]>
Commit | Line | Data |
---|---|---|
77b1029d | 1 | ## Copyright (C) 1996-2020 The Squid Software Foundation and contributors |
5d2e6f19 AJ |
2 | ## |
3 | ## Squid software is distributed under GPLv2+ license and includes | |
4 | ## contributions from numerous individuals and organizations. | |
5 | ## Please see the COPYING and CONTRIBUTORS files for details. | |
6 | ## | |
c8093f05 FC |
7 | |
8 | dnl these checks must be performed in the same order as here defined, | |
a6093a2d | 9 | dnl and have mostly been lifted out of an inlined configure.ac. |
c8093f05 FC |
10 | |
11 | dnl checks for a broken solaris header file, and sets squid_cv_broken_krb5_h | |
12 | dnl to yes if that's the case | |
13 | AC_DEFUN([SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H], [ | |
14 | AC_CACHE_CHECK([for broken Solaris krb5.h],squid_cv_broken_krb5_h, [ | |
15 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | |
16 | #include <krb5.h> | |
17 | int i; | |
18 | ]])], [ squid_cv_broken_krb5_h=no ], [ | |
19 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | |
20 | #if defined(__cplusplus) | |
21 | #define KRB5INT_BEGIN_DECLS extern "C" { | |
22 | #define KRB5INT_END_DECLS | |
23 | KRB5INT_BEGIN_DECLS | |
24 | #endif | |
25 | #include <krb5.h> | |
26 | int i; | |
27 | ]])], [ squid_cv_broken_krb5_h=yes ], [ squid_cv_broken_krb5_h=no ]) | |
28 | ]) | |
29 | ]) | |
f2d9a578 | 30 | ]) dnl SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H |
c8093f05 FC |
31 | |
32 | ||
ffe4ffd8 AJ |
33 | AC_DEFUN([SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H], [ |
34 | AC_CACHE_CHECK([for broken Heimdal krb5.h],squid_cv_broken_heimdal_krb5_h, [ | |
35 | AC_RUN_IFELSE([AC_LANG_SOURCE([[ | |
36 | #include <krb5.h> | |
37 | int | |
38 | main(void) | |
39 | { | |
40 | krb5_context context; | |
41 | ||
42 | krb5_init_context(&context); | |
43 | ||
44 | return 0; | |
45 | } | |
46 | ]])], [ squid_cv_broken_heimdal_krb5_h=no ], [ | |
47 | AC_RUN_IFELSE([AC_LANG_SOURCE([[ | |
48 | #if defined(__cplusplus) | |
49 | extern "C" { | |
50 | #endif | |
51 | #include <krb5.h> | |
52 | #if defined(__cplusplus) | |
53 | } | |
54 | #endif | |
55 | int | |
56 | main(void) | |
57 | { | |
58 | krb5_context context; | |
59 | ||
60 | krb5_init_context(&context); | |
61 | ||
62 | return 0; | |
63 | } | |
64 | ]])], [ squid_cv_broken_heimdal_krb5_h=yes ], [ squid_cv_broken_heimdal_krb5_h=no ]) | |
65 | ]) | |
66 | ]) | |
67 | ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H | |
68 | ||
c8093f05 FC |
69 | dnl check the max skew in the krb5 context, and sets squid_cv_max_skew_context |
70 | AC_DEFUN([SQUID_CHECK_MAX_SKEW_IN_KRB5_CONTEXT],[ | |
71 | AC_CACHE_CHECK([for max_skew in struct krb5_context], | |
72 | squid_cv_max_skew_context, [ | |
73 | AC_COMPILE_IFELSE([ | |
74 | AC_LANG_PROGRAM([[ | |
75 | #if HAVE_BROKEN_SOLARIS_KRB5_H | |
76 | #if defined(__cplusplus) | |
77 | #define KRB5INT_BEGIN_DECLS extern "C" { | |
78 | #define KRB5INT_END_DECLS | |
79 | KRB5INT_BEGIN_DECLS | |
80 | #endif | |
81 | #endif | |
75f3c557 MM |
82 | #if USE_APPLE_KRB5 |
83 | #define KERBEROS_APPLE_DEPRECATED(x) | |
84 | #endif | |
c8093f05 FC |
85 | #include <krb5.h> |
