targetname
mod_cflags
mod_ldflags
+krb5config
CPP
OBJEXT
EXEEXT
ac_subst_files=''
ac_user_opts='
enable_option_checking
-with_rlm_krb5_lib_dir
-with_rlm_krb5_include_dir
+with_rlm_krb5_dir
'
ac_precious_vars='build_alias
host_alias
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --with-rlm-krb5-lib-dir=DIR Directory for krb5 library files
- --with-rlm-krb5-include-dir=DIR Directory for krb5 include files
+ --with-rlm-krb5-dir=DIR Directory for krb5 files
Some influential environment variables:
CC C compiler command
ac_compiler_gnu=$ac_cv_c_compiler_gnu
- rlm_krb5_lib_dir=
+ rlm_krb5_dir=
-# Check whether --with-rlm-krb5-lib-dir was given.
-if test "${with_rlm_krb5_lib_dir+set}" = set; then :
- withval=$with_rlm_krb5_lib_dir; case "$withval" in
+# Check whether --with-rlm-krb5-dir was given.
+if test "${with_rlm_krb5_dir+set}" = set; then :
+ withval=$with_rlm_krb5_dir; case "$withval" in
no)
- as_fn_error $? "Need rlm-krb5-lib-dir" "$LINENO" 5
+ as_fn_error $? "Need rlm-krb5-dir" "$LINENO" 5
;;
yes)
;;
*)
- rlm_krb5_lib_dir="$withval"
+ rlm_krb5_dir="$withval"
;;
esac
fi
- rlm_krb5_inc_dir=
-
-# Check whether --with-rlm-krb5-include-dir was given.
-if test "${with_rlm_krb5_include_dir+set}" = set; then :
- withval=$with_rlm_krb5_include_dir; case "$withval" in
- no)
- as_fn_error $? "Need rlm-krb5-include-dir" "$LINENO" 5
- ;;
- yes)
- ;;
- *)
- rlm_krb5_include_dir="$withval"
- ;;
- esac
+ # Extract the first word of "krb5-config", so it can be a program name with args.
+set dummy krb5-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_krb5config+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $krb5config in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_krb5config="$krb5config" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="${rlm_krb5_dir}/bin:${PATH}:/usr/bin:/usr/local/bin"
+for as_dir in $as_dummy
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_krb5config="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+ test -z "$ac_cv_path_krb5config" && ac_cv_path_krb5config="not-found"
+ ;;
+esac
+fi
+krb5config=$ac_cv_path_krb5config
+if test -n "$krb5config"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5config" >&5
+$as_echo "$krb5config" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
- smart_try_dir=$rlm_krb5_include_dir
+ if test "krb5config" != "not-found"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config CFLAGS" >&5
+$as_echo_n "checking krb5-config CFLAGS... " >&6; }
+ SMART_CFLAGS=$($krb5config --cflags)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${SMART_CFLAGS}" >&5
+$as_echo "${SMART_CFLAGS}" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config LDFLAGS" >&5
+$as_echo_n "checking krb5-config LDFLAGS... " >&6; }
+ SMART_LIBS=$($krb5config --libs)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${SMART_LIBS}" >&5
+$as_echo "${SMART_LIBS}" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config reported version" >&5
+$as_echo_n "checking krb5-config reported version... " >&6; }
+ krb5_version_raw=$($krb5config --version)
+
+ krb5_version=$(echo "$krb5_version_raw" | head -n 1 | \
+ awk '{split($(4),v,"."); if (v["3"] == "") v["3"] = "0"; print v["1"]v["2"]v["3"] }')
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${krb5_version_raw} ($krb5_version)" >&5
+$as_echo "${krb5_version_raw} ($krb5_version)" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config reported vendor" >&5
+$as_echo_n "checking krb5-config reported vendor... " >&6; }
+ krb5_vendor=$($krb5config --vendor)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${krb5_vendor}" >&5
+$as_echo "${krb5_vendor}" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking canonical API type" >&5
+$as_echo_n "checking canonical API type... " >&6; }
+ if test "$krb5_vendor" = "Massachusetts Institute of Technology" || \
+ echo "$krb5_vendor" | grep -i 'MIT' > /dev/null 2>&1 ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: MIT" >&5
+$as_echo "MIT" >&6; }
+
+ if test "$krb5_version" -le 1114 > /dev/null 2>&1; then
+ krb5threadsafe=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: marking libkrb5 as non-threadsafe due to defects in MIT libkrb5 <= 1.11.4" >&5
+$as_echo "$as_me: marking libkrb5 as non-threadsafe due to defects in MIT libkrb5 <= 1.11.4" >&6;}
+ fi
+ else
+ krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: HEIMDAL" >&5
+$as_echo "HEIMDAL" >&6; }
+ fi
+ else
+ smart_try_dir="$rlm_krb5_dir/include"
SMART_CFLAGS="$SMART_CFLAGS $smart_include"
fi
