]> git.ipfire.org Git - thirdparty/squid.git/blob - acinclude/krb5.m4
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Redux broken krb5.h handling (#1156)
[thirdparty/squid.git] / acinclude / krb5.m4
1 ## Copyright (C) 1996-2022 The Squid Software Foundation and contributors
2 ##
3 ## Squid software is distributed under GPLv2+ license and includes
4 ## contributions from numerous individuals and organizations.
5 ## Please see the COPYING and CONTRIBUTORS files for details.
6 ##
7
8 dnl these checks must be performed in the same order as here defined,
9 dnl and have mostly been lifted out of an inlined configure.ac.
10
11 dnl checks for a broken solaris header file, and sets squid_cv_broken_krb5_h
12 dnl to yes if that's the case
13 AC_DEFUN([SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H], [
14 AC_CACHE_CHECK([for broken Solaris krb5.h],squid_cv_broken_krb5_h, [
15 SQUID_STATE_SAVE(squid_krb5_solaris_test)
16 CPPFLAGS="-I${srcdir:-.} $CPPFLAGS"
17 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
18 #include <krb5.h>
19 int i;
20 ]])], [ squid_cv_broken_krb5_h=no ], [
21 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
22 #define HAVE_BROKEN_SOLARIS_KRB5_H 1
23 #include "compat/krb5.h"
24 int i;
25 ]])], [ squid_cv_broken_krb5_h=yes ], [ squid_cv_broken_krb5_h=no ])
26 ])
27 SQUID_STATE_ROLLBACK(squid_krb5_solaris_test)
28 ])
29 ]) dnl SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H
30
31
32 AC_DEFUN([SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H], [
33 AC_CACHE_CHECK([for broken Heimdal krb5.h],squid_cv_broken_heimdal_krb5_h, [
34 SQUID_STATE_SAVE(squid_krb5_heimdal_test)
35 CPPFLAGS="-I${srcdir:-.} $CPPFLAGS"
36 AC_RUN_IFELSE([AC_LANG_SOURCE([[
37 #include <krb5.h>
38 int
39 main(void)
40 {
41 krb5_context context;
42
43 krb5_init_context(&context);
44
45 return 0;
46 }
47 ]])], [ squid_cv_broken_heimdal_krb5_h=no ], [
48 AC_RUN_IFELSE([AC_LANG_SOURCE([[
49 #define HAVE_BROKEN_HEIMDAL_KRB5_H 1
50 #include "compat/krb5.h"
51 int
52 main(void)
53 {
54 krb5_context context;
55
56 krb5_init_context(&context);
57
58 return 0;
59 }
60 ]])], [ squid_cv_broken_heimdal_krb5_h=yes ], [ squid_cv_broken_heimdal_krb5_h=no ])
61 ])
62 SQUID_STATE_ROLLBACK(squid_krb5_heimdal_test)
63 ])
64 ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H
65
66 dnl check the max skew in the krb5 context, and sets squid_cv_max_skew_context
67 AC_DEFUN([SQUID_CHECK_MAX_SKEW_IN_KRB5_CONTEXT],[
68 AC_CACHE_CHECK([for max_skew in struct krb5_context],
69 squid_cv_max_skew_context, [
70 SQUID_STATE_SAVE(squid_krb5_test)
71 CPPFLAGS="-I${srcdir:-.} $CPPFLAGS"
72 AC_COMPILE_IFELSE([
73 AC_LANG_PROGRAM([[
74 #include "compat/krb5.h"
75 krb5_context kc; kc->max_skew = 1;
76 ]])
77 ],[ squid_cv_max_skew_context=yes ],
78 [ squid_cv_max_skew_context=no ])
79 SQUID_STATE_ROLLBACK(squid_krb5_test)
80 ])
81 ])
82
83 dnl check whether the kerberos context has a memory cache. Sets
84 dnl squid_cv_memory_cache if that's the case.