86 | krb5_context kc; kc->max_skew = 1; | |
87 | ]]) | |
88 | ],[ squid_cv_max_skew_context=yes ], | |
89 | [ squid_cv_max_skew_context=no ]) | |
90 | ]) | |
91 | ]) | |
92 | ||
93 | dnl check whether the kerberos context has a memory cache. Sets | |
94 | dnl squid_cv_memory_cache if that's the case. | |
95 | AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE],[ | |
96 | AC_CACHE_CHECK([for memory cache], squid_cv_memory_cache, [ | |
97 | AC_RUN_IFELSE([ | |
98 | AC_LANG_SOURCE([[ | |
99 | #if HAVE_BROKEN_SOLARIS_KRB5_H | |
100 | #if defined(__cplusplus) | |
101 | #define KRB5INT_BEGIN_DECLS extern "C" { | |
102 | #define KRB5INT_END_DECLS | |
103 | KRB5INT_BEGIN_DECLS | |
104 | #endif | |
105 | #endif | |
75f3c557 MM |
106 | #if USE_APPLE_KRB5 |
107 | #define KERBEROS_APPLE_DEPRECATED(x) | |
108 | #endif | |
c8093f05 | 109 | #include <krb5.h> |
d8b258a9 | 110 | int main(int argc, char *argv[]) |
c8093f05 FC |
111 | { |
112 | krb5_context context; | |
113 | krb5_ccache cc; | |
114 | ||
115 | krb5_init_context(&context); | |
116 | return krb5_cc_resolve(context, "MEMORY:test_cache", &cc); | |
117 | } | |
118 | ]]) | |
aff0e8fe | 119 | ], [ squid_cv_memory_cache=yes ], [ squid_cv_memory_cache=no ], [:]) |
c8093f05 FC |
120 | ]) |
121 | ]) | |
122 | ||
685277d8 MM |
123 | dnl check whether the kerberos context has a memory keytab. Sets |
124 | dnl squid_cv_memory_keytab if that's the case. | |
125 | AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB],[ | |
126 | AC_CACHE_CHECK([for memory keytab], squid_cv_memory_keytab, [ | |
127 | AC_RUN_IFELSE([ | |
128 | AC_LANG_SOURCE([[ | |
129 | #if HAVE_BROKEN_SOLARIS_KRB5_H | |
130 | #if defined(__cplusplus) | |
131 | #define KRB5INT_BEGIN_DECLS extern "C" { | |
132 | #define KRB5INT_END_DECLS | |
133 | KRB5INT_BEGIN_DECLS | |
134 | #endif | |
135 | #endif | |
75f3c557 MM |
136 | #if USE_APPLE_KRB5 |
137 | #define KERBEROS_APPLE_DEPRECATED(x) | |
138 | #endif | |
685277d8 MM |
139 | #include <krb5.h> |
140 | int main(int argc, char *argv[]) | |
141 | { | |
142 | krb5_context context; | |
143 | krb5_keytab kt; | |
144 | ||
145 | krb5_init_context(&context); | |
146 | return krb5_kt_resolve(context, "MEMORY:test_keytab", &kt); | |
147 | } | |
148 | ]]) | |
149 | ], [ squid_cv_memory_keytab=yes ], [ squid_cv_memory_keytab=no ], [:]) | |
150 | ]) | |
151 | ]) | |
152 | ||
c8093f05 FC |
153 | |
154 | dnl checks that gssapi is ok, and sets squid_cv_working_gssapi accordingly | |
155 | AC_DEFUN([SQUID_CHECK_WORKING_GSSAPI], [ | |
1a5ffec6 FC |
156 | AC_CACHE_CHECK([for working gssapi], squid_cv_working_gssapi, [ |
157 | AC_RUN_IFELSE([AC_LANG_SOURCE([[ | |
1a22a39e MM |
158 | #if USE_HEIMDAL_KRB5 |
159 | #if HAVE_GSSAPI_GSSAPI_H | |
c8093f05 | 160 | #include <gssapi/gssapi.h> |
1a22a39e | 161 | #elif HAVE_GSSAPI_H |
c8093f05 FC |
162 | #include <gssapi.h> |
163 | #endif | |
1a22a39e MM |
164 | #elif USE_GNUGSS |
165 | #if HAVE_GSS_H | |
166 | #include <gss.h> | |
167 | #endif | |
b1218840 | 168 | #else |
75f3c557 MM |
169 | #if USE_APPLE_KRB5 |
170 | #define GSSKRB_APPLE_DEPRECATED(x) | |
171 | #endif | |
1a22a39e | 172 | #if HAVE_GSSAPI_GSSAPI_H |
