIB(krb5, krb5_is_thread_safe)
if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" = xyes; then
AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[return krb5_is_thread_safe() ? 0 : 1]])],
[krb5threadsafe="-DKRB5_IS_THREAD_SAFE"], [AC_MSG_WARN([[libkrb5 is not threadsafe]])])
fi
else
krb5threadsafe=""
fi
if test "$krb5_api_type" = "mit"; then
dnl #
dnl # This lives in different places depending on the distro
dnl #
FR_SMART_CHECK_INCLUDE([com_err.h])
if test "$ac_cv_header_com_err_h" != "yes"; then
FR_SMART_CHECK_INCLUDE([et/com_err.h])
if test "$ac_cv_header_et_com_err_h" != "yes"; then
fail="$fail com_err.h"
else
krb5mod_cflags="$krb5mod_cflags -DET_COMM_ERR "
fi
fi
else
krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
fi
targetname=modname
else
targetname=
echo \*\*\* module modname is disabled.
fi
if test x"$fail" != x""; then
if test x"${enable_strict_dependencies}" = x"yes"; then
AC_MSG_ERROR([set --without-]modname[ to disable it explicitly.])
else
AC_MSG_WARN([silently not building ]modname[.])
AC_MSG_WARN([FAILURE: ]modname[ requires: $fail.]);
targetname=""
fi
fi
mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS"
mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS"
AC_SUBST(mod_ldflags)
AC_SUBST(mod_cflags)
AC_SUBST(targetname)
AC_OUTPUT(all.mk)
|
