[thirdparty/squid.git] / acinclude / krb5.m4

## Copyright (C) 1996-2020 The Squid Software Foundation and contributors
##
## Squid software is distributed under GPLv2+ license and includes
## contributions from numerous individuals and organizations.
## Please see the COPYING and CONTRIBUTORS files for details.
##

dnl these checks must be performed in the same order as here defined,
dnl and have mostly been lifted out of an inlined configure.ac.

dnl checks for a broken solaris header file, and sets squid_cv_broken_krb5_h
dnl to yes if that's the case
AC_DEFUN([SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H], [
  AC_CACHE_CHECK([for broken Solaris krb5.h],squid_cv_broken_krb5_h, [
    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <krb5.h>
int i;
]])], [ squid_cv_broken_krb5_h=no ], [ 
    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#if defined(__cplusplus)
#define KRB5INT_BEGIN_DECLS     extern "C" {
#define KRB5INT_END_DECLS
KRB5INT_BEGIN_DECLS
#endif
#include <krb5.h>
int i;
]])], [ squid_cv_broken_krb5_h=yes ], [ squid_cv_broken_krb5_h=no ])
    ])
  ])
]) dnl SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H


AC_DEFUN([SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H], [
  AC_CACHE_CHECK([for broken Heimdal krb5.h],squid_cv_broken_heimdal_krb5_h, [
    AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <krb5.h>
int
main(void)
{
        krb5_context context;

        krb5_init_context(&context);

        return 0;
}
]])], [ squid_cv_broken_heimdal_krb5_h=no ], [
    AC_RUN_IFELSE([AC_LANG_SOURCE([[
#if defined(__cplusplus)
extern "C" {
#endif
#include <krb5.h>
#if defined(__cplusplus)
}
#endif
int
main(void)
{
        krb5_context context;

        krb5_init_context(&context);

        return 0;
}
]])], [ squid_cv_broken_heimdal_krb5_h=yes ], [ squid_cv_broken_heimdal_krb5_h=no ])
    ])
  ])
]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H

dnl check the max skew in the krb5 context, and sets squid_cv_max_skew_context
AC_DEFUN([SQUID_CHECK_MAX_SKEW_IN_KRB5_CONTEXT],[
  AC_CACHE_CHECK([for max_skew in struct krb5_context],
                  squid_cv_max_skew_context, [
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([[
#if HAVE_BROKEN_SOLARIS_KRB5_H
#if defined(__cplusplus)
#define KRB5INT_BEGIN_DECLS     extern "C" {
#define KRB5INT_END_DECLS
KRB5INT_BEGIN_DECLS
#endif
#endif
#if USE_APPLE_KRB5
#define KERBEROS_APPLE_DEPRECATED(x)
#endif
#include <krb5.h>
krb5_context kc; kc->max_skew = 1;
      ]])
    ],[ squid_cv_max_skew_context=yes ],
    [ squid_cv_max_skew_context=no ])
  ])
])

dnl check whether the kerberos context has a memory cache. Sets
dnl squid_cv_memory_cache if that's the case.
AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE],[
  AC_CACHE_CHECK([for memory cache], squid_cv_memory_cache, [
    AC_RUN_IFELSE([
      AC_LANG_SOURCE([[
#if HAVE_BROKEN_SOLARIS_KRB5_H
#if defined(__cplusplus)
#define KRB5INT_BEGIN_DECLS     extern "C" {
#define KRB5INT_END_DECLS
KRB5INT_BEGIN_DECLS
#endif
#endif
#if USE_APPLE_KRB5
#define KERBEROS_APPLE_DEPRECATED(x)
#endif
#include <krb5.h>
int main(int argc, char *argv[])
{
    krb5_context context;
    krb5_ccache cc;

    krb5_init_context(&context);
    return krb5_cc_resolve(context, "MEMORY:test_cache", &cc);
}
      ]])
    ], [ squid_cv_memory_cache=yes ], [ squid_cv_memory_cache=no ], [:])
  ])
])

dnl check whether the kerberos context has a memory keytab. Sets
dnl squid_cv_memory_keytab if that's the case.
AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB],[
  AC_CACHE_CHECK([for memory keytab], squid_cv_memory_keytab, [
    AC_RUN_IFELSE([
      AC_LANG_SOURCE([[
#if HAVE_BROKEN_SOLARIS_KRB5_H
#if defined(__cplusplus)
#define KRB5INT_BEGIN_DECLS     extern "C" {
#define KRB5INT_END_DECLS
KRB5INT_BEGIN_DECLS
#endif
#endif
#if USE_APPLE_KRB5
#define KERBEROS_APPLE_DEPRECATED(x)
#endif
#include <krb5.h>
int main(int argc, char *argv[])
{
    krb5_context context;
    krb5_keytab kt;

