basic_pam_auth: auto-detect PAM library (#2321)

diff --git a/acinclude/pam.m4 b/acinclude/pam.m4
index 87ece09635f8d5870fb0e1352b08fa8d9c575d38..97aba2c3afef1895be2ae23d157f0fcb818c6280 100644 (file)
--- a/acinclude/pam.m4
+++ b/acinclude/pam.m4
@@ -8,18 +8,17 @@
 dnl check whether PAM's struct pam_conv takes a const (linux-style) or
 dnl non-const (solaris-style) parametrs to the conv function.
 dnl
-dnl sets the shell variable squid_cv_pam_conv_signature to either
-dnl "linux", "solaris" or "unknown".
 dnl defines the C preprocessor macro PAM_CONV_FUNC_CONST_PARM to either
-dnl "static" (linux-style) or the empty string (solaris-style or default)
-
+dnl "const" (linux-style) or the empty string (solaris-style or default)
 AC_DEFUN([CHECK_STRUCT_PAM_CONV], [
   AH_TEMPLATE([PAM_CONV_FUNC_CONST_PARM],
     [Defined to const or empty depending on the style used by the OS to refer to the PAM message dialog func])
   AC_CACHE_CHECK([for PAM conversation struct signature type],
                   squid_cv_pam_conv_signature, [
     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#if HAVE_SECURITY_PAM_APPL_H
 #include <security/pam_appl.h>
+#endif
 static int
 password_conversation(int, const struct pam_message **, struct pam_response **, void *) { return 0; }
 static struct pam_conv conv = { &password_conversation, 0 };
@@ -27,7 +26,9 @@ static struct pam_conv conv = { &password_conversation, 0 };
    squid_cv_pam_conv_signature=linux
 ],[
     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#if HAVE_SECURITY_PAM_APPL_H
 #include <security/pam_appl.h>
+#endif
 static int
 password_conversation(int, struct pam_message **, struct pam_response **, void *) { return 0; }
 static struct pam_conv conv = { &password_conversation, 0 };
@@ -44,4 +45,13 @@ static struct pam_conv conv = { &password_conversation, 0 };
   )
 ]) dnl CHECK_STRUCT_PAM_CONV
 
-
+dnl check for --with-pam option
+AC_DEFUN_ONCE([SQUID_CHECK_LIBPAM],[
+SQUID_AUTO_LIB(pam,[Pluggable Authentication Modules],[LIBPAM])
+SQUID_CHECK_LIB_WORKS(pam,[
+  LIBS="$LIBS $LIBPAM_PATH"
+  PKG_CHECK_MODULES([LIBPAM],[pam],[:],[:])
+  CPPFLAGS="$CPPFLAGS $LIBPAM_CFLAGS"
+  AC_CHECK_HEADERS([security/pam_appl.h],[CHECK_STRUCT_PAM_CONV],[LIBPAM_LIBS=""])
+])
+]) dnl SQUID_CHECK_LIBPAM

diff --git a/doc/release-notes/release-8.sgml.in b/doc/release-notes/release-8.sgml.in
index 8ddb88821e7c9683a90f240551172fd17b9866ec..5bf3d4736e0df27917f9d15ab93ff2f79f8a14b8 100644 (file)
--- a/doc/release-notes/release-8.sgml.in
+++ b/doc/release-notes/release-8.sgml.in
@@ -144,7 +144,9 @@ This section gives an account of those changes in three categories:
 <sect1>New options<label id="newoptions">
 <p>
 <descrip>
-       <p>No new options in this version.
+       <tag>--with-pam</tag>
+       <p>New option to detect PAM (Pluggable Authentication Modules)
+          library for <em>basic_pam_auth</em> helper.
 
