From 0d57ed2e8fd8a9721e7577e4deeb2a486972db9a Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Sat, 24 Sep 2022 11:52:35 +0000 Subject: [PATCH] Improve LDAP library detection (#1148) Add --with-ldap and pkg-config support to speed up Squid builds where LDAP is not to be used. This also adds support for custom LDAP library locations like other --with-foo options. 'pkg-config --libs ldap' finds both -lldap and -llber. Stop using different variables for them in Makefile.am. Extract LDAP API tests into simpler dedicated macros and stop polluting LIBS when running LDAP tests. --- acinclude/ldap.m4 | 98 +++++++ configure.ac | 244 +++--------------- doc/release-notes/release-5.sgml | 6 + src/acl/external/LDAP_group/Makefile.am | 3 +- .../external/eDirectory_userip/Makefile.am | 3 +- .../external/kerberos_ldap_group/Makefile.am | 3 +- src/auth/basic/LDAP/Makefile.am | 3 +- src/auth/digest/LDAP/Makefile.am | 3 +- src/auth/digest/eDirectory/Makefile.am | 3 +- test-suite/buildtests/layer-01-minimal.opts | 1 + test-suite/buildtests/layer-02-maximus.opts | 1 + .../layer-04-noauth-everything.opts | 1 + 12 files changed, 147 insertions(+), 222 deletions(-) create mode 100644 acinclude/ldap.m4 diff --git a/acinclude/ldap.m4 b/acinclude/ldap.m4 new file mode 100644 index 0000000000..88cfd119e9 --- /dev/null +++ b/acinclude/ldap.m4 @@ -0,0 +1,98 @@ +# Copyright (C) 1996-2022 The Squid Software Foundation and contributors +## +## Squid software is distributed under GPLv2+ license and includes +## contributions from numerous individuals and organizations. +## Please see the COPYING and CONTRIBUTORS files for details. +## + +dnl checks for LDAP functionality +AC_DEFUN([SQUID_LDAP_TEST],[ + AC_CACHE_CHECK([for $1],[squid_cv_$1],[ + SQUID_STATE_SAVE(squid_ldap_test_state) + LIBS="$LIBLDAP_PATH $LIBLDAP_LIBS $LIBPTHREADS" + CPPFLAGS="-DLDAP_DEPRECATED=1 -DLDAP_REFERRALS $CPPFLAGS" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +# if HAVE_LDAP_H +# include +# elif HAVE_MOZLDAP_LDAP_H +# include +# endif + ]],[[$2]]) + ],[ + squid_cv_$1=1 + ],[ + squid_cv_$1=0 + ],[ + squid_cv_$1=0 + ]) + SQUID_STATE_ROLLBACK(squid_ldap_test_state) + ]) + AC_DEFINE_UNQUOTED([HAVE_$1],${squid_cv_$1},[Define to 1 if you have $1]) +]) + +dnl similar to SQUID_LDAP_TEST but runs the test program +AC_DEFUN([SQUID_LDAP_TEST_RUN],[ + AC_CACHE_CHECK([for $1],[m4_translit([squid_cv_$1],[-+. ],[____])],[ + SQUID_STATE_SAVE(squid_ldap_test_state) + LIBS="$LIBLDAP_PATH $LIBLDAP_LIBS $LIBPTHREADS" + CPPFLAGS="-DLDAP_DEPRECATED=1 -DLDAP_REFERRALS $CPPFLAGS" + AC_RUN_IFELSE([AC_LANG_PROGRAM([[ +# if HAVE_LDAP_H +# include +# elif HAVE_MOZLDAP_LDAP_H +# include +# endif +# include + ]],[[$2]]) + ],[ + m4_translit([squid_cv_$1],[-+. ],[____])=1 + ],[ + m4_translit([squid_cv_$1],[-+. ],[____])=0 + ],[ + m4_translit([squid_cv_$1],[-+. ],[____])=0 + ]) + SQUID_STATE_ROLLBACK(squid_ldap_test_state) + ]) + AC_DEFINE_UNQUOTED([m4_translit([m4_translit([HAVE_$1],[-+. abcdefghijklmnopqrstuvwxyz],[____ABCDEFGHIJKLMNOPQRSTUVWXYZ])],[-+. ],[____])], + ${m4_translit([squid_cv_$1],[-+. ],[____])},[Define