    krb5_init_context(&context);
    return krb5_kt_resolve(context, "MEMORY:test_keytab", &kt);
}
      ]])
    ], [ squid_cv_memory_keytab=yes ], [ squid_cv_memory_keytab=no ], [:])
  ])
])


dnl checks that gssapi is ok, and sets squid_cv_working_gssapi accordingly
AC_DEFUN([SQUID_CHECK_WORKING_GSSAPI], [
  AC_CACHE_CHECK([for working gssapi], squid_cv_working_gssapi, [
    AC_RUN_IFELSE([AC_LANG_SOURCE([[
#if USE_HEIMDAL_KRB5
#if HAVE_GSSAPI_GSSAPI_H
#include <gssapi/gssapi.h>
#elif HAVE_GSSAPI_H
#include <gssapi.h>
#endif
#elif USE_GNUGSS
#if HAVE_GSS_H
#include <gss.h>
#endif
#else
#if USE_APPLE_KRB5
#define GSSKRB_APPLE_DEPRECATED(x)
#endif
#if HAVE_GSSAPI_GSSAPI_H
#include <gssapi/gssapi.h>
#elif HAVE_GSSAPI_H
#include <gssapi.h>
#endif
#if HAVE_GSSAPI_GSSAPI_KRB5_H
#include <gssapi/gssapi_krb5.h>
#endif
#if HAVE_GSSAPI_GSSAPI_GENERIC_H
#include <gssapi/gssapi_generic.h>
#endif
#endif
int
main(void)
{
        OM_uint32 val;
        gss_OID_set set;

        gss_create_empty_oid_set(&val, &set);

        return 0;
}
  ]])],  [ squid_cv_working_gssapi=yes ], [ squid_cv_working_gssapi=no ], [:])])
if test "x$squid_cv_working_gssapi" = "xno" -a `echo $LIBS | grep -i -c "\-L"` -gt 0; then
  AC_MSG_NOTICE([Check Runtime library path !])
fi
])

dnl check for a working spnego, and set squid_cv_have_spnego
AC_DEFUN([SQUID_CHECK_SPNEGO_SUPPORT], [
  AC_CACHE_CHECK([for spnego support], squid_cv_have_spnego, [
    AC_RUN_IFELSE([AC_LANG_SOURCE([[
#if USE_HEIMDAL_KRB5
#if HAVE_GSSAPI_GSSAPI_H
#include <gssapi/gssapi.h>
#elif HAVE_GSSAPI_H
#include <gssapi.h>
#endif
#elif USE_GNUGSS
#if HAVE_GSS_H
#include <gss.h>
#endif
#else
#if USE_APPLE_KRB5
#define GSSKRB_APPLE_DEPRECATED(x)
#endif
#if HAVE_GSSAPI_GSSAPI_H
#include <gssapi/gssapi.h>
#elif HAVE_GSSAPI_H
#include <gssapi.h>
#endif
#if HAVE_GSSAPI_GSSAPI_KRB5_H
#include <gssapi/gssapi_krb5.h>
#endif
#if HAVE_GSSAPI_GSSAPI_GENERIC_H
#include <gssapi/gssapi_generic.h>
#endif
#endif
#include <string.h>
int main(int argc, char *argv[]) {
 OM_uint32 major_status,minor_status;
 gss_OID_set gss_mech_set;
 int i;

static gss_OID_desc _gss_mech_spnego  = {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
gss_OID gss_mech_spnego = &_gss_mech_spnego;

 major_status = gss_indicate_mechs( &minor_status, &gss_mech_set);

 for (i=0;i<gss_mech_set->count;i++) {
     if (!memcmp(gss_mech_set->elements[i].elements,gss_mech_spnego->elements,gss_mech_set->elements[i].length)) {
        return 0;
     }
 }

 return 1;
}
  ]])],  
  [ squid_cv_have_spnego=yes ], [ squid_cv_have_spnego=no ],[:])])
])

dnl checks that krb5 is functional. Sets squid_cv_working_krb5
AC_DEFUN([SQUID_CHECK_WORKING_KRB5],[
  AC_CACHE_CHECK([for working krb5], squid_cv_working_krb5, [
    AC_RUN_IFELSE([AC_LANG_SOURCE([[
#if USE_APPLE_KRB5
#define KERBEROS_APPLE_DEPRECATED(x)
#endif
#if HAVE_KRB5_H
#if HAVE_BROKEN_SOLARIS_KRB5_H
#if defined(__cplusplus)
#define KRB5INT_BEGIN_DECLS     extern "C" {
#define KRB5INT_END_DECLS
KRB5INT_BEGIN_DECLS
#endif
#endif
#if HAVE_BROKEN_HEIMDAL_KRB5_H
extern "C" {
#include <krb5.h>
}
#else
#include <krb5.h>
#endif
#endif