85 AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE],[
86 AC_CACHE_CHECK([for memory cache], squid_cv_memory_cache, [
87 SQUID_STATE_SAVE(squid_krb5_test)
88 CPPFLAGS="-I${srcdir:-.} $CPPFLAGS"
89 AC_RUN_IFELSE([
90 AC_LANG_SOURCE([[
91 #include "compat/krb5.h"
92 int main(int argc, char *argv[])
93 {
94 krb5_context context;
95 krb5_ccache cc;
96
97 krb5_init_context(&context);
98 return krb5_cc_resolve(context, "MEMORY:test_cache", &cc);
99 }
100 ]])
101 ], [ squid_cv_memory_cache=yes ], [ squid_cv_memory_cache=no ], [:])
102 SQUID_STATE_ROLLBACK(squid_krb5_test)
103 ])
104 ])
105
106 dnl check whether the kerberos context has a memory keytab. Sets
107 dnl squid_cv_memory_keytab if that's the case.
108 AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB],[
109 AC_CACHE_CHECK([for memory keytab], squid_cv_memory_keytab, [
110 SQUID_STATE_SAVE(squid_krb5_test)
111 CPPFLAGS="-I${srcdir:-.} $CPPFLAGS"
112 AC_RUN_IFELSE([
113 AC_LANG_SOURCE([[
114 #include "compat/krb5.h"
115 int main(int argc, char *argv[])
116 {
117 krb5_context context;
118 krb5_keytab kt;
119
120 krb5_init_context(&context);
121 return krb5_kt_resolve(context, "MEMORY:test_keytab", &kt);
122 }
123 ]])
124 ], [ squid_cv_memory_keytab=yes ], [ squid_cv_memory_keytab=no ], [:])
125 SQUID_STATE_ROLLBACK(squid_krb5_test)
126 ])
127 ])
128
129
130 dnl checks that gssapi is ok, and sets squid_cv_working_gssapi accordingly
131 AC_DEFUN([SQUID_CHECK_WORKING_GSSAPI], [
132 AC_CACHE_CHECK([for working gssapi], squid_cv_working_gssapi, [
133 AC_RUN_IFELSE([AC_LANG_SOURCE([[
134 #if USE_HEIMDAL_KRB5
135 #if HAVE_GSSAPI_GSSAPI_H
136 #include <gssapi/gssapi.h>
137 #elif HAVE_GSSAPI_H
138 #include <gssapi.h>
139 #endif
140 #elif USE_GNUGSS
141 #if HAVE_GSS_H
142 #include <gss.h>
143 #endif
144 #else
145 #if USE_APPLE_KRB5
146 #define GSSKRB_APPLE_DEPRECATED(x)
147 #endif
148 #if HAVE_GSSAPI_GSSAPI_H
149 #include <gssapi/gssapi.h>
150 #elif HAVE_GSSAPI_H
151 #include <gssapi.h>
152 #endif
153 #if HAVE_GSSAPI_GSSAPI_KRB5_H
154 #include <gssapi/gssapi_krb5.h>
155 #endif
156 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
157 #include <gssapi/gssapi_generic.h>
158 #endif
159 #endif
160 int
161 main(void)
162 {
163 OM_uint32 val;
164 gss_OID_set set;
165
166 gss_create_empty_oid_set(&val, &set);
167
168 return 0;
169 }
170 ]])], [ squid_cv_working_gssapi=yes ], [ squid_cv_working_gssapi=no ], [:])])
