acinclude/krb5.m4

   1 dnl
   2 dnl AUTHOR: Squid Web Cache team
   3 dnl
   4 dnl SQUID Web Proxy Cache          http://www.squid-cache.org/
   5 dnl ----------------------------------------------------------
   6 dnl Squid is the result of efforts by numerous individuals from
   7 dnl the Internet community; see the CONTRIBUTORS file for full
   8 dnl details.   Many organizations have provided support for Squid's
   9 dnl development; see the SPONSORS file for full details.  Squid is
  10 dnl Copyrighted (C) 2001 by the Regents of the University of
  11 dnl California; see the COPYRIGHT file for full details.  Squid
  12 dnl incorporates software developed and/or copyrighted by other
  13 dnl sources; see the CREDITS file for full details.
  14 dnl
  15 dnl This program is free software; you can redistribute it and/or modify
  16 dnl it under the terms of the GNU General Public License as published by
  17 dnl the Free Software Foundation; either version 2 of the License, or
  18 dnl (at your option) any later version.
  19 dnl
  20 dnl This program is distributed in the hope that it will be useful,
  21 dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
  22 dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23 dnl GNU General Public License for more details.
  24 dnl
  25 dnl You should have received a copy of the GNU General Public License
  26 dnl along with this program; if not, write to the Free Software
  27 dnl Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  28
  29 dnl these checks must be performed in the same order as here defined,
  30 dnl and have mostly been lifted out of an inlined configure.ac.
  31
  32 dnl checks for a broken solaris header file, and sets squid_cv_broken_krb5_h
  33 dnl to yes if that's the case
  34 AC_DEFUN([SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H], [
  35   AC_CACHE_CHECK([for broken Solaris krb5.h],squid_cv_broken_krb5_h, [
  36     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
  37 #include <krb5.h>
  38 int i;
  39 ]])], [ squid_cv_broken_krb5_h=no ], [
  40     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
  41 #if defined(__cplusplus)
  42 #define KRB5INT_BEGIN_DECLS     extern "C" {
  43 #define KRB5INT_END_DECLS
  44 KRB5INT_BEGIN_DECLS
  45 #endif
  46 #include <krb5.h>
  47 int i;
  48 ]])], [ squid_cv_broken_krb5_h=yes ], [ squid_cv_broken_krb5_h=no ])
  49     ])
  50   ])
  51 ]) dnl SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H
  52
  53
  54 AC_DEFUN([SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H], [
  55   AC_CACHE_CHECK([for broken Heimdal krb5.h],squid_cv_broken_heimdal_krb5_h, [
  56     AC_RUN_IFELSE([AC_LANG_SOURCE([[
  57 #include <krb5.h>
  58 int
  59 main(void)
  60 {
  61         krb5_context context;
  62
  63         krb5_init_context(&context);
  64
  65         return 0;
  66 }
  67 ]])], [ squid_cv_broken_heimdal_krb5_h=no ], [
  68     AC_RUN_IFELSE([AC_LANG_SOURCE([[
  69 #if defined(__cplusplus)
  70 extern "C" {
  71 #endif
  72 #include <krb5.h>
  73 #if defined(__cplusplus)
  74 }
  75 #endif
  76 int
  77 main(void)
  78 {
  79         krb5_context context;
  80
  81         krb5_init_context(&context);
  82
  83         return 0;
  84 }
  85 ]])], [ squid_cv_broken_heimdal_krb5_h=yes ], [ squid_cv_broken_heimdal_krb5_h=no ])
  86     ])
  87   ])
  88 ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H
  89
  90 dnl check the max skew in the krb5 context, and sets squid_cv_max_skew_context
  91 AC_DEFUN([SQUID_CHECK_MAX_SKEW_IN_KRB5_CONTEXT],[
  92   AC_CACHE_CHECK([for max_skew in struct krb5_context],
  93                   squid_cv_max_skew_context, [
  94     AC_COMPILE_IFELSE([
  95       AC_LANG_PROGRAM([[
  96 #if HAVE_BROKEN_SOLARIS_KRB5_H
  97 #if defined(__cplusplus)
  98 #define KRB5INT_BEGIN_DECLS     extern "C" {
  99 #define KRB5INT_END_DECLS
 100 KRB5INT_BEGIN_DECLS
 101 #endif
 102 #endif
 103 #include <krb5.h>
 104 krb5_context kc; kc->max_skew = 1;
 105       ]])
 106     ],[ squid_cv_max_skew_context=yes ],
 107     [ squid_cv_max_skew_context=no ])
 108   ])
 109 ])
 110
 111 dnl check whether the kerberos context has a memory cache. Sets
 112 dnl squid_cv_memory_cache if that's the case.