int
main(void)
{
        krb5_context context;

        krb5_init_context(&context);

        return 0;
}
  ]])], [ squid_cv_working_krb5=yes ], [ squid_cv_working_krb5=no ],[:])])
if test "x$squid_cv_working_krb5" = "xno" -a `echo $LIBS | grep -i -c "\-L"` -gt 0; then
  AC_MSG_NOTICE([Check Runtime library path !])
fi
])


dnl checks for existence of krb5 functions
AC_DEFUN([SQUID_CHECK_KRB5_FUNCS],[

  ac_com_error_message=no
  if test "x$ac_cv_header_com_err_h" = "xyes" ; then
    AC_EGREP_HEADER(error_message,com_err.h,ac_com_error_message=yes)
  elif test "x$ac_cv_header_et_com_err_h" = "xyes" ; then
    AC_EGREP_HEADER(error_message,et/com_err.h,ac_com_error_message=yes)
  fi

  if test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" = "xyes" ; then
    AC_CHECK_LIB(com_err,error_message,
      AC_DEFINE(HAVE_ERROR_MESSAGE,1,
        [Define to 1 if you have error_message]),)
  elif test  "x$ac_com_error_message" = "xyes" ; then
    AC_CHECK_LIB(krb5,error_message,
      AC_DEFINE(HAVE_ERROR_MESSAGE,1,
        [Define to 1 if you have error_message]),)
  fi

  AC_CHECK_LIB(krb5,krb5_get_err_text,
    AC_DEFINE(HAVE_KRB5_GET_ERR_TEXT,1,
      [Define to 1 if you have krb5_get_err_text]),)
  AC_CHECK_LIB(krb5,krb5_get_error_message,
    AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE,1,
      [Define to 1 if you have krb5_get_error_message]),)
  AC_CHECK_LIB(krb5,krb5_free_error_message,
    AC_DEFINE(HAVE_KRB5_FREE_ERROR_MESSAGE,1,
      [Define to 1 if you have krb5_free_error_message]),)
  AC_CHECK_LIB(krb5,krb5_free_error_string,
    AC_DEFINE(HAVE_KRB5_FREE_ERROR_STRING,1,
      [Define to 1 if you have krb5_free_error_string]),)
  AC_CHECK_DECLS(krb5_kt_free_entry,,,[#include <krb5.h>])
  AC_CHECK_TYPE(krb5_pac,
    AC_DEFINE(HAVE_KRB5_PAC,1,
      [Define to 1 if you have krb5_pac]),,
      [#include <krb5.h>])
  AC_CHECK_LIB(krb5,krb5_kt_free_entry,
    AC_DEFINE(HAVE_KRB5_KT_FREE_ENTRY,1,
      [Define to 1 if you have krb5_kt_free_entry]),)
  AC_CHECK_LIB(krb5,krb5_get_init_creds_keytab,
    AC_DEFINE(HAVE_GET_INIT_CREDS_KEYTAB,1,
      [Define to 1 if you have krb5_get_init_creds_keytab]),)
  AC_CHECK_LIB(krb5,krb5_get_max_time_skew,
    AC_DEFINE(HAVE_KRB5_GET_MAX_TIME_SKEW,1,
      [Define to 1 if you have krb5_get_max_time_skew]),)
  AC_CHECK_LIB(krb5,krb5_get_profile,
    AC_DEFINE(HAVE_KRB5_GET_PROFILE,1,
      [Define to 1 if you have krb5_get_profile]),)
  AC_CHECK_LIB(krb5,profile_get_integer,
    AC_DEFINE(HAVE_PROFILE_GET_INTEGER,1,
      [Define to 1 if you have profile_get_integer]),)
  AC_CHECK_LIB(krb5,profile_release,
    AC_DEFINE(HAVE_PROFILE_RELEASE,1,
      [Define to 1 if you have profile_release]),)
  AC_CHECK_LIB(krb5,krb5_get_renewed_creds,
    AC_DEFINE(HAVE_KRB5_GET_RENEWED_CREDS,1,
      [Define to 1 if you have krb5_get_renewed_creds]),)
  AC_CHECK_LIB(krb5,krb5_principal_get_realm,
    AC_DEFINE(HAVE_KRB5_PRINCIPAL_GET_REALM,1,
      [Define to 1 if you have krb5_principal_get_realm]),)
  AC_CHECK_LIB(krb5, krb5_get_init_creds_opt_alloc,
    AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC,1,
      [Define to 1 if you have krb5_get_init_creds_opt_alloc]),)
  AC_MSG_CHECKING([for krb5_get_init_creds_free requires krb5_context])
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
        #if USE_APPLE_KRB5
        #define KERBEROS_APPLE_DEPRECATED(x)
        #endif
	#include <krb5.h>
    ]],[[krb5_context context;
	 krb5_get_init_creds_opt *options;
	 krb5_get_init_creds_opt_free(context, options)]])],[
	AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_FREE_CONTEXT,1,
		  [Define to 1 if you krb5_get_init_creds_free requires krb5_context])
	AC_MSG_RESULT(yes)
    ],[AC_MSG_RESULT(no)],[AC_MSG_RESULT(no)])