- if test "$ac_cv_header_krb5_h" != "yes"; then
- fail="$fail krb5.h"
- fi
+ if test "$ac_cv_header_krb5_h" != "yes"; then
+ fail="$fail krb5.h"
+ fi
SMART_CFLAGS="$SMART_CFLAGS $smart_include"
fi
- if test "$ac_cv_header_com_err_h" != "yes"; then
+ if test "$ac_cv_header_com_err_h" != "yes"; then
ac_safe=`echo "et/com_err.h" | sed 'y%./+-%__pm%'`
SMART_CFLAGS="$SMART_CFLAGS $smart_include"
fi
- if test "$ac_cv_header_et_com_err_h" != "yes"; then
- fail="$fail com_err.h"
- else
- krb5mod_cflags="$krb5mod_cflags -DET_COMM_ERR "
- fi
- fi
+ if test "$ac_cv_header_et_com_err_h" != "yes"; then
+ fail="$fail com_err.h"
+ else
+ krb5mod_cflags="$krb5mod_cflags -DET_COMM_ERR "
+ fi
+ fi
- krb5libcrypto=
- smart_try_dir=$rlm_krb5_lib_dir
+ krb5libcrypto=
+ smart_try_dir="$rlm_krb5_dir/lib"
sm_lib_safe=`echo "k5crypto" | sed 'y%./+-%__p_%'`
SMART_LIBS="$smart_lib $SMART_LIBS"
fi
- if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
- krb5libcrypto="-lk5crypto"
- fi
+ if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
+ krb5libcrypto="-lk5crypto"
+ fi
- if test "x$krb5libcrypto" = x; then
+ if test "x$krb5libcrypto" = x; then
sm_lib_safe=`echo "crypto" | sed 'y%./+-%__p_%'`
SMART_LIBS="$smart_lib $SMART_LIBS"
fi
- if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
- krb5libcrypto="-lcrypto"
+ if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
+ krb5libcrypto="-lcrypto"
+ fi
fi
- fi
- if test "x$krb5libcrypto" = x; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: neither krb5 'k5crypto' nor 'crypto' libraries are found!" >&5
+ if test "x$krb5libcrypto" = x; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: neither krb5 'k5crypto' nor 'crypto' libraries are found!" >&5
$as_echo "$as_me: WARNING: neither krb5 'k5crypto' nor 'crypto' libraries are found!" >&2;}
- fi
+ fi
SMART_LIBS="$smart_lib $SMART_LIBS"
fi
- if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: the comm_err library isn't found!" >&5
+ if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: the comm_err library isn't found!" >&5
$as_echo "$as_me: WARNING: the comm_err library isn't found!" >&2;}
- fi
+ fi
SMART_LIBS="$smart_lib $SMART_LIBS"
fi
- if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" == xyes; then
- krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
- else
+ if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" == xyes; then
+ krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
+ else
sm_lib_safe=`echo "krb5" | sed 'y%./+-%__p_%'`
SMART_LIBS="$smart_lib $SMART_LIBS"
fi
- if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
- fail="$fail krb5"
- fi
+ if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
+ fail="$fail krb5"
+ fi
+ fi
+
fi
- krb5threadsafe=
+ if test "$krb5threadsafe" == ""; then
+ krb5threadsafe=
sm_lib_safe=`echo "krb5" | sed 'y%./+-%__p_%'`
SMART_LIBS="$smart_lib $SMART_LIBS"
fi
- if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" == xyes; then
- if test "$cross_compiling" = yes; then :
+
+ if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" == xyes; then
+ if test "$cross_compiling" = yes; then :
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot run test program while cross compiling
conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
+ fi
fi
targetname=rlm_krb5
fi
fi
-mod_ldflags="${krb5libcrypto} ${SMART_LIBS}"
+mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}"
mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}"
AC_PROG_CC
AC_PROG_CPP
- dnl extra argument: --with-rlm-krb5-lib-dir
- rlm_krb5_lib_dir=
- AC_ARG_WITH(rlm-krb5-lib-dir,
- [ --with-rlm-krb5-lib-dir=DIR Directory for krb5 library files []],
+ dnl extra argument: --with-rlm-krb5-dir
+ rlm_krb5_dir=
+ AC_ARG_WITH(rlm-krb5-dir,
+ [ --with-rlm-krb5-dir=DIR Directory for krb5 files []],
[ case "$withval" in
no)
- AC_MSG_ERROR(Need rlm-krb5-lib-dir)
+ AC_MSG_ERROR(Need rlm-krb5-dir)
;;
yes)
;;
*)
- rlm_krb5_lib_dir="$withval"
+ rlm_krb5_dir="$withval"
;;
esac ]
)
- dnl extra argument: --with-rlm-krb5-include-dir
- rlm_krb5_inc_dir=
- AC_ARG_WITH(rlm-krb5-include-dir,
- [ --with-rlm-krb5-include-dir=DIR Directory for krb5 include files []],
- [ case "$withval" in
- no)
- AC_MSG_ERROR(Need rlm-krb5-include-dir)
- ;;
- yes)
- ;;
- *)
- rlm_krb5_include_dir="$withval"
- ;;
- esac ]
- )
+ AC_PATH_PROG(krb5config, krb5-config, not-found, [${rlm_krb5_dir}/bin:${PATH}:/usr/bin:/usr/local/bin])
+ dnl #
+ dnl # If we can find krb5-config we can get the version of the library and determine
+ dnl # whether it's safe to enable threading.