 </descrip>
 

diff --git a/src/auth/basic/PAM/Makefile.am b/src/auth/basic/PAM/Makefile.am
index de408cafa2d9766ea00e72ff55c2f3b11a95b85e..982fe7355b28fbaf82c4c8e55c9ff4ea8d3ddcb9 100644 (file)
--- a/src/auth/basic/PAM/Makefile.am
+++ b/src/auth/basic/PAM/Makefile.am
@@ -15,5 +15,5 @@ basic_pam_auth_SOURCES = basic_pam_auth.cc
 basic_pam_auth_LDADD = \
        $(top_builddir)/lib/libmiscencoding.la \
        $(COMPAT_LIB) \
-       -lpam \
+       $(LIBPAM_LIBS) \
        $(XTRA_LIBS)

diff --git a/src/auth/basic/PAM/required.m4 b/src/auth/basic/PAM/required.m4
index 2ab5cdbfa45df6edb103cc2cada79a937f488662..de3c86eaba17f509d8c1d3f33c1cca1795884e30 100755 (executable)
--- a/src/auth/basic/PAM/required.m4
+++ b/src/auth/basic/PAM/required.m4
@@ -5,7 +5,5 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-AC_CHECK_HEADERS([security/pam_appl.h],[
-  BUILD_HELPER="PAM"
-  CHECK_STRUCT_PAM_CONV
-])
+dnl requires libpam, indicated by --with-pam
+AS_IF([test "x$with_pam" = "xyes"],[BUILD_HELPER="PAM"])

diff --git a/src/auth/basic/helpers.m4 b/src/auth/basic/helpers.m4
index d80700d53b5283b3097ac79b5c42ce2d757b47ed..be967a9dbf8830f1d065bf7189fe2106f2a3d230 100644 (file)
--- a/src/auth/basic/helpers.m4
+++ b/src/auth/basic/helpers.m4
@@ -5,6 +5,8 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
+SQUID_CHECK_LIBPAM
+
 AS_IF([test "x$enable_auth" != "xno"],[
   BASIC_AUTH_HELPERS=""
   SQUID_HELPER_FEATURE_CHECK([auth_basic],[$enable_auth],[auth/basic],[

diff --git a/test-suite/buildtests/layer-01-minimal.opts b/test-suite/buildtests/layer-01-minimal.opts
index 739df66af316d471f3a10bafd5c3a020a75c3065..98f761db23f739f68cb165f32d8f69c32cb91257 100644 (file)
--- a/test-suite/buildtests/layer-01-minimal.opts
+++ b/test-suite/buildtests/layer-01-minimal.opts
@@ -103,6 +103,7 @@ DISTCHECK_CONFIGURE_FLAGS=" \
        --without-dns-cname \
        --without-gnutls \
        --without-openssl \
+       --without-pam \
        --without-po2html \
        --without-psapi \
        --without-systemd \

diff --git a/test-suite/buildtests/layer-02-maximus.opts b/test-suite/buildtests/layer-02-maximus.opts
index fd3408a81ec387644bdb70a0b717c88faf0c80d2..01504aa9ddbce683219f150e9da00a092ae1b98b 100644 (file)
--- a/test-suite/buildtests/layer-02-maximus.opts
+++ b/test-suite/buildtests/layer-02-maximus.opts
@@ -47,6 +47,7 @@ MAKETEST="distcheck"
 #   --with-heimdal-krb5 \
 #   --with-mit-krb5 \
 #   --with-ldap \
+#   --with-pam \
 #
 #   --enable-cpu-profiling \  Requires CPU support.
 #   --enable-arch-native \  can fail on virtualized environments

diff --git a/test-suite/buildtests/layer-04-noauth-everything.opts b/test-suite/buildtests/layer-04-noauth-everything.opts
index 1f39b33f6c318cb5bc48f19951745a5e11eb7af0..9805f7aa30f5cebca09d5ded95f47c7c4d314c91 100644 (file)
--- a/test-suite/buildtests/layer-04-noauth-everything.opts
+++ b/test-suite/buildtests/layer-04-noauth-everything.opts
@@ -46,6 +46,7 @@ MAKETEST="distcheck"
 #   --enable-kqueue \
 #   --enable-win32-service \
 #   --with-ldap \
+#   --with-pam \
 #
 #   --enable-cpu-profiling \  Requires CPU support.
 #