  AC_CHECK_FUNCS(gss_map_name_to_any,
    AC_DEFINE(HAVE_GSS_MAP_ANY_TO_ANY,1,
      [Define to 1 if you have gss_map_name_to_any]),)
  AC_CHECK_FUNCS(gsskrb5_extract_authz_data_from_sec_context,
    AC_DEFINE(HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT,1,
      [Define to 1 if you have gsskrb5_extract_authz_data_from_sec_context]),)

  SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE
  SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_CACHE,$squid_cv_memory_cache,
       [Define if kerberos has MEMORY: cache support])

  SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB
  SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_KEYTAB,$squid_cv_memory_keytab,
       [Define if kerberos has MEMORY: keytab support])

  SQUID_CHECK_WORKING_GSSAPI
  SQUID_DEFINE_BOOL(HAVE_GSSAPI,$squid_cv_working_gssapi,[GSSAPI support])

  SQUID_CHECK_SPNEGO_SUPPORT
  SQUID_DEFINE_BOOL(HAVE_SPNEGO,$squid_cv_have_spnego,[SPNEGO support])

  SQUID_CHECK_WORKING_KRB5
  SQUID_DEFINE_BOOL(HAVE_KRB5,$squid_cv_working_krb5,[KRB5 support])
])
Commit	Line	Data
77b1029d	1	## Copyright (C) 1996-2020 The Squid Software Foundation and contributors
5d2e6f19 AJ	2	##
	3	## Squid software is distributed under GPLv2+ license and includes
	4	## contributions from numerous individuals and organizations.
	5	## Please see the COPYING and CONTRIBUTORS files for details.
	6	##
c8093f05 FC	7
c8093f05 FC	8	dnl these checks must be performed in the same order as here defined,
a6093a2d	9	dnl and have mostly been lifted out of an inlined configure.ac.
c8093f05 FC	10
	11	dnl checks for a broken solaris header file, and sets squid_cv_broken_krb5_h
	12	dnl to yes if that's the case
	13	AC_DEFUN([SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H], [
	14	AC_CACHE_CHECK([for broken Solaris krb5.h],squid_cv_broken_krb5_h, [
	15	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
	16	#include <krb5.h>
	17	int i;
	18	]])], [ squid_cv_broken_krb5_h=no ], [
	19	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
	20	#if defined(__cplusplus)
	21	#define KRB5INT_BEGIN_DECLS extern "C" {
	22	#define KRB5INT_END_DECLS
	23	KRB5INT_BEGIN_DECLS
	24	#endif
	25	#include <krb5.h>
	26	int i;
	27	]])], [ squid_cv_broken_krb5_h=yes ], [ squid_cv_broken_krb5_h=no ])
	28	])
	29	])
f2d9a578	30	]) dnl SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H
c8093f05 FC	31
c8093f05 FC	32
ffe4ffd8 AJ	33	AC_DEFUN([SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H], [
	34	AC_CACHE_CHECK([for broken Heimdal krb5.h],squid_cv_broken_heimdal_krb5_h, [
	35	AC_RUN_IFELSE([AC_LANG_SOURCE([[
	36	#include <krb5.h>
	37	int
	38	main(void)
	39	{
	40	krb5_context context;
	41
	42	krb5_init_context(&context);
	43
	44	return 0;
	45	}
	46	]])], [ squid_cv_broken_heimdal_krb5_h=no ], [
	47	AC_RUN_IFELSE([AC_LANG_SOURCE([[
	48	#if defined(__cplusplus)
	49	extern "C" {
	50	#endif
	51	#include <krb5.h>
	52	#if defined(__cplusplus)
	53	}
	54	#endif
	55	int
	56	main(void)
	57	{
	58	krb5_context context;
	59