+ dnl #
+ if test "krb5config" != "not-found"; then
+ AC_MSG_CHECKING([krb5-config CFLAGS])
+ SMART_CFLAGS=$($krb5config --cflags)
+ AC_MSG_RESULT(${SMART_CFLAGS})
- smart_try_dir=$rlm_krb5_include_dir
- FR_SMART_CHECK_INCLUDE(krb5.h)
- if test "$ac_cv_header_krb5_h" != "yes"; then
- fail="$fail krb5.h"
- fi
+ AC_MSG_CHECKING([krb5-config LDFLAGS])
+ SMART_LIBS=$($krb5config --libs)
+ AC_MSG_RESULT(${SMART_LIBS})
- dnl #
- dnl # This lives in different places depending on the distro
- dnl #
-
- FR_SMART_CHECK_INCLUDE([com_err.h])
- if test "$ac_cv_header_com_err_h" != "yes"; then
- FR_SMART_CHECK_INCLUDE([et/com_err.h])
- if test "$ac_cv_header_et_com_err_h" != "yes"; then
- fail="$fail com_err.h"
- else
- krb5mod_cflags="$krb5mod_cflags -DET_COMM_ERR "
- fi
- fi
+ AC_MSG_CHECKING([krb5-config reported version])
+ krb5_version_raw=$($krb5config --version)
- krb5libcrypto=
- smart_try_dir=$rlm_krb5_lib_dir
- FR_SMART_CHECK_LIB(k5crypto, krb5_encrypt_data)
- if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
- krb5libcrypto="-lk5crypto"
- fi
+ dnl # AWK originally from from https://github.com/hpc/lustre
+ krb5_version=$(echo "$krb5_version_raw" | head -n 1 | \
+ awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }')
+ AC_MSG_RESULT([${krb5_version_raw} ($krb5_version)])
- if test "x$krb5libcrypto" = x; then
- FR_SMART_CHECK_LIB(crypto, DH_new)
- if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
- krb5libcrypto="-lcrypto"
- fi
- fi
+ AC_MSG_CHECKING([krb5-config reported vendor])
+ krb5_vendor=$($krb5config --vendor)
+ AC_MSG_RESULT([${krb5_vendor}])
- if test "x$krb5libcrypto" = x; then
- AC_MSG_WARN([neither krb5 'k5crypto' nor 'crypto' libraries are found!])
- fi
-
- FR_SMART_CHECK_LIB(com_err, set_com_err_hook)
- if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
- AC_MSG_WARN([the comm_err library isn't found!])
- fi
-
- dnl Only the heimdal version of the library has this function
- FR_SMART_CHECK_LIB(krb5, krb5_verify_user_opt)
- if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" == xyes; then
- krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
+ AC_MSG_CHECKING([canonical API type])
+ if test "$krb5_vendor" = "Massachusetts Institute of Technology" || \
+ echo "$krb5_vendor" | grep -i 'MIT' > /dev/null 2>&1 ; then
+ AC_MSG_RESULT([MIT])
+
+ if test "$krb5_version" -le 1114 > /dev/null 2>&1; then
+ krb5threadsafe=no
+ AC_MSG_NOTICE([marking libkrb5 as non-threadsafe due to defects in MIT libkrb5 <= 1.11.4])
+ fi
+ else
+ krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
+ AC_MSG_RESULT([HEIMDAL])
+ fi
else
- FR_SMART_CHECK_LIB(krb5, krb5_get_init_creds_password)
- if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
- fail="$fail krb5"
- fi
+ smart_try_dir="$rlm_krb5_dir/include"
+ FR_SMART_CHECK_INCLUDE(krb5.h)
+ if test "$ac_cv_header_krb5_h" != "yes"; then
+ fail="$fail krb5.h"
+ fi
+
+ dnl #
+ dnl # This lives in different places depending on the distro
+ dnl #
+
+ FR_SMART_CHECK_INCLUDE([com_err.h])
+ if test "$ac_cv_header_com_err_h" != "yes"; then
+ FR_SMART_CHECK_INCLUDE([et/com_err.h])
+ if test "$ac_cv_header_et_com_err_h" != "yes"; then
+ fail="$fail com_err.h"
+ else
+ krb5mod_cflags="$krb5mod_cflags -DET_COMM_ERR "
+ fi
+ fi
+
+ krb5libcrypto=
+ smart_try_dir="$rlm_krb5_dir/lib"
+ FR_SMART_CHECK_LIB(k5crypto, krb5_encrypt_data)
+ if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
+ krb5libcrypto="-lk5crypto"
+ fi
+
+ if test "x$krb5libcrypto" = x; then
+ FR_SMART_CHECK_LIB(crypto, DH_new)
+ if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
+ krb5libcrypto="-lcrypto"
+ fi
+ fi
+
+ if test "x$krb5libcrypto" = x; then
+ AC_MSG_WARN([neither krb5 'k5crypto' nor 'crypto' libraries are found!])
