acinclude/krb5.m4

   1 ## Copyright (C) 1996-2022 The Squid Software Foundation and contributors
   2 ##
   3 ## Squid software is distributed under GPLv2+ license and includes
   4 ## contributions from numerous individuals and organizations.
   5 ## Please see the COPYING and CONTRIBUTORS files for details.
   6 ##
   7
   8 dnl these checks must be performed in the same order as here defined,
   9 dnl and have mostly been lifted out of an inlined configure.ac.
  10
  11 dnl checks for a broken solaris header file, and sets squid_cv_broken_krb5_h
  12 dnl to yes if that's the case
  13 AC_DEFUN([SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H], [
  14   AC_CACHE_CHECK([for broken Solaris krb5.h],squid_cv_broken_krb5_h, [
  15     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
  16 #include <krb5.h>
  17 int i;
  18 ]])], [ squid_cv_broken_krb5_h=no ], [
  19     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
  20 #if defined(__cplusplus)
  21 #define KRB5INT_BEGIN_DECLS     extern "C" {
  22 #define KRB5INT_END_DECLS
  23 KRB5INT_BEGIN_DECLS
  24 #endif
  25 #include <krb5.h>
  26 int i;
  27 ]])], [ squid_cv_broken_krb5_h=yes ], [ squid_cv_broken_krb5_h=no ])
  28     ])
  29   ])
  30 ]) dnl SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H
  31
  32
  33 AC_DEFUN([SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H], [
  34   AC_CACHE_CHECK([for broken Heimdal krb5.h],squid_cv_broken_heimdal_krb5_h, [
  35     AC_RUN_IFELSE([AC_LANG_SOURCE([[
  36 #include <krb5.h>
  37 int
  38 main(void)
  39 {
  40         krb5_context context;
  41
  42         krb5_init_context(&context);
  43
  44         return 0;
  45 }
  46 ]])], [ squid_cv_broken_heimdal_krb5_h=no ], [
  47     AC_RUN_IFELSE([AC_LANG_SOURCE([[
  48 #if defined(__cplusplus)
  49 extern "C" {
  50 #endif
  51 #include <krb5.h>
  52 #if defined(__cplusplus)
  53 }
  54 #endif
  55 int
  56 main(void)
  57 {
  58         krb5_context context;
  59
  60         krb5_init_context(&context);
  61
  62         return 0;
  63 }
  64 ]])], [ squid_cv_broken_heimdal_krb5_h=yes ], [ squid_cv_broken_heimdal_krb5_h=no ])
  65     ])
  66   ])
  67 ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H
  68
  69 dnl check the max skew in the krb5 context, and sets squid_cv_max_skew_context
  70 AC_DEFUN([SQUID_CHECK_MAX_SKEW_IN_KRB5_CONTEXT],[
  71   AC_CACHE_CHECK([for max_skew in struct krb5_context],
  72                   squid_cv_max_skew_context, [
  73     AC_COMPILE_IFELSE([
  74       AC_LANG_PROGRAM([[
  75 #if HAVE_BROKEN_SOLARIS_KRB5_H
  76 #if defined(__cplusplus)
  77 #define KRB5INT_BEGIN_DECLS     extern "C" {
  78 #define KRB5INT_END_DECLS
  79 KRB5INT_BEGIN_DECLS
  80 #endif
  81 #endif
  82 #if USE_APPLE_KRB5
  83 #define KERBEROS_APPLE_DEPRECATED(x)
  84 #endif
  85 #include <krb5.h>
  86 krb5_context kc; kc->max_skew = 1;
  87       ]])
  88     ],[ squid_cv_max_skew_context=yes ],
  89     [ squid_cv_max_skew_context=no ])
  90   ])
  91 ])
  92
  93 dnl check whether the kerberos context has a memory cache. Sets
  94 dnl squid_cv_memory_cache if that's the case.
  95 AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE],[
  96   AC_CACHE_CHECK([for memory cache], squid_cv_memory_cache, [
  97     AC_RUN_IFELSE([
  98       AC_LANG_SOURCE([[
  99 #if HAVE_BROKEN_SOLARIS_KRB5_H
 100 #if defined(__cplusplus)
 101 #define KRB5INT_BEGIN_DECLS     extern "C" {
 102 #define KRB5INT_END_DECLS
 103 KRB5INT_BEGIN_DECLS
 104 #endif
 105 #endif
 106 #if USE_APPLE_KRB5
 107 #define KERBEROS_APPLE_DEPRECATED(x)
 108 #endif
 109 #include <krb5.h>
 110 int main(int argc, char *argv[])
 111 {
 112     krb5_context context;
 113     krb5_ccache cc;
 114
 115     krb5_init_context(&context);
 116     return krb5_cc_resolve(context, "MEMORY:test_cache", &cc);
 117 }
 118       ]])
 119     ], [ squid_cv_memory_cache=yes ], [ squid_cv_memory_cache=no ], [:])
 120   ])
 121 ])
 122
 123 dnl check whether the kerberos context has a memory keytab. Sets
 124 dnl squid_cv_memory_keytab if that's the case.