	60	krb5_init_context(&context);
	61
	62	return 0;
	63	}
	64	]])], [ squid_cv_broken_heimdal_krb5_h=yes ], [ squid_cv_broken_heimdal_krb5_h=no ])
	65	])
	66	])
	67	]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H
	68
c8093f05 FC	69	dnl check the max skew in the krb5 context, and sets squid_cv_max_skew_context
	70	AC_DEFUN([SQUID_CHECK_MAX_SKEW_IN_KRB5_CONTEXT],[
	71	AC_CACHE_CHECK([for max_skew in struct krb5_context],
	72	squid_cv_max_skew_context, [
	73	AC_COMPILE_IFELSE([
	74	AC_LANG_PROGRAM([[
	75	#if HAVE_BROKEN_SOLARIS_KRB5_H
	76	#if defined(__cplusplus)
	77	#define KRB5INT_BEGIN_DECLS extern "C" {
	78	#define KRB5INT_END_DECLS
	79	KRB5INT_BEGIN_DECLS
	80	#endif
	81	#endif
75f3c557 MM	82	#if USE_APPLE_KRB5
	83	#define KERBEROS_APPLE_DEPRECATED(x)
	84	#endif
c8093f05 FC	85	#include <krb5.h>
	86	krb5_context kc; kc->max_skew = 1;
	87	]])
	88	],[ squid_cv_max_skew_context=yes ],
	89	[ squid_cv_max_skew_context=no ])
	90	])
	91	])
	92
	93	dnl check whether the kerberos context has a memory cache. Sets
	94	dnl squid_cv_memory_cache if that's the case.
	95	AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE],[
	96	AC_CACHE_CHECK([for memory cache], squid_cv_memory_cache, [
	97	AC_RUN_IFELSE([
	98	AC_LANG_SOURCE([[
	99	#if HAVE_BROKEN_SOLARIS_KRB5_H
	100	#if defined(__cplusplus)
	101	#define KRB5INT_BEGIN_DECLS extern "C" {
	102	#define KRB5INT_END_DECLS
	103	KRB5INT_BEGIN_DECLS
	104	#endif
	105	#endif
75f3c557 MM	106	#if USE_APPLE_KRB5
	107	#define KERBEROS_APPLE_DEPRECATED(x)
	108	#endif
c8093f05	109	#include <krb5.h>
d8b258a9	110	int main(int argc, char *argv[])
c8093f05 FC	111	{
	112	krb5_context context;
	113	krb5_ccache cc;
	114
	115	krb5_init_context(&context);
	116	return krb5_cc_resolve(context, "MEMORY:test_cache", &cc);
	117	}
	118	]])
aff0e8fe	119	], [ squid_cv_memory_cache=yes ], [ squid_cv_memory_cache=no ], [:])
c8093f05 FC	120	])
	121	])
	122
685277d8 MM	123	dnl check whether the kerberos context has a memory keytab. Sets
	124	dnl squid_cv_memory_keytab if that's the case.
	125	AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB],[
	126	AC_CACHE_CHECK([for memory keytab], squid_cv_memory_keytab, [
	127	AC_RUN_IFELSE([
	128	AC_LANG_SOURCE([[
	129	#if HAVE_BROKEN_SOLARIS_KRB5_H
	130	#if defined(__cplusplus)
	131	#define KRB5INT_BEGIN_DECLS extern "C" {
	132	#define KRB5INT_END_DECLS
	133	KRB5INT_BEGIN_DECLS
	134	#endif
	135	#endif
75f3c557 MM	136	#if USE_APPLE_KRB5
	137	#define KERBEROS_APPLE_DEPRECATED(x)
	138	#endif
685277d8 MM	139	#include <krb5.h>
	140	int main(int argc, char *argv[])
	141	{
	142	krb5_context context;
	143	krb5_keytab kt;
	144
	145	krb5_init_context(&context);
	146	return krb5_kt_resolve(context, "MEMORY:test_keytab", &kt);
	147	}
	148	]])
	149	], [ squid_cv_memory_keytab=yes ], [ squid_cv_memory_keytab=no ], [:])
	150	])
	151	])
	152
c8093f05 FC	153
	154	dnl checks that gssapi is ok, and sets squid_cv_working_gssapi accordingly
	155	AC_DEFUN([SQUID_CHECK_WORKING_GSSAPI], [
1a5ffec6 FC	156	AC_CACHE_CHECK([for working gssapi], squid_cv_working_gssapi, [