b1218840 | 173 | #include <gssapi/gssapi.h> |
1a22a39e | 174 | #elif HAVE_GSSAPI_H |
b1218840 | 175 | #include <gssapi.h> |
c8093f05 | 176 | #endif |
1a22a39e | 177 | #if HAVE_GSSAPI_GSSAPI_KRB5_H |
c8093f05 FC |
178 | #include <gssapi/gssapi_krb5.h> |
179 | #endif | |
1a22a39e | 180 | #if HAVE_GSSAPI_GSSAPI_GENERIC_H |
c8093f05 FC |
181 | #include <gssapi/gssapi_generic.h> |
182 | #endif | |
b1218840 | 183 | #endif |
c8093f05 FC |
184 | int |
185 | main(void) | |
186 | { | |
187 | OM_uint32 val; | |
188 | gss_OID_set set; | |
189 | ||
190 | gss_create_empty_oid_set(&val, &set); | |
191 | ||
192 | return 0; | |
193 | } | |
aff0e8fe | 194 | ]])], [ squid_cv_working_gssapi=yes ], [ squid_cv_working_gssapi=no ], [:])]) |
1a22a39e MM |
195 | if test "x$squid_cv_working_gssapi" = "xno" -a `echo $LIBS | grep -i -c "\-L"` -gt 0; then |
196 | AC_MSG_NOTICE([Check Runtime library path !]) | |
197 | fi | |
c8093f05 FC |
198 | ]) |
199 | ||
c8093f05 FC |
200 | dnl check for a working spnego, and set squid_cv_have_spnego |
201 | AC_DEFUN([SQUID_CHECK_SPNEGO_SUPPORT], [ | |
1a5ffec6 FC |
202 | AC_CACHE_CHECK([for spnego support], squid_cv_have_spnego, [ |
203 | AC_RUN_IFELSE([AC_LANG_SOURCE([[ | |
1a22a39e MM |
204 | #if USE_HEIMDAL_KRB5 |
205 | #if HAVE_GSSAPI_GSSAPI_H | |
c8093f05 | 206 | #include <gssapi/gssapi.h> |
1a22a39e | 207 | #elif HAVE_GSSAPI_H |
c8093f05 FC |
208 | #include <gssapi.h> |
209 | #endif | |
1a22a39e MM |
210 | #elif USE_GNUGSS |
211 | #if HAVE_GSS_H | |
212 | #include <gss.h> | |
213 | #endif | |
c8093f05 | 214 | #else |
75f3c557 MM |
215 | #if USE_APPLE_KRB5 |
216 | #define GSSKRB_APPLE_DEPRECATED(x) | |
217 | #endif | |
1a22a39e | 218 | #if HAVE_GSSAPI_GSSAPI_H |
c8093f05 | 219 | #include <gssapi/gssapi.h> |
1a22a39e | 220 | #elif HAVE_GSSAPI_H |
c8093f05 FC |
221 | #include <gssapi.h> |
222 | #endif | |
1a22a39e | 223 | #if HAVE_GSSAPI_GSSAPI_KRB5_H |
c8093f05 FC |
224 | #include <gssapi/gssapi_krb5.h> |
225 | #endif | |
1a22a39e | 226 | #if HAVE_GSSAPI_GSSAPI_GENERIC_H |
c8093f05 FC |
227 | #include <gssapi/gssapi_generic.h> |
228 | #endif | |
229 | #endif | |
230 | #include <string.h> | |
231 | int main(int argc, char *argv[]) { | |
232 | OM_uint32 major_status,minor_status; | |
233 | gss_OID_set gss_mech_set; | |
234 | int i; | |
235 | ||
236 | static gss_OID_desc _gss_mech_spnego = {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; | |
237 | gss_OID gss_mech_spnego = &_gss_mech_spnego; | |
238 | ||
239 | major_status = gss_indicate_mechs( &minor_status, &gss_mech_set); | |
240 | ||
241 | for (i=0;i<gss_mech_set->count;i++) { | |
242 | if (!memcmp(gss_mech_set->elements[i].elements,gss_mech_spnego->elements,gss_mech_set->elements[i].length)) { | |
243 | return 0; | |
244 | } | |
245 | } | |
246 | ||
247 | return 1; | |
248 | } | |
1a5ffec6 | 249 | ]])], |
aff0e8fe | 250 | [ squid_cv_have_spnego=yes ], [ squid_cv_have_spnego=no ],[:])]) |
1a5ffec6 FC |
251 | ]) |
252 | ||
253 | dnl checks that krb5 is functional. Sets squid_cv_working_krb5 | |
254 | AC_DEFUN([SQUID_CHECK_WORKING_KRB5],[ | |
255 | AC_CACHE_CHECK([for working krb5], squid_cv_working_krb5, [ | |
256 | AC_RUN_IFELSE([AC_LANG_SOURCE([[ | |
75f3c557 MM |