 125 AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB],[
 126   AC_CACHE_CHECK([for memory keytab], squid_cv_memory_keytab, [
 127     AC_RUN_IFELSE([
 128       AC_LANG_SOURCE([[
 129 #if HAVE_BROKEN_SOLARIS_KRB5_H
 130 #if defined(__cplusplus)
 131 #define KRB5INT_BEGIN_DECLS     extern "C" {
 132 #define KRB5INT_END_DECLS
 133 KRB5INT_BEGIN_DECLS
 134 #endif
 135 #endif
 136 #if USE_APPLE_KRB5
 137 #define KERBEROS_APPLE_DEPRECATED(x)
 138 #endif
 139 #include <krb5.h>
 140 int main(int argc, char *argv[])
 141 {
 142     krb5_context context;
 143     krb5_keytab kt;
 144
 145     krb5_init_context(&context);
 146     return krb5_kt_resolve(context, "MEMORY:test_keytab", &kt);
 147 }
 148       ]])
 149     ], [ squid_cv_memory_keytab=yes ], [ squid_cv_memory_keytab=no ], [:])
 150   ])
 151 ])
 152
 153
 154 dnl checks that gssapi is ok, and sets squid_cv_working_gssapi accordingly
 155 AC_DEFUN([SQUID_CHECK_WORKING_GSSAPI], [
 156   AC_CACHE_CHECK([for working gssapi], squid_cv_working_gssapi, [
 157     AC_RUN_IFELSE([AC_LANG_SOURCE([[
 158 #if USE_HEIMDAL_KRB5
 159 #if HAVE_GSSAPI_GSSAPI_H
 160 #include <gssapi/gssapi.h>
 161 #elif HAVE_GSSAPI_H
 162 #include <gssapi.h>
 163 #endif
 164 #elif USE_GNUGSS
 165 #if HAVE_GSS_H
 166 #include <gss.h>
 167 #endif
 168 #else
 169 #if USE_APPLE_KRB5
 170 #define GSSKRB_APPLE_DEPRECATED(x)
 171 #endif
 172 #if HAVE_GSSAPI_GSSAPI_H
 173 #include <gssapi/gssapi.h>
 174 #elif HAVE_GSSAPI_H
 175 #include <gssapi.h>
 176 #endif
 177 #if HAVE_GSSAPI_GSSAPI_KRB5_H
 178 #include <gssapi/gssapi_krb5.h>
 179 #endif
 180 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
 181 #include <gssapi/gssapi_generic.h>
 182 #endif
 183 #endif
 184 int
 185 main(void)
 186 {
 187         OM_uint32 val;
 188         gss_OID_set set;
 189
 190         gss_create_empty_oid_set(&val, &set);
 191
 192         return 0;
 193 }
 194   ]])],  [ squid_cv_working_gssapi=yes ], [ squid_cv_working_gssapi=no ], [:])])