1a5ffec6 FC	157	AC_RUN_IFELSE([AC_LANG_SOURCE([[
1a22a39e MM	158	#if USE_HEIMDAL_KRB5
1a22a39e MM	159	#if HAVE_GSSAPI_GSSAPI_H
c8093f05	160	#include <gssapi/gssapi.h>
1a22a39e	161	#elif HAVE_GSSAPI_H
c8093f05 FC	162	#include <gssapi.h>
c8093f05 FC	163	#endif
1a22a39e MM	164	#elif USE_GNUGSS
	165	#if HAVE_GSS_H
	166	#include <gss.h>
	167	#endif
b1218840	168	#else
75f3c557 MM	169	#if USE_APPLE_KRB5
	170	#define GSSKRB_APPLE_DEPRECATED(x)
	171	#endif
1a22a39e	172	#if HAVE_GSSAPI_GSSAPI_H
b1218840	173	#include <gssapi/gssapi.h>
1a22a39e	174	#elif HAVE_GSSAPI_H
b1218840	175	#include <gssapi.h>
c8093f05	176	#endif
1a22a39e	177	#if HAVE_GSSAPI_GSSAPI_KRB5_H
c8093f05 FC	178	#include <gssapi/gssapi_krb5.h>
c8093f05 FC	179	#endif
1a22a39e	180	#if HAVE_GSSAPI_GSSAPI_GENERIC_H
c8093f05 FC	181	#include <gssapi/gssapi_generic.h>
c8093f05 FC	182	#endif
b1218840	183	#endif
c8093f05 FC	184	int
	185	main(void)
	186	{
	187	OM_uint32 val;
	188	gss_OID_set set;
	189
	190	gss_create_empty_oid_set(&val, &set);
	191
	192	return 0;
	193	}
aff0e8fe	194	]])], [ squid_cv_working_gssapi=yes ], [ squid_cv_working_gssapi=no ], [:])])
1a22a39e MM	195	if test "x$squid_cv_working_gssapi" = "xno" -a `echo $LIBS \| grep -i -c "\-L"` -gt 0; then
	196	AC_MSG_NOTICE([Check Runtime library path !])
	197	fi
c8093f05 FC	198	])
c8093f05 FC	199
c8093f05 FC	200	dnl check for a working spnego, and set squid_cv_have_spnego
c8093f05 FC	201	AC_DEFUN([SQUID_CHECK_SPNEGO_SUPPORT], [
1a5ffec6 FC	202	AC_CACHE_CHECK([for spnego support], squid_cv_have_spnego, [
1a5ffec6 FC	203	AC_RUN_IFELSE([AC_LANG_SOURCE([[
1a22a39e MM	204	#if USE_HEIMDAL_KRB5
1a22a39e MM	205	#if HAVE_GSSAPI_GSSAPI_H
c8093f05	206	#include <gssapi/gssapi.h>
1a22a39e	207	#elif HAVE_GSSAPI_H
c8093f05 FC	208	#include <gssapi.h>
c8093f05 FC	209	#endif
1a22a39e MM	210	#elif USE_GNUGSS
	211	#if HAVE_GSS_H
	212	#include <gss.h>
	213	#endif
c8093f05	214	#else
75f3c557 MM	215	#if USE_APPLE_KRB5
	216	#define GSSKRB_APPLE_DEPRECATED(x)
	217	#endif
1a22a39e	218	#if HAVE_GSSAPI_GSSAPI_H
c8093f05	219	#include <gssapi/gssapi.h>
1a22a39e	220	#elif HAVE_GSSAPI_H
c8093f05 FC	221	#include <gssapi.h>
c8093f05 FC	222	#endif
1a22a39e	223	#if HAVE_GSSAPI_GSSAPI_KRB5_H
c8093f05 FC	224	#include <gssapi/gssapi_krb5.h>
c8093f05 FC	225	#endif
1a22a39e	226	#if HAVE_GSSAPI_GSSAPI_GENERIC_H
c8093f05 FC	227	#include <gssapi/gssapi_generic.h>
	228	#endif
	229	#endif
	230	#include <string.h>
	231	int main(int argc, char *argv[]) {
	232	OM_uint32 major_status,minor_status;
	233	gss_OID_set gss_mech_set;
	234	int i;
	235
	236	static gss_OID_desc _gss_mech_spnego = {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
	237	gss_OID gss_mech_spnego = &_gss_mech_spnego;
	238
	239	major_status = gss_indicate_mechs( &minor_status, &gss_mech_set);
	240
	241	for (i=0;i<gss_mech_set->count;i++) {
	242	if (!memcmp(gss_mech_set->elements[i].elements,gss_mech_spnego->elements,gss_mech_set->elements[i].length)) {
	243	return 0;
	244	}
	245	}
	246
	247	return 1;