257 | #if USE_APPLE_KRB5 |
258 | #define KERBEROS_APPLE_DEPRECATED(x) | |
259 | #endif | |
1a22a39e | 260 | #if HAVE_KRB5_H |
1a5ffec6 FC |
261 | #if HAVE_BROKEN_SOLARIS_KRB5_H |
262 | #if defined(__cplusplus) | |
263 | #define KRB5INT_BEGIN_DECLS extern "C" { | |
264 | #define KRB5INT_END_DECLS | |
265 | KRB5INT_BEGIN_DECLS | |
266 | #endif | |
267 | #endif | |
ffe4ffd8 AJ |
268 | #if HAVE_BROKEN_HEIMDAL_KRB5_H |
269 | extern "C" { | |
1a5ffec6 | 270 | #include <krb5.h> |
ffe4ffd8 AJ |
271 | } |
272 | #else | |
273 | #include <krb5.h> | |
274 | #endif | |
1a5ffec6 FC |
275 | #endif |
276 | ||
277 | int | |
278 | main(void) | |
279 | { | |
280 | krb5_context context; | |
281 | ||
282 | krb5_init_context(&context); | |
283 | ||
284 | return 0; | |
285 | } | |
aff0e8fe | 286 | ]])], [ squid_cv_working_krb5=yes ], [ squid_cv_working_krb5=no ],[:])]) |
1a22a39e MM |
287 | if test "x$squid_cv_working_krb5" = "xno" -a `echo $LIBS | grep -i -c "\-L"` -gt 0; then |
288 | AC_MSG_NOTICE([Check Runtime library path !]) | |
289 | fi | |
290 | ]) | |
291 | ||
292 | ||
293 | dnl checks for existence of krb5 functions | |
294 | AC_DEFUN([SQUID_CHECK_KRB5_FUNCS],[ | |
295 | ||
b2bdde72 MM |
296 | ac_com_error_message=no |
297 | if test "x$ac_cv_header_com_err_h" = "xyes" ; then | |
298 | AC_EGREP_HEADER(error_message,com_err.h,ac_com_error_message=yes) | |
299 | elif test "x$ac_cv_header_et_com_err_h" = "xyes" ; then | |
300 | AC_EGREP_HEADER(error_message,et/com_err.h,ac_com_error_message=yes) | |
301 | fi | |
302 | ||
303 | if test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" = "xyes" ; then | |
304 | AC_CHECK_LIB(com_err,error_message, | |
305 | AC_DEFINE(HAVE_ERROR_MESSAGE,1, | |
306 | [Define to 1 if you have error_message]),) | |
307 | elif test "x$ac_com_error_message" = "xyes" ; then | |
308 | AC_CHECK_LIB(krb5,error_message, | |
309 | AC_DEFINE(HAVE_ERROR_MESSAGE,1, | |
310 | [Define to 1 if you have error_message]),) | |
311 | fi | |
312 | ||
1a22a39e MM |
313 | AC_CHECK_LIB(krb5,krb5_get_err_text, |
314 | AC_DEFINE(HAVE_KRB5_GET_ERR_TEXT,1, | |
315 | [Define to 1 if you have krb5_get_err_text]),) | |
316 | AC_CHECK_LIB(krb5,krb5_get_error_message, | |
317 | AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE,1, | |
318 | [Define to 1 if you have krb5_get_error_message]),) | |
b2bdde72 MM |
319 | AC_CHECK_LIB(krb5,krb5_free_error_message, |
320 | AC_DEFINE(HAVE_KRB5_FREE_ERROR_MESSAGE,1, | |
321 | [Define to 1 if you have krb5_free_error_message]),) | |
322 | AC_CHECK_LIB(krb5,krb5_free_error_string, | |
323 | AC_DEFINE(HAVE_KRB5_FREE_ERROR_STRING,1, | |
324 | [Define to 1 if you have krb5_free_error_string]),) | |
1a22a39e MM |
325 | AC_CHECK_DECLS(krb5_kt_free_entry,,,[#include <krb5.h>]) |
326 | AC_CHECK_TYPE(krb5_pac, | |
327 | AC_DEFINE(HAVE_KRB5_PAC,1, | |
328 | [Define to 1 if you have krb5_pac]),, | |
329 | [#include <krb5.h>]) | |
330 | AC_CHECK_LIB(krb5,krb5_kt_free_entry, | |
331 | AC_DEFINE(HAVE_KRB5_KT_FREE_ENTRY,1, | |
332 | [Define to 1 if you have krb5_kt_free_entry]),) | |
333 | AC_CHECK_LIB(krb5,krb5_get_init_creds_keytab, | |
334 | AC_DEFINE(HAVE_GET_INIT_CREDS_KEYTAB,1, | |