+ fi
+
+ FR_SMART_CHECK_LIB(com_err, set_com_err_hook)
+ if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
+ AC_MSG_WARN([the comm_err library isn't found!])
+ fi
+
+ dnl Only the heimdal version of the library has this function
+ FR_SMART_CHECK_LIB(krb5, krb5_verify_user_opt)
+ if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" == xyes; then
+ krb5mod_cflags="$krb5mod_cflags -DHEIMDAL_KRB5"
+ else
+ FR_SMART_CHECK_LIB(krb5, krb5_get_init_creds_password)
+ if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
+ fail="$fail krb5"
+ fi
+ fi
+
fi
-
- krb5threadsafe=
- FR_SMART_CHECK_LIB(krb5, krb5_is_thread_safe)
- if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" == xyes; then
- AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[return krb5_is_thread_safe() ? 0 : 1]])],
- [krb5threadsafe="-DKRB5_IS_THREAD_SAFE"], [AC_MSG_WARN([[libkrb5 is not threadsafe]])])
+
+ dnl #
+ dnl # Only check if version checks have not found kerberos to be thread unsafe
+ dnl #
+ if test "$krb5threadsafe" == ""; then
+ krb5threadsafe=
+ FR_SMART_CHECK_LIB(krb5, krb5_is_thread_safe)
+
+ if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" == xyes; then
+ AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[return krb5_is_thread_safe() ? 0 : 1]])],
+ [krb5threadsafe="-DKRB5_IS_THREAD_SAFE"], [AC_MSG_WARN([[libkrb5 is not threadsafe]])])
+ fi
fi
targetname=modname
fi
fi
-mod_ldflags="${krb5libcrypto} ${SMART_LIBS}"
+mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}"
mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}"
AC_SUBST(mod_ldflags)
# include <com_err.h>
#endif
-/*
- * Work around bug in krb5_copy_context which attempts to copy the list
- * of tgs_kytpes and tkt_ktypes associated with a context... except by
- * default the pointers to those lists are NULL, and so it SEGVs
- *
- * The functions sigs below are not provided by krb5.h, but are available
- * in the library.
- */
-#if !defined(HEIMDAL_KRB5) && defined(KRB5_IS_THREAD_SAFE)
-krb5_error_code
-krb5_set_default_in_tkt_ktypes(krb5_context context, const krb5_enctype *etypes);
-
-krb5_error_code
-krb5_get_default_in_tkt_ktypes(krb5_context context, krb5_enctype **ktypes);
-
-krb5_error_code
-krb5_get_tgs_ktypes(krb5_context context, krb5_const_principal princ, krb5_enctype **ktypes);
-
-krb5_error_code
-krb5_set_default_tgs_ktypes(krb5_context context, const krb5_enctype *etypes);
-
-void
-krb5_free_ktypes(krb5_context context, krb5_enctype *val);
-#endif
-
/** Instance configuration for rlm_krb5
*
* Holds the configuration and preparsed data for a instance of rlm_krb5.
krb5_verify_init_creds_opt_init(inst->vic_options);
krb5_verify_init_creds_opt_set_ap_req_nofail(inst->vic_options, true);
-
-# ifdef KRB5_IS_THREAD_SAFE
- /*
- * Explicitly set enctypes to work around bug in krb5_copy_context
- */
- {
- krb5_enctype *enctypes;
-
- krb5_get_default_in_tkt_ktypes(inst->context, &enctypes);
- krb5_set_default_in_tkt_ktypes(inst->context, enctypes);
- krb5_free_ktypes(inst->context, enctypes);
-
- krb5_get_tgs_ktypes(inst->context, inst->server, &enctypes);
- krb5_set_default_tgs_ktypes(inst->context, enctypes);
- krb5_free_ktypes(inst->context, enctypes);
- }
-# endif
#endif
return 0;
projects / thirdparty / freeradius-server.git / commitdiff