 113 AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE],[
 114   AC_CACHE_CHECK([for memory cache], squid_cv_memory_cache, [
 115     AC_RUN_IFELSE([
 116       AC_LANG_SOURCE([[
 117 #if HAVE_BROKEN_SOLARIS_KRB5_H
 118 #if defined(__cplusplus)
 119 #define KRB5INT_BEGIN_DECLS     extern "C" {
 120 #define KRB5INT_END_DECLS
 121 KRB5INT_BEGIN_DECLS
 122 #endif
 123 #endif
 124 #include <krb5.h>
 125 int main(int argc, char *argv[])
 126 {
 127     krb5_context context;
 128     krb5_ccache cc;
 129
 130     krb5_init_context(&context);
 131     return krb5_cc_resolve(context, "MEMORY:test_cache", &cc);
 132 }
 133       ]])
 134     ], [ squid_cv_memory_cache=yes ], [ squid_cv_memory_cache=no ], [:])
 135   ])
 136 ])
 137
 138
 139 dnl checks that gssapi is ok, and sets squid_cv_working_gssapi accordingly
 140 AC_DEFUN([SQUID_CHECK_WORKING_GSSAPI], [
 141   AC_CACHE_CHECK([for working gssapi], squid_cv_working_gssapi, [
 142     AC_RUN_IFELSE([AC_LANG_SOURCE([[
 143 #if USE_HEIMDAL_KRB5
 144 #if HAVE_GSSAPI_GSSAPI_H
 145 #include <gssapi/gssapi.h>
 146 #elif HAVE_GSSAPI_H
 147 #include <gssapi.h>
 148 #endif
 149 #elif USE_GNUGSS
 150 #if HAVE_GSS_H
 151 #include <gss.h>
 152 #endif
 153 #else
 154 #if HAVE_GSSAPI_GSSAPI_H
 155 #include <gssapi/gssapi.h>
 156 #elif HAVE_GSSAPI_H
 157 #include <gssapi.h>
 158 #endif
 159 #if HAVE_GSSAPI_GSSAPI_KRB5_H
 160 #include <gssapi/gssapi_krb5.h>
 161 #endif
 162 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
 163 #include <gssapi/gssapi_generic.h>
 164 #endif
 165 #endif
 166 int
 167 main(void)
 168 {
 169         OM_uint32 val;
 170         gss_OID_set set;
 171
 172         gss_create_empty_oid_set(&val, &set);
 173
 174         return 0;
 175 }
 176   ]])],  [ squid_cv_working_gssapi=yes ], [ squid_cv_working_gssapi=no ], [:])])
 177 if test "x$squid_cv_working_gssapi" = "xno" -a `echo $LIBS | grep -i -c "\-L"` -gt 0; then