335 | [Define to 1 if you have krb5_get_init_creds_keytab]),) | |
336 | AC_CHECK_LIB(krb5,krb5_get_max_time_skew, | |
337 | AC_DEFINE(HAVE_KRB5_GET_MAX_TIME_SKEW,1, | |
338 | [Define to 1 if you have krb5_get_max_time_skew]),) | |
339 | AC_CHECK_LIB(krb5,krb5_get_profile, | |
340 | AC_DEFINE(HAVE_KRB5_GET_PROFILE,1, | |
341 | [Define to 1 if you have krb5_get_profile]),) | |
342 | AC_CHECK_LIB(krb5,profile_get_integer, | |
343 | AC_DEFINE(HAVE_PROFILE_GET_INTEGER,1, | |
344 | [Define to 1 if you have profile_get_integer]),) | |
345 | AC_CHECK_LIB(krb5,profile_release, | |
346 | AC_DEFINE(HAVE_PROFILE_RELEASE,1, | |
347 | [Define to 1 if you have profile_release]),) | |
348 | AC_CHECK_LIB(krb5,krb5_get_renewed_creds, | |
349 | AC_DEFINE(HAVE_KRB5_GET_RENEWED_CREDS,1, | |
350 | [Define to 1 if you have krb5_get_renewed_creds]),) | |
351 | AC_CHECK_LIB(krb5,krb5_principal_get_realm, | |
352 | AC_DEFINE(HAVE_KRB5_PRINCIPAL_GET_REALM,1, | |
353 | [Define to 1 if you have krb5_principal_get_realm]),) | |
354 | AC_CHECK_LIB(krb5, krb5_get_init_creds_opt_alloc, | |
355 | AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC,1, | |
356 | [Define to 1 if you have krb5_get_init_creds_opt_alloc]),) | |
357 | AC_MSG_CHECKING([for krb5_get_init_creds_free requires krb5_context]) | |
358 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | |
75f3c557 MM |
359 | #if USE_APPLE_KRB5 |
360 | #define KERBEROS_APPLE_DEPRECATED(x) | |
361 | #endif | |
1a22a39e MM |
362 | #include <krb5.h> |
363 | ]],[[krb5_context context; | |
364 | krb5_get_init_creds_opt *options; | |
365 | krb5_get_init_creds_opt_free(context, options)]])],[ | |
366 | AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_FREE_CONTEXT,1, | |
367 | [Define to 1 if you krb5_get_init_creds_free requires krb5_context]) | |
368 | AC_MSG_RESULT(yes) | |
369 | ],[AC_MSG_RESULT(no)],[AC_MSG_RESULT(no)]) | |
370 | ||
1a22a39e MM |
371 | AC_CHECK_FUNCS(gss_map_name_to_any, |
372 | AC_DEFINE(HAVE_GSS_MAP_ANY_TO_ANY,1, | |
373 | [Define to 1 if you have gss_map_name_to_any]),) | |
374 | AC_CHECK_FUNCS(gsskrb5_extract_authz_data_from_sec_context, | |
375 | AC_DEFINE(HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT,1, | |
376 | [Define to 1 if you have gsskrb5_extract_authz_data_from_sec_context]),) | |
377 | ||
378 | SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE | |
379 | SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_CACHE,$squid_cv_memory_cache, | |
380 | [Define if kerberos has MEMORY: cache support]) | |
381 | ||
685277d8 MM |
382 | SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB |
383 | SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_KEYTAB,$squid_cv_memory_keytab, | |
384 | [Define if kerberos has MEMORY: keytab support]) | |
385 | ||
1a22a39e MM |
386 | SQUID_CHECK_WORKING_GSSAPI |
387 | SQUID_DEFINE_BOOL(HAVE_GSSAPI,$squid_cv_working_gssapi,[GSSAPI support]) | |
388 | ||
389 | SQUID_CHECK_SPNEGO_SUPPORT | |
390 | SQUID_DEFINE_BOOL(HAVE_SPNEGO,$squid_cv_have_spnego,[SPNEGO support]) | |
391 | ||
392 | SQUID_CHECK_WORKING_KRB5 | |
393 | SQUID_DEFINE_BOOL(HAVE_KRB5,$squid_cv_working_krb5,[KRB5 support]) | |
c8093f05 | 394 | ]) |
1a22a39e | 395 |