	248	}
1a5ffec6	249	]])],
aff0e8fe	250	[ squid_cv_have_spnego=yes ], [ squid_cv_have_spnego=no ],[:])])
1a5ffec6 FC	251	])
	252
	253	dnl checks that krb5 is functional. Sets squid_cv_working_krb5
	254	AC_DEFUN([SQUID_CHECK_WORKING_KRB5],[
	255	AC_CACHE_CHECK([for working krb5], squid_cv_working_krb5, [
	256	AC_RUN_IFELSE([AC_LANG_SOURCE([[
75f3c557 MM	257	#if USE_APPLE_KRB5
	258	#define KERBEROS_APPLE_DEPRECATED(x)
	259	#endif
1a22a39e	260	#if HAVE_KRB5_H
1a5ffec6 FC	261	#if HAVE_BROKEN_SOLARIS_KRB5_H
	262	#if defined(__cplusplus)
	263	#define KRB5INT_BEGIN_DECLS extern "C" {
	264	#define KRB5INT_END_DECLS
	265	KRB5INT_BEGIN_DECLS
	266	#endif
	267	#endif
ffe4ffd8 AJ	268	#if HAVE_BROKEN_HEIMDAL_KRB5_H
ffe4ffd8 AJ	269	extern "C" {
1a5ffec6	270	#include <krb5.h>
ffe4ffd8 AJ	271	}
	272	#else
	273	#include <krb5.h>
	274	#endif
1a5ffec6 FC	275	#endif
	276
	277	int
	278	main(void)
	279	{
	280	krb5_context context;
	281
	282	krb5_init_context(&context);
	283
	284	return 0;
	285	}
aff0e8fe	286	]])], [ squid_cv_working_krb5=yes ], [ squid_cv_working_krb5=no ],[:])])
1a22a39e MM	287	if test "x$squid_cv_working_krb5" = "xno" -a `echo $LIBS \| grep -i -c "\-L"` -gt 0; then
	288	AC_MSG_NOTICE([Check Runtime library path !])
	289	fi
	290	])
	291
	292
	293	dnl checks for existence of krb5 functions
	294	AC_DEFUN([SQUID_CHECK_KRB5_FUNCS],[
	295
b2bdde72 MM	296	ac_com_error_message=no
	297	if test "x$ac_cv_header_com_err_h" = "xyes" ; then
	298	AC_EGREP_HEADER(error_message,com_err.h,ac_com_error_message=yes)
	299	elif test "x$ac_cv_header_et_com_err_h" = "xyes" ; then
	300	AC_EGREP_HEADER(error_message,et/com_err.h,ac_com_error_message=yes)
	301	fi
	302
	303	if test `echo $KRB5LIBS \| grep -c com_err` -ne 0 -a "x$ac_com_error_message" = "xyes" ; then
	304	AC_CHECK_LIB(com_err,error_message,
	305	AC_DEFINE(HAVE_ERROR_MESSAGE,1,
	306	[Define to 1 if you have error_message]),)
	307	elif test "x$ac_com_error_message" = "xyes" ; then
	308	AC_CHECK_LIB(krb5,error_message,
	309	AC_DEFINE(HAVE_ERROR_MESSAGE,1,
	310	[Define to 1 if you have error_message]),)
	311	fi
	312
1a22a39e MM	313	AC_CHECK_LIB(krb5,krb5_get_err_text,
	314	AC_DEFINE(HAVE_KRB5_GET_ERR_TEXT,1,
	315	[Define to 1 if you have krb5_get_err_text]),)
	316	AC_CHECK_LIB(krb5,krb5_get_error_message,
	317	AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE,1,
	318	[Define to 1 if you have krb5_get_error_message]),)
b2bdde72 MM	319	AC_CHECK_LIB(krb5,krb5_free_error_message,
	320	AC_DEFINE(HAVE_KRB5_FREE_ERROR_MESSAGE,1,
	321	[Define to 1 if you have krb5_free_error_message]),)
	322	AC_CHECK_LIB(krb5,krb5_free_error_string,
	323	AC_DEFINE(HAVE_KRB5_FREE_ERROR_STRING,1,
	324	[Define to 1 if you have krb5_free_error_string]),)
1a22a39e MM	325	AC_CHECK_DECLS(krb5_kt_free_entry,,,[#include <krb5.h>])
	326	AC_CHECK_TYPE(krb5_pac,
	327	AC_DEFINE(HAVE_KRB5_PAC,1,
	328	[Define to 1 if you have krb5_pac]),,
	329	[#include <krb5.h>])
	330	AC_CHECK_LIB(krb5,krb5_kt_free_entry,
	331	AC_DEFINE(HAVE_KRB5_KT_FREE_ENTRY,1,