 178   AC_MSG_NOTICE([Check Runtime library path !])
 179 fi
 180 ])
 181
 182 dnl check for a working spnego, and set squid_cv_have_spnego
 183 AC_DEFUN([SQUID_CHECK_SPNEGO_SUPPORT], [
 184   AC_CACHE_CHECK([for spnego support], squid_cv_have_spnego, [
 185     AC_RUN_IFELSE([AC_LANG_SOURCE([[
 186 #if USE_HEIMDAL_KRB5
 187 #if HAVE_GSSAPI_GSSAPI_H
 188 #include <gssapi/gssapi.h>
 189 #elif HAVE_GSSAPI_H
 190 #include <gssapi.h>
 191 #endif
 192 #elif USE_GNUGSS
 193 #if HAVE_GSS_H
 194 #include <gss.h>
 195 #endif
 196 #else
 197 #if HAVE_GSSAPI_GSSAPI_H
 198 #include <gssapi/gssapi.h>
 199 #elif HAVE_GSSAPI_H
 200 #include <gssapi.h>
 201 #endif
 202 #if HAVE_GSSAPI_GSSAPI_KRB5_H
 203 #include <gssapi/gssapi_krb5.h>
 204 #endif
 205 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
 206 #include <gssapi/gssapi_generic.h>
 207 #endif
 208 #endif
 209 #include <string.h>
 210 int main(int argc, char *argv[]) {
 211  OM_uint32 major_status,minor_status;
 212  gss_OID_set gss_mech_set;
 213  int i;
 214
 215 static gss_OID_desc _gss_mech_spnego  = {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
 216 gss_OID gss_mech_spnego = &_gss_mech_spnego;
 217
 218  major_status = gss_indicate_mechs( &minor_status, &gss_mech_set);
 219
 220  for (i=0;i<gss_mech_set->count;i++) {
 221      if (!memcmp(gss_mech_set->elements[i].elements,gss_mech_spnego->elements,gss_mech_set->elements[i].length)) {
 222         return 0;
 223      }
 224  }
 225
 226  return 1;
 227 }
 228   ]])],
 229   [ squid_cv_have_spnego=yes ], [ squid_cv_have_spnego=no ],[:])])
 230 ])
 231
 232 dnl checks that krb5 is functional. Sets squid_cv_working_krb5
 233 AC_DEFUN([SQUID_CHECK_WORKING_KRB5],[
 234   AC_CACHE_CHECK([for working krb5], squid_cv_working_krb5, [
 235     AC_RUN_IFELSE([AC_LANG_SOURCE([[
 236 #if HAVE_KRB5_H
 237 #if HAVE_BROKEN_SOLARIS_KRB5_H
 238 #if defined(__cplusplus)
 239 #define KRB5INT_BEGIN_DECLS     extern "C" {
 240 #define KRB5INT_END_DECLS
 241 KRB5INT_BEGIN_DECLS
 242 #endif
 243 #endif
 244 #if HAVE_BROKEN_HEIMDAL_KRB5_H
 245 extern "C" {
 246 #include <krb5.h>
 247 }
 248 #else
 249 #include <krb5.h>
 250 #endif
 251 #endif
 252
 253 int
 254 main(void)
 255 {
 256         krb5_context context;
 257
 258         krb5_init_context(&context);
 259
 260         return 0;
 261 }
 262   ]])], [ squid_cv_working_krb5=yes ], [ squid_cv_working_krb5=no ],[:])])
 263 if test "x$squid_cv_working_krb5" = "xno" -a `echo $LIBS | grep -i -c "\-L"` -gt 0; then