to 1 if you have $1]) +]) + +dnl find the LDAP library vendor and define relevant HAVE_(vendor name) macro +AC_DEFUN([SQUID_LDAP_CHECK_VENDOR],[ + SQUID_LDAP_TEST_RUN([OpenLDAP],[return strcmp(LDAP_VENDOR_NAME,"OpenLDAP")]) + SQUID_LDAP_TEST_RUN([Sun LDAP SDK],[return strcmp(LDAP_VENDOR_NAME,"Sun Microsystems Inc.")]) + SQUID_LDAP_TEST_RUN([Mozilla LDAP SDK],[return strcmp(LDAP_VENDOR_NAME,"mozilla.org")]) +]) + +dnl check whether the LDAP library(s) provide the needed API and types +dnl define HAVE_DAP_* macros for each checked item +AC_DEFUN([SQUID_CHECK_LDAP_API],[ + SQUID_LDAP_TEST([LDAP],[ + char host[]=""; + int port; + ldap_init((const char *)&host, port); + ]) + SQUID_LDAP_CHECK_VENDOR + SQUID_LDAP_TEST([LDAP_OPT_DEBUG_LEVEL],[auto i=LDAP_OPT_DEBUG_LEVEL]) + SQUID_LDAP_TEST([LDAP_SCOPE_DEFAULT],[auto i=LDAP_SCOPE_DEFAULT]) + SQUID_LDAP_TEST([LDAP_REBIND_PROC],[LDAP_REBIND_PROC ldap_rebind]) + SQUID_LDAP_TEST([LDAP_REBINDPROC_CALLBACK],[LDAP_REBINDPROC_CALLBACK ldap_rebind]) + SQUID_LDAP_TEST([LDAP_REBIND_FUNCTION],[LDAP_REBIND_FUNCTION ldap_rebind]) + + dnl TODO check this test's code actually works, it looks broken + SQUID_LDAP_TEST([LDAP_URL_LUD_SCHEME],[struct ldap_url_desc.lud_scheme]) + + AC_CHECK_LIB(ldap,[ldapssl_client_init],[ + AC_DEFINE(HAVE_LDAPSSL_CLIENT_INIT,1,[Define to 1 if you have ldapssl_client_init]) + ]) + AC_CHECK_LIB($LIBLDAP_LIBS,[ldap_url_desc2str],[ + AC_DEFINE(HAVE_LDAP_URL_DESC2STR,1,[Define to 1 if you have ldap_url_desc2str]) + ]) + AC_CHECK_LIB($LIBLDAP_LIBS,[ldap_url_parse],[ + AC_DEFINE(HAVE_LDAP_URL_PARSE,1,[Define to 1 if you have ldap_url_parse]) + ]) + AC_CHECK_LIB($LIBLDAP_LIBS,[ldap_start_tls_s],[ + AC_DEFINE(HAVE_LDAP_START_TLS_S,1,[Define to 1 if you have ldap_start_tls_s]) + ]) + SQUID_STATE_ROLLBACK(squid_ldap_state) +]) diff --git a/configure.ac b/configure.ac index ff5ef34951..ecdfa46943 100644 --- a/configure.ac +++ b/configure.ac @@ -21,6 +21,7 @@ m4_include([acinclude/squid-util.m4]) m4_include([acinclude/compiler-flags.m4]) m4_include([acinclude/os-deps.m4]) m4_include([acinclude/krb5.m4]) +m4_include([acinclude/ldap.m4]) m4_include([acinclude/nettle.m4]) m4_include([acinclude/pam.m4]) m4_include([acinclude/pkg.m4]) @@ -1627,220 +1628,45 @@ AC_MSG_NOTICE([$KRB5_FLAVOUR Kerberos library support: ${with_krb5:=no} ${LIB_KR AC_SUBST(KRB5INCS) AC_SUBST(KRB5LIBS) -dnl On MinGW OpenLDAP is not available, so LDAP helpers can be linked -dnl only with Windows LDAP libraries using -lwldap32 -AS_IF([test "$squid_host_os" = "mingw"],[ - LDAPLIB="-lwldap32" - LBERLIB="" -],[ - AC_CHECK_LIB(ldap, ldap_init, [LDAPLIB="-lldap"]) - AC_CHECK_LIB(lber, ber_init, [LBERLIB="-llber"]) - dnl if no ldap lib found check for mozilla version - AS_IF([test "x$ac_cv_lib_ldap_ldap_init" != "xyes"],[ - oLIBS=$LIBS - LIBS="$LIBPTHREADS" - AC_CHECK_LIB(ldap60, ldap_init, [LDAPLIB="-lldap60"]) - LIBS="$LDAPLIB $LIBPTHREADS" - AC_CHECK_LIB(prldap60, prldap_init, [LDAPLIB="-lprldap60 $LDAPLIB"]) - LIBS="$LDAPLIB $LIBPTHREADS" - AC_CHECK_LIB(ssldap60, ldapssl_init, [LDAPLIB="-lssldap60 $LDAPLIB"]) - LIBS=$oLIBS - ]) - - AC_CHECK_HEADERS(ldap.h lber.h) - AC_CHECK_HEADERS(mozldap/ldap.h) - - AC_MSG_CHECKING([for LDAP_OPT_DEBUG_LEVEL]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include - ]],[[ - int i=LDAP_OPT_DEBUG_LEVEL - ]])],[ - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - ]) - - AC_MSG_CHECKING([for working ldap]) - oLIBS=$LIBS - LIBS="$LDAPLIB $LBERLIB $LIBPTHREADS" - AC_RUN_IFELSE([AC_LANG_SOURCE([[ -# define LDAP_DEPRECATED 1 -# if HAVE_LDAP_H -# include -# elif HAVE_MOZLDAP_LDAP_H -# include -# endif - int - main(void) - { - char host[]=""; - int port; - ldap_init((const char *)&host, port); - return 0; - } - ]])],[ - AC_DEFINE(HAVE_LDAP, 1, [LDAP support]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - ],[ - AC_MSG_RESULT(cross-compiler cant tell) - ]) - LIBS=$oLIBS - - AC_MSG_CHECKING([for OpenLDAP]) - AC_RUN_IFELSE([AC_LANG_SOURCE([[ -# if HAVE_LDAP_H -# include -# endif -# include - int - main(void) - { - return strcmp(LDAP_VENDOR_NAME,"OpenLDAP"); - } - ]])],[ - AC_DEFINE(HAVE_OPENLDAP, 1, [OpenLDAP support]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - ],[ - AC_MSG_RESULT(cross-compiler cant tell) - ]) - - AC_MSG_CHECKING([for Sun LDAP SDK]) - AC_RUN_IFELSE([AC_LANG_SOURCE([[ -# if HAVE_LDAP_H -# include -# endif -# include - int - main(void) - { - return strcmp(LDAP_VENDOR_NAME,"Sun Microsystems Inc."); - } - ]])],[ - AC_DEFINE(HAVE_SUN_LDAP_SDK, 1, [Sun LDAP SDK support]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - ],[ - AC_MSG_RESULT(cross-compiler cant tell) - ]) - - AC_MSG_CHECKING([for Mozilla LDAP SDK]) - AC_RUN_IFELSE([AC_LANG_SOURCE([[ -# if HAVE_LDAP_H -# include -# elif HAVE_MOZLDAP_LDAP_H -# include -# endif -# include - int - main(void) - { - return strcmp(LDAP_VENDOR_NAME,"mozilla.org"); - } - ]])],[ - AC_DEFINE(HAVE_MOZILLA_LDAP_SDK, 1, [Mozilla LDAP SDK support]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) +SQUID_AUTO_LIB(ldap,[LDAP],[LIBLDAP]) +AS_IF([test "x$with_ldap" != "xno"],[ + dnl On MinGW OpenLDAP is not available, so LDAP helpers can be linked + dnl only with Windows LDAP libraries using -lwldap32 + AS_IF([test "$squid_host_os" = "mingw"],[ + LIBLDAP_LIBS="-lwldap32" ],[ - AC_MSG_RESULT(cross-compiler cant tell) - ]) - - AC_MSG_CHECKING([for LDAP_REBINDPROC_CALLBACK]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -# if HAVE_LDAP_H -# include -# elif HAVE_MOZLDAP_LDAP_H -# include -# endif - ]],[[ - LDAP_REBINDPROC_CALLBACK ldap_rebind; - ]])],[ - AC_DEFINE(HAVE_LDAP_REBINDPROC_CALLBACK,1,[Define to 1 if you have LDAP_REBINDPROC_CALLBACK]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - ]) - - AC_MSG_CHECKING([for LDAP_REBIND_PROC]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -# if HAVE_LDAP_H -# include -# elif HAVE_MOZLDAP_LDAP_H -# include -# endif - ]],[[ - LDAP_REBIND_PROC ldap_rebind; - ]])],[ - AC_DEFINE(HAVE_LDAP_REBIND_PROC,1,[Define to 1 if you have LDAP_REBIND_PROC]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - ]) - - AC_MSG_CHECKING([for LDAP_REBIND_FUNCTION]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -# define LDAP_REFERRALS -# if HAVE_LDAP_H -# include -# elif HAVE_MOZLDAP_LDAP_H -# include -# endif - ]],[[ - LDAP_REBIND_FUNCTION ldap_rebind; - ]])],[ - AC_DEFINE(HAVE_LDAP_REBIND_FUNCTION,1,[Define to 1 if you have LDAP_REBIND_FUNCTION]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) + SQUID_STATE_SAVE(squid_ldap_state) + LIBS="$LIBLDAP_PATH $LIBPTHREADS $LIBS" + PKG_CHECK_MODULES([LIBLDAP],[ldap],[],[ + AC_CHECK_LIB(lber, ber_init, [LIBLBER="-llber"]) + AC_CHECK_LIB(ldap, ldap_init, [LIBLDAP_LIBS="-lldap $LIBLBER"]) + dnl if no ldap lib found check for mozilla version + AS_IF([test "x$ac_cv_lib_ldap_ldap_init" != "xyes"],[ + SQUID_STATE_SAVE(squid_ldap_mozilla) + LIBS="$LIBLDAP_PATH $LIBPTHREADS" + AC_CHECK_LIB(ldap60, ldap_init, [LIBLDAP_LIBS="-lldap60 $LIBLBER"]) + LIBS="$LIBLDAP_PATH $LIBLDAP_LIBS $LIBPTHREADS" + AC_CHECK_LIB(prldap60, prldap_init, [LIBLDAP_LIBS="-lprldap60 $LIBLDAP_LIBS"]) + LIBS="$LIBLDAP_PATH $LIBLDAP_LIBS $LIBPTHREADS" + AC_CHECK_LIB(ssldap60, ldapssl_init, [LIBLDAP_LIBS="-lssldap60 $LIBLDAP_LIBS"]) + SQUID_STATE_ROLLBACK(squid_ldap_mozilla) + ]) + ]) + AC_CHECK_HEADERS(ldap.h lber.h) + AC_CHECK_HEADERS(mozldap/ldap.h) + SQUID_CHECK_LDAP_API ]) - AC_MSG_CHECKING([for LDAP_SCOPE_DEFAULT]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -# if HAVE_LDAP_H -# include -# elif HAVE_MOZLDAP_LDAP_H -# include -# endif - ]],[[ - int i=LDAP_SCOPE_DEFAULT; - ]])],[ - AC_DEFINE(HAVE_LDAP_SCOPE_DEFAULT,1,[Define to 1 if you have LDAP_SCOPE_DEFAULT]) - AC_MSG_RESULT(yes) + AS_IF([test "x$LIBLDAP_LIBS" != "x"],[ + CPPFLAGS="$LIBLDAP_CFLAGS $CPPFLAGS" + LIBLDAP_LIBS="$LIBLDAP_PATH $LIBLDAP_LIBS" + ],[test "x$with_ldap" = "xyes"],[ + AC_MSG_ERROR([Required library ldap not found]) ],[ - AC_MSG_RESULT(no) + AC_MSG_NOTICE([Library ldap not found.]) ]) - - AC_CHECK_MEMBER([struct ldap_url_desc.lud_scheme],[ - AC_DEFINE(HAVE_LDAP_URL_LUD_SCHEME,1,[Define to 1 if you have LDAPURLDesc.lud_scheme]) - ],,[ -#include - ]) - - AC_CHECK_LIB(ldap,ldapssl_client_init,[ - AC_DEFINE(HAVE_LDAPSSL_CLIENT_INIT,1,[Define to 1 if you have ldapssl_client_init]) - ],) - - AC_CHECK_LIB(ldap,ldap_url_desc2str,[ - AC_DEFINE(HAVE_LDAP_URL_DESC2STR,1,[Define to 1 if you have ldap_url_desc2str]) - ],) - - AC_CHECK_LIB(ldap,ldap_url_parse,[ - AC_DEFINE(HAVE_LDAP_URL_PARSE,1,[Define to 1 if you have ldap_url_parse]) - ],) - - AC_CHECK_LIB(ldap,ldap_start_tls_s,[ - AC_DEFINE(HAVE_LDAP_START_TLS_S,1,[Define to 1 if you have ldap_start_tls_s]) - ],) ]) - -AC_SUBST(LDAPLIB) -AC_SUBST(LBERLIB) +AC_SUBST(LIBLDAP_LIBS) SQUID_AUTO_LIB(systemd,[systemd API for start-up notification],[LIBSYSTEMD]) AH_TEMPLATE(USE_SYSTEMD,[systemd support is available]) @@ -2438,8 +2264,6 @@ AC_CHECK_HEADERS( \ gnumalloc.h \ grp.h \ ipl.h \ - lber.h \ - ldap.h \ libc.h \ limits.h \ linux/posix_types.h \ diff --git a/doc/release-notes/release-5.sgml b/doc/release-notes/release-5.sgml index 466e9c3b01..7f922330c3 100644 --- a/doc/release-notes/release-5.sgml +++ b/doc/release-notes/release-5.sgml @@ -342,6 +342,12 @@ This section gives an account of those changes in three categories: New options