	332	[Define to 1 if you have krb5_kt_free_entry]),)
	333	AC_CHECK_LIB(krb5,krb5_get_init_creds_keytab,
	334	AC_DEFINE(HAVE_GET_INIT_CREDS_KEYTAB,1,
	335	[Define to 1 if you have krb5_get_init_creds_keytab]),)
	336	AC_CHECK_LIB(krb5,krb5_get_max_time_skew,
	337	AC_DEFINE(HAVE_KRB5_GET_MAX_TIME_SKEW,1,
	338	[Define to 1 if you have krb5_get_max_time_skew]),)
	339	AC_CHECK_LIB(krb5,krb5_get_profile,
	340	AC_DEFINE(HAVE_KRB5_GET_PROFILE,1,
	341	[Define to 1 if you have krb5_get_profile]),)
	342	AC_CHECK_LIB(krb5,profile_get_integer,
	343	AC_DEFINE(HAVE_PROFILE_GET_INTEGER,1,
	344	[Define to 1 if you have profile_get_integer]),)
	345	AC_CHECK_LIB(krb5,profile_release,
	346	AC_DEFINE(HAVE_PROFILE_RELEASE,1,
	347	[Define to 1 if you have profile_release]),)
	348	AC_CHECK_LIB(krb5,krb5_get_renewed_creds,
	349	AC_DEFINE(HAVE_KRB5_GET_RENEWED_CREDS,1,
	350	[Define to 1 if you have krb5_get_renewed_creds]),)
	351	AC_CHECK_LIB(krb5,krb5_principal_get_realm,
	352	AC_DEFINE(HAVE_KRB5_PRINCIPAL_GET_REALM,1,
	353	[Define to 1 if you have krb5_principal_get_realm]),)
	354	AC_CHECK_LIB(krb5, krb5_get_init_creds_opt_alloc,
	355	AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC,1,
	356	[Define to 1 if you have krb5_get_init_creds_opt_alloc]),)
	357	AC_MSG_CHECKING([for krb5_get_init_creds_free requires krb5_context])
	358	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
75f3c557 MM	359	#if USE_APPLE_KRB5
	360	#define KERBEROS_APPLE_DEPRECATED(x)
	361	#endif
1a22a39e MM	362	#include <krb5.h>
	363	]],[[krb5_context context;
	364	krb5_get_init_creds_opt *options;
	365	krb5_get_init_creds_opt_free(context, options)]])],[
	366	AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_FREE_CONTEXT,1,
	367	[Define to 1 if you krb5_get_init_creds_free requires krb5_context])
	368	AC_MSG_RESULT(yes)
	369	],[AC_MSG_RESULT(no)],[AC_MSG_RESULT(no)])
	370
1a22a39e MM	371	AC_CHECK_FUNCS(gss_map_name_to_any,
	372	AC_DEFINE(HAVE_GSS_MAP_ANY_TO_ANY,1,
	373	[Define to 1 if you have gss_map_name_to_any]),)
	374	AC_CHECK_FUNCS(gsskrb5_extract_authz_data_from_sec_context,
	375	AC_DEFINE(HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT,1,
	376	[Define to 1 if you have gsskrb5_extract_authz_data_from_sec_context]),)
	377
	378	SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE
	379	SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_CACHE,$squid_cv_memory_cache,
	380	[Define if kerberos has MEMORY: cache support])
	381
685277d8 MM	382	SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB
	383	SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_KEYTAB,$squid_cv_memory_keytab,
	384	[Define if kerberos has MEMORY: keytab support])
	385
1a22a39e MM	386	SQUID_CHECK_WORKING_GSSAPI
	387	SQUID_DEFINE_BOOL(HAVE_GSSAPI,$squid_cv_working_gssapi,[GSSAPI support])
	388
	389	SQUID_CHECK_SPNEGO_SUPPORT
	390	SQUID_DEFINE_BOOL(HAVE_SPNEGO,$squid_cv_have_spnego,[SPNEGO support])
	391
	392	SQUID_CHECK_WORKING_KRB5
	393	SQUID_DEFINE_BOOL(HAVE_KRB5,$squid_cv_working_krb5,[KRB5 support])
c8093f05	394	])
1a22a39e	395