 195   AS_IF([test "x$squid_cv_working_gssapi" = "xno" -a `echo $LIBS | grep -i -c "\-L"` -gt 0],[
 196     AC_MSG_NOTICE([Check Runtime library path !])
 197   ])
 198 ])
 199
 200 dnl check for a working spnego, and set squid_cv_have_spnego
 201 AC_DEFUN([SQUID_CHECK_SPNEGO_SUPPORT], [
 202   AC_CACHE_CHECK([for spnego support], squid_cv_have_spnego, [
 203     AC_RUN_IFELSE([AC_LANG_SOURCE([[
 204 #if USE_HEIMDAL_KRB5
 205 #if HAVE_GSSAPI_GSSAPI_H
 206 #include <gssapi/gssapi.h>
 207 #elif HAVE_GSSAPI_H
 208 #include <gssapi.h>
 209 #endif
 210 #elif USE_GNUGSS
 211 #if HAVE_GSS_H
 212 #include <gss.h>
 213 #endif
 214 #else
 215 #if USE_APPLE_KRB5
 216 #define GSSKRB_APPLE_DEPRECATED(x)
 217 #endif
 218 #if HAVE_GSSAPI_GSSAPI_H
 219 #include <gssapi/gssapi.h>
 220 #elif HAVE_GSSAPI_H
 221 #include <gssapi.h>
 222 #endif
 223 #if HAVE_GSSAPI_GSSAPI_KRB5_H
 224 #include <gssapi/gssapi_krb5.h>
 225 #endif
 226 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
 227 #include <gssapi/gssapi_generic.h>
 228 #endif
 229 #endif
 230 #include <string.h>
 231 int main(int argc, char *argv[]) {
 232  OM_uint32 major_status,minor_status;
 233  gss_OID_set gss_mech_set;
 234  int i;
 235
 236 static gss_OID_desc _gss_mech_spnego  = {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
 237 gss_OID gss_mech_spnego = &_gss_mech_spnego;
 238
 239  major_status = gss_indicate_mechs( &minor_status, &gss_mech_set);
 240
 241  for (i=0;i<gss_mech_set->count;i++) {
 242      if (!memcmp(gss_mech_set->elements[i].elements,gss_mech_spnego->elements,gss_mech_set->elements[i].length)) {
 243         return 0;
 244      }
 245  }
 246
 247  return 1;
 248 }
 249   ]])],
 250   [ squid_cv_have_spnego=yes ], [ squid_cv_have_spnego=no ],[:])])
 251 ])
 252
 253 dnl checks that krb5 is functional. Sets squid_cv_working_krb5
 254 AC_DEFUN([SQUID_CHECK_WORKING_KRB5],[
 255   AC_CACHE_CHECK([for working krb5], squid_cv_working_krb5, [
 256     AC_RUN_IFELSE([AC_LANG_SOURCE([[
 257 #if USE_APPLE_KRB5
 258 #define KERBEROS_APPLE_DEPRECATED(x)
 259 #endif
 260 #if HAVE_KRB5_H
 261 #if HAVE_BROKEN_SOLARIS_KRB5_H
 262 #if defined(__cplusplus)
 263 #define KRB5INT_BEGIN_DECLS     extern "C" {
 264 #define KRB5INT_END_DECLS
 265 KRB5INT_BEGIN_DECLS
 266 #endif
 267 #endif
 268 #if HAVE_BROKEN_HEIMDAL_KRB5_H
 269 extern "C" {
 270 #include <krb5.h>
 271 }
 272 #else
 273 #include <krb5.h>
 274 #endif
 275 #endif
 276
 277 int
 278 main(void)
 279 {
 280         krb5_context context;
 281
 282         krb5_init_context(&context);
 283
 284         return 0;
 285 }
 286   ]])], [ squid_cv_working_krb5=yes ], [ squid_cv_working_krb5=no ],[:])])
 287   AS_IF([test "x$squid_cv_working_krb5" = "xno" -a `echo $LIBS | grep -i -c "\-L"` -gt 0],[
 288     AC_MSG_NOTICE([Check Runtime library path !])
 289   ])
 290 ])
 291
 292
 293 dnl checks for existence of krb5 functions
 294 AC_DEFUN([SQUID_CHECK_KRB5_FUNCS],[
 295
 296   ac_com_error_message=no
 297   AS_IF([test "x$ac_cv_header_com_err_h" = "xyes"],[
 298     AC_EGREP_HEADER(error_message,com_err.h,ac_com_error_message=yes)],
 299   [test "x$ac_cv_header_et_com_err_h" = "xyes"],[
 300     AC_EGREP_HEADER(error_message,et/com_err.h,ac_com_error_message=yes)
 301   ])
 302
 303   AS_IF([test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" = "xyes"],[
 304     AC_CHECK_LIB(com_err,error_message,
 305       AC_DEFINE(HAVE_ERROR_MESSAGE,1,[Define to 1 if you have error_message]),)
 306   ],[test  "x$ac_com_error_message" = "xyes"],[
 307     AC_CHECK_LIB(krb5,error_message,
 308       AC_DEFINE(HAVE_ERROR_MESSAGE,1,[Define to 1 if you have error_message]),)
 309   ])
 310
 311   AC_CHECK_LIB(krb5,krb5_get_err_text,
 312     AC_DEFINE(HAVE_KRB5_GET_ERR_TEXT,1,
 313       [Define to 1 if you have krb5_get_err_text]),)
 314   AC_CHECK_LIB(krb5,krb5_get_error_message,
 315     AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE,1,