171 AS_IF([test "x$squid_cv_working_gssapi" = "xno" -a `echo $LIBS | grep -i -c "(-)L"` -gt 0],[
172 AC_MSG_NOTICE([Check Runtime library path !])
173 ])
174 ])
175
176 dnl check for a working spnego, and set squid_cv_have_spnego
177 AC_DEFUN([SQUID_CHECK_SPNEGO_SUPPORT], [
178 AC_CACHE_CHECK([for spnego support], squid_cv_have_spnego, [
179 AC_RUN_IFELSE([AC_LANG_SOURCE([[
180 #if USE_HEIMDAL_KRB5
181 #if HAVE_GSSAPI_GSSAPI_H
182 #include <gssapi/gssapi.h>
183 #elif HAVE_GSSAPI_H
184 #include <gssapi.h>
185 #endif
186 #elif USE_GNUGSS
187 #if HAVE_GSS_H
188 #include <gss.h>
189 #endif
190 #else
191 #if USE_APPLE_KRB5
192 #define GSSKRB_APPLE_DEPRECATED(x)
193 #endif
194 #if HAVE_GSSAPI_GSSAPI_H
195 #include <gssapi/gssapi.h>
196 #elif HAVE_GSSAPI_H
197 #include <gssapi.h>
198 #endif
199 #if HAVE_GSSAPI_GSSAPI_KRB5_H
200 #include <gssapi/gssapi_krb5.h>
201 #endif
202 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
203 #include <gssapi/gssapi_generic.h>
204 #endif
205 #endif
206 #include <string.h>
207 int main(int argc, char *argv[]) {
208 OM_uint32 major_status,minor_status;
209 gss_OID_set gss_mech_set;
210 int i;
211
212 static gss_OID_desc _gss_mech_spnego = {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
213 gss_OID gss_mech_spnego = &_gss_mech_spnego;
214
215 major_status = gss_indicate_mechs( &minor_status, &gss_mech_set);
216
217 for (i=0;i<gss_mech_set->count;i++) {
218 if (!memcmp(gss_mech_set->elements[i].elements,gss_mech_spnego->elements,gss_mech_set->elements[i].length)) {
219 return 0;
220 }
221 }
222
223 return 1;
224 }
225 ]])],
226 [ squid_cv_have_spnego=yes ], [ squid_cv_have_spnego=no ],[:])])
227 ])
228
229 dnl checks that krb5 is functional. Sets squid_cv_working_krb5
230 AC_DEFUN([SQUID_CHECK_WORKING_KRB5],[
231 AC_CACHE_CHECK([for working krb5], squid_cv_working_krb5, [
232 SQUID_STATE_SAVE(squid_krb5_test)
233 CPPFLAGS="-I${srcdir:-.} $CPPFLAGS"
234 AC_RUN_IFELSE([AC_LANG_SOURCE([[
235 #include "compat/krb5.h"
236 int
237 main(void)
238 {
239 krb5_context context;
240
241 krb5_init_context(&context);
242
243 return 0;
244 }
245 ]])], [ squid_cv_working_krb5=yes ], [ squid_cv_working_krb5=no ],[:])])
246 SQUID_STATE_ROLLBACK(squid_krb5_test)
247 AS_IF([test "x$squid_cv_working_krb5" = "xno" -a `echo $LIBS | grep -i -c "(-)L"` -gt 0],[
248 AC_MSG_NOTICE([Check Runtime library path !])
249 ])
250 ])
251
252
253 dnl checks for existence of krb5 functions
254 AC_DEFUN([SQUID_CHECK_KRB5_FUNCS],[
255
256 ac_com_error_message=no
257 AS_IF([test "x$ac_cv_header_com_err_h" = "xyes"],[
258 AC_EGREP_HEADER(error_message,com_err.h,ac_com_error_message=yes)],
259 [test "x$ac_cv_header_et_com_err_h" = "xyes"],[
260 AC_EGREP_HEADER(error_message,et/com_err.h,ac_com_error_message=yes)
261 ])
262
263 AS_IF([test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" = "xyes"],[
264 AC_CHECK_LIB(com_err,error_message,
265 AC_DEFINE(HAVE_ERROR_MESSAGE,1,[Define to 1 if you have error_message]),)
266 ],[test "x$ac_com_error_message" = "xyes"],[
267 AC_CHECK_LIB(krb5,error_message,
268 AC_DEFINE(HAVE_ERROR_MESSAGE,1,[Define to 1 if you have error_message]),)
269 ])
270
271 AC_CHECK_LIB(krb5,krb5_get_err_text,
272 AC_DEFINE(HAVE_KRB5_GET_ERR_TEXT,1,
273 [Define to 1 if you have krb5_get_err_text]),)
274 AC_CHECK_LIB(krb5,krb5_get_error_message,
275 AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE,1,
276 [Define to 1 if you have krb5_get_error_message]),)
277 AC_CHECK_LIB(krb5,krb5_free_error_message,