 264   AC_MSG_NOTICE([Check Runtime library path !])
 265 fi
 266 ])
 267
 268
 269 dnl checks for existence of krb5 functions
 270 AC_DEFUN([SQUID_CHECK_KRB5_FUNCS],[
 271
 272   AC_CHECK_LIB(krb5,krb5_get_err_text,
 273     AC_DEFINE(HAVE_KRB5_GET_ERR_TEXT,1,
 274       [Define to 1 if you have krb5_get_err_text]),)
 275   AC_CHECK_LIB(krb5,krb5_get_error_message,
 276     AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE,1,
 277       [Define to 1 if you have krb5_get_error_message]),)
 278   AC_CHECK_DECLS(krb5_kt_free_entry,,,[#include <krb5.h>])
 279   AC_CHECK_TYPE(krb5_pac,
 280     AC_DEFINE(HAVE_KRB5_PAC,1,
 281       [Define to 1 if you have krb5_pac]),,
 282       [#include <krb5.h>])
 283   AC_CHECK_LIB(krb5,krb5_kt_free_entry,
 284     AC_DEFINE(HAVE_KRB5_KT_FREE_ENTRY,1,
 285       [Define to 1 if you have krb5_kt_free_entry]),)
 286   AC_CHECK_LIB(krb5,krb5_get_init_creds_keytab,
 287     AC_DEFINE(HAVE_GET_INIT_CREDS_KEYTAB,1,
 288       [Define to 1 if you have krb5_get_init_creds_keytab]),)
 289   AC_CHECK_LIB(krb5,krb5_get_max_time_skew,
 290     AC_DEFINE(HAVE_KRB5_GET_MAX_TIME_SKEW,1,
 291       [Define to 1 if you have krb5_get_max_time_skew]),)
 292   AC_CHECK_LIB(krb5,krb5_get_profile,
 293     AC_DEFINE(HAVE_KRB5_GET_PROFILE,1,
 294       [Define to 1 if you have krb5_get_profile]),)
 295   AC_CHECK_LIB(krb5,profile_get_integer,
 296     AC_DEFINE(HAVE_PROFILE_GET_INTEGER,1,
 297       [Define to 1 if you have profile_get_integer]),)
 298   AC_CHECK_LIB(krb5,profile_release,
 299     AC_DEFINE(HAVE_PROFILE_RELEASE,1,
 300       [Define to 1 if you have profile_release]),)
 301   AC_CHECK_LIB(krb5,krb5_get_renewed_creds,
 302     AC_DEFINE(HAVE_KRB5_GET_RENEWED_CREDS,1,
 303       [Define to 1 if you have krb5_get_renewed_creds]),)
 304   AC_CHECK_LIB(krb5,krb5_principal_get_realm,
 305     AC_DEFINE(HAVE_KRB5_PRINCIPAL_GET_REALM,1,
 306       [Define to 1 if you have krb5_principal_get_realm]),)
 307   AC_CHECK_LIB(krb5, krb5_get_init_creds_opt_alloc,
 308     AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC,1,
 309       [Define to 1 if you have krb5_get_init_creds_opt_alloc]),)
 310   AC_MSG_CHECKING([for krb5_get_init_creds_free requires krb5_context])
 311   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 312         #include <krb5.h>
 313     ]],[[krb5_context context;
 314          krb5_get_init_creds_opt *options;
 315          krb5_get_init_creds_opt_free(context, options)]])],[
 316         AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_FREE_CONTEXT,1,
 317                   [Define to 1 if you krb5_get_init_creds_free requires krb5_context])
 318         AC_MSG_RESULT(yes)
 319     ],[AC_MSG_RESULT(no)],[AC_MSG_RESULT(no)])
 320
 321
 322   AC_CHECK_FUNCS(gss_map_name_to_any,
 323     AC_DEFINE(HAVE_GSS_MAP_ANY_TO_ANY,1,
 324       [Define to 1 if you have gss_map_name_to_any]),)
 325   AC_CHECK_FUNCS(gsskrb5_extract_authz_data_from_sec_context,
 326     AC_DEFINE(HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT,1,
 327       [Define to 1 if you have gsskrb5_extract_authz_data_from_sec_context]),)
 328
 329   SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE
 330   SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_CACHE,$squid_cv_memory_cache,
 331        [Define if kerberos has MEMORY: cache support])
 332
 333   SQUID_CHECK_WORKING_GSSAPI
 334   SQUID_DEFINE_BOOL(HAVE_GSSAPI,$squid_cv_working_gssapi,[GSSAPI support])
 335
 336   SQUID_CHECK_SPNEGO_SUPPORT
 337   SQUID_DEFINE_BOOL(HAVE_SPNEGO,$squid_cv_have_spnego,[SPNEGO support])
 338
 339   SQUID_CHECK_WORKING_KRB5
 340   SQUID_DEFINE_BOOL(HAVE_KRB5,$squid_cv_working_krb5,[KRB5 support])
 341 ])
 342