 316       [Define to 1 if you have krb5_get_error_message]),)
 317   AC_CHECK_LIB(krb5,krb5_free_error_message,
 318     AC_DEFINE(HAVE_KRB5_FREE_ERROR_MESSAGE,1,
 319       [Define to 1 if you have krb5_free_error_message]),)
 320   AC_CHECK_LIB(krb5,krb5_free_error_string,
 321     AC_DEFINE(HAVE_KRB5_FREE_ERROR_STRING,1,
 322       [Define to 1 if you have krb5_free_error_string]),)
 323   AC_CHECK_DECLS(krb5_kt_free_entry,,,[#include <krb5.h>])
 324   AC_CHECK_TYPE(krb5_pac,
 325     AC_DEFINE(HAVE_KRB5_PAC,1,
 326       [Define to 1 if you have krb5_pac]),,
 327       [#include <krb5.h>])
 328   AC_CHECK_LIB(krb5,krb5_kt_free_entry,
 329     AC_DEFINE(HAVE_KRB5_KT_FREE_ENTRY,1,
 330       [Define to 1 if you have krb5_kt_free_entry]),)
 331   AC_CHECK_LIB(krb5,krb5_get_init_creds_keytab,
 332     AC_DEFINE(HAVE_GET_INIT_CREDS_KEYTAB,1,
 333       [Define to 1 if you have krb5_get_init_creds_keytab]),)
 334   AC_CHECK_LIB(krb5,krb5_get_max_time_skew,
 335     AC_DEFINE(HAVE_KRB5_GET_MAX_TIME_SKEW,1,
 336       [Define to 1 if you have krb5_get_max_time_skew]),)
 337   AC_CHECK_LIB(krb5,krb5_get_profile,
 338     AC_DEFINE(HAVE_KRB5_GET_PROFILE,1,
 339       [Define to 1 if you have krb5_get_profile]),)
 340   AC_CHECK_LIB(krb5,profile_get_integer,
 341     AC_DEFINE(HAVE_PROFILE_GET_INTEGER,1,
 342       [Define to 1 if you have profile_get_integer]),)
 343   AC_CHECK_LIB(krb5,profile_release,
 344     AC_DEFINE(HAVE_PROFILE_RELEASE,1,
 345       [Define to 1 if you have profile_release]),)
 346   AC_CHECK_LIB(krb5,krb5_get_renewed_creds,
 347     AC_DEFINE(HAVE_KRB5_GET_RENEWED_CREDS,1,
 348       [Define to 1 if you have krb5_get_renewed_creds]),)
 349   AC_CHECK_LIB(krb5,krb5_principal_get_realm,
 350     AC_DEFINE(HAVE_KRB5_PRINCIPAL_GET_REALM,1,
 351       [Define to 1 if you have krb5_principal_get_realm]),)
 352   AC_CHECK_LIB(krb5, krb5_get_init_creds_opt_alloc,
 353     AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC,1,
 354       [Define to 1 if you have krb5_get_init_creds_opt_alloc]),)
 355   AC_MSG_CHECKING([for krb5_get_init_creds_free requires krb5_context])
 356   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 357         #if USE_APPLE_KRB5
 358         #define KERBEROS_APPLE_DEPRECATED(x)
 359         #endif
 360         #include <krb5.h>
 361     ]],[[krb5_context context;
 362          krb5_get_init_creds_opt *options;
 363          krb5_get_init_creds_opt_free(context, options)]])],[
 364         AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_FREE_CONTEXT,1,
 365                   [Define to 1 if you krb5_get_init_creds_free requires krb5_context])
 366         AC_MSG_RESULT(yes)
 367     ],[AC_MSG_RESULT(no)],[AC_MSG_RESULT(no)])
 368
 369   AC_CHECK_FUNCS(gss_map_name_to_any,
 370     AC_DEFINE(HAVE_GSS_MAP_ANY_TO_ANY,1,
 371       [Define to 1 if you have gss_map_name_to_any]),)
 372   AC_CHECK_FUNCS(gsskrb5_extract_authz_data_from_sec_context,
 373     AC_DEFINE(HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT,1,
 374       [Define to 1 if you have gsskrb5_extract_authz_data_from_sec_context]),)
 375
 376   SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE
 377   SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_CACHE,$squid_cv_memory_cache,
 378        [Define if kerberos has MEMORY: cache support])
 379
 380   SQUID_CHECK_KRB5_CONTEXT_MEMORY_KEYTAB
 381   SQUID_DEFINE_BOOL(HAVE_KRB5_MEMORY_KEYTAB,$squid_cv_memory_keytab,
 382        [Define if kerberos has MEMORY: keytab support])
 383
 384   SQUID_CHECK_WORKING_GSSAPI
 385   SQUID_DEFINE_BOOL(HAVE_GSSAPI,$squid_cv_working_gssapi,[GSSAPI support])
 386
 387   SQUID_CHECK_SPNEGO_SUPPORT
 388   SQUID_DEFINE_BOOL(HAVE_SPNEGO,$squid_cv_have_spnego,[SPNEGO support])
 389
 390   SQUID_CHECK_WORKING_KRB5
 391   SQUID_DEFINE_BOOL(HAVE_KRB5,$squid_cv_working_krb5,[KRB5 support])
 392 ])
 393