278 AC_DEFINE(HAVE_KRB5_FREE_ERROR_MESSAGE,1,
279 [Define to 1 if you have krb5_free_error_message]),)
280 AC_CHECK_LIB(krb5,krb5_free_error_string,
281 AC_DEFINE(HAVE_KRB5_FREE_ERROR_STRING,1,
282 [Define to 1 if you have krb5_free_error_string]),)
283 AC_CHECK_DECLS(krb5_kt_free_entry,,,[#include <krb5.h>])
284 AC_CHECK_TYPE(krb5_pac,
285 AC_DEFINE(HAVE_KRB5_PAC,1,
286 [Define to 1 if you have krb5_pac]),,
287 [#include <krb5.h>])
288 AC_CHECK_LIB(krb5,krb5_kt_free_entry,
289 AC_DEFINE(HAVE_KRB5_KT_FREE_ENTRY,1,
290 [Define to 1 if you have krb5_kt_free_entry]),)
291 AC_CHECK_LIB(krb5,krb5_get_init_creds_keytab,
292 AC_DEFINE(HAVE_GET_INIT_CREDS_KEYTAB,1,
293 [Define to 1 if you have krb5_get_init_creds_keytab]),)
294 AC_CHECK_LIB(krb5,krb5_get_max_time_skew,
295 AC_DEFINE(HAVE_KRB5_GET_MAX_TIME_SKEW,1,
296 [Define to 1 if you have krb5_get_max_time_skew]),)
297 AC_CHECK_LIB(krb5,krb5_get_profile,
298 AC_DEFINE(HAVE_KRB5_GET_PROFILE,1,
299 [Define to 1 if you have krb5_get_profile]),)
300 AC_CHECK_LIB(krb5,profile_get_integer,
301 AC_DEFINE(HAVE_PROFILE_GET_INTEGER,1,
302 [Define to 1 if you have profile_get_integer]),)
303 AC_CHECK_LIB(krb5,profile_release,
304 AC_DEFINE(HAVE_PROFILE_RELEASE,1,
305 [Define to 1 if you have profile_release]),)
306 AC_CHECK_LIB(krb5,krb5_get_renewed_creds,
307 AC_DEFINE(HAVE_KRB5_GET_RENEWED_CREDS,1,
308 [Define to 1 if you have krb5_get_renewed_creds]),)
309 AC_CHECK_LIB(krb5,krb5_principal_get_realm,
310 AC_DEFINE(HAVE_KRB5_PRINCIPAL_GET_REALM,1,
311 [Define to 1 if you have krb5_principal_get_realm]),)
312 AC_CHECK_LIB(krb5, krb5_get_init_creds_opt_alloc,
313 AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC,1,
314 [Define to 1 if you have krb5_get_init_creds_opt_alloc]),)
315 AC_MSG_CHECKING([for krb5_get_init_creds_free requires krb5_context])
316 SQUID_STATE_SAVE(squid_krb5_test)
317 CPPFLAGS="-I${srcdir:-.} $CPPFLAGS"
318 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
319 #include "compat/krb5.h"
320 ]],[[krb5_context context;
321 krb5_get_init_creds_opt *options;
322 krb5_get_init_creds_opt_free(context, options)]])],[
323 AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_FREE_CONTEXT,1,
324 [Define to 1 if you krb5_get_init_creds_free requires krb5_context])
325 AC_MSG_RESULT(yes)
326 ],[AC_MSG_RESULT(no)],[AC_MSG_RESULT(no)])
327 SQUID_STATE_ROLLBACK(squid_krb5_test)
328
329 AC_CHECK_FUNCS(gss_map_name_to_any,
330 AC_DEFINE(HAVE_GSS_MAP_ANY_TO_ANY,1,
331 [Define to 1 if you have gss_map_name_to_any]),)
332 AC_CHECK_FUNCS(gsskrb5_extract_authz_data_from_sec_context,
333 AC_DEFINE(HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT,1,
334 [Define to 1 if you have gsskrb5_extract_authz_data_from_sec_context]),)
335
336 SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE
337 SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_CACHE,$squid_cv_memory_cache,
338 [Define if kerberos has MEMORY: cache support])
339
340 SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB
341 SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_KEYTAB,$squid_cv_memory_keytab,
342 [Define if kerberos has MEMORY: keytab support])
343
344 SQUID_CHECK_WORKING_GSSAPI
345 SQUID_DEFINE_BOOL(HAVE_GSSAPI,$squid_cv_working_gssapi,[GSSAPI support])
346
347 SQUID_CHECK_SPNEGO_SUPPORT
348 SQUID_DEFINE_BOOL(HAVE_SPNEGO,$squid_cv_have_spnego,[SPNEGO support])
349
350 SQUID_CHECK_WORKING_KRB5
351 SQUID_DEFINE_BOOL(HAVE_KRB5,$squid_cv_working_krb5,[KRB5 support])
352 ])
353
Mirror of https://github.com/squid-cache/squid.git