######################################################## # Compile with LDAP support? LDAP_LIBS="" with_ldap_support=auto AC_MSG_CHECKING([for LDAP support]) AC_ARG_WITH(ldap, [ --with-ldap LDAP support (default yes)], [ case "$withval" in yes|no) with_ldap_support=$withval ;; esac ]) AC_MSG_RESULT($with_ldap_support) if test x"$with_ldap_support" != x"no"; then ################################################################## # first test for ldap.h and lber.h # (ldap.h is required for this test) AC_CHECK_HEADERS(ldap.h lber.h) if test x"$ac_cv_header_ldap_h" != x"yes"; then if test x"$with_ldap_support" = x"yes"; then AC_MSG_ERROR(ldap.h is needed for LDAP support) else AC_MSG_WARN(ldap.h is needed for LDAP support) fi with_ldap_support=no fi fi if test x"$with_ldap_support" != x"no"; then ac_save_LIBS=$LIBS ################################################################## # we might need the lber lib on some systems. To avoid link errors # this test must be before the libldap test AC_CHECK_LIB_EXT(lber, LDAP_LIBS, ber_scanf) ######################################################## # now see if we can find the ldap libs in standard paths AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init) AC_CHECK_FUNC_EXT(ldap_domain2hostlist,$LDAP_LIBS) ######################################################## # If we have LDAP, does it's rebind procedure take 2 or 3 arguments? # Check found in pam_ldap 145. AC_CHECK_FUNC_EXT(ldap_set_rebind_proc,$LDAP_LIBS) LIBS="$LIBS $LDAP_LIBS" AC_CACHE_CHECK(whether ldap_set_rebind_proc takes 3 arguments, smb_ldap_cv_ldap_set_rebind_proc, [ AC_TRY_COMPILE([ #include <lber.h> #include <ldap.h>], [ldap_set_rebind_proc(0, 0, 0);], [smb_ldap_cv_ldap_set_rebind_proc=3], [smb_ldap_cv_ldap_set_rebind_proc=2] ) ]) AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $smb_ldap_cv_ldap_set_rebind_proc, [Number of arguments to ldap_set_rebind_proc]) AC_CHECK_FUNC_EXT(ldap_initialize,$LDAP_LIBS) if test x"$ac_cv_lib_ext_ldap_ldap_init" = x"yes" -a x"$ac_cv_func_ext_ldap_domain2hostlist" = x"yes"; then AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available]) with_ldap_support=yes AC_MSG_CHECKING(whether LDAP support is used) AC_MSG_RESULT(yes) SMB_EXT_LIB_ENABLE(LDAP,YES) else if test x"$with_ldap_support" = x"yes"; then AC_MSG_ERROR(libldap is needed for LDAP support) else AC_MSG_WARN(libldap is needed for LDAP support) fi LDAP_LIBS="" with_ldap_support=no fi LIBS=$ac_save_LIBS fi ################################################# # KRB5 support KRB5_CFLAGS="" KRB5_CPPFLAGS="" KRB5_LDFLAGS="" KRB5_LIBS="" with_krb5_support=auto krb5_withval=auto AC_MSG_CHECKING([for KRB5 support]) # Do no harm to the values of CFLAGS and LIBS while testing for # Kerberos support. AC_ARG_WITH(krb5, [ --with-krb5=base-dir Locate Kerberos 5 support (default=auto)], [ case "$withval" in no) with_krb5_support=no AC_MSG_RESULT(no) krb5_withval=no ;; yes) with_krb5_support=yes AC_MSG_RESULT(yes) krb5_withval=yes ;; auto) with_krb5_support=auto AC_MSG_RESULT(auto) krb5_withval=auto ;; *) with_krb5_support=yes AC_MSG_RESULT(yes) krb5_withval=$withval ;; esac ], AC_MSG_RESULT($with_krb5_support) ) if test x$with_krb5_support != x"no"; then FOUND_KRB5=no ################################################# # check for krb5-config from recent MIT and Heimdal kerberos 5 AC_PATH_PROG(KRB5_CONFIG, krb5-config) AC_MSG_CHECKING(for working krb5-config) if test -x "$KRB5_CONFIG"; then ac_save_CFLAGS=$CFLAGS CFLAGS="";export CFLAGS ac_save_LDFLAGS=$LDFLAGS LDFLAGS="";export LDFLAGS KRB5_LIBS="`$KRB5_CONFIG --libs gssapi`" KRB5_CFLAGS="`$KRB5_CONFIG --cflags | sed s/@INCLUDE_des@//`" KRB5_CPPFLAGS="`$KRB5_CONFIG --cflags | sed s/@INCLUDE_des@//`" CFLAGS=$ac_save_CFLAGS;export CFLAGS LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS FOUND_KRB5=yes AC_MSG_RESULT(yes) else AC_MSG_RESULT(no. Fallback to previous krb5 detection strategy) fi if test x$FOUND_KRB5 != x"yes"; then ################################################# # check for location of Kerberos 5 install AC_MSG_CHECKING(for kerberos 5 install path) case "$krb5_withval" in no) AC_MSG_RESULT(no krb5-path given) ;; yes) AC_MSG_RESULT(/usr) FOUND_KRB5=yes ;; *) AC_MSG_RESULT($krb5_withval) KRB5_CFLAGS="-I$krb5_withval/include" KRB5_CPPFLAGS="-I$krb5_withval/include" KRB5_LDFLAGS="-L$krb5_withval/lib" FOUND_KRB5=yes ;; esac fi if test x$FOUND_KRB5 != x"yes"; then ################################################# # see if this box has the SuSE location for the heimdal krb implementation AC_MSG_CHECKING(for /usr/include/heimdal) if test -d /usr/include/heimdal; then if test -f /usr/lib/heimdal/lib/libkrb5.a; then KRB5_CFLAGS="-I/usr/include/heimdal" KRB5_CPPFLAGS="-I/usr/include/heimdal" KRB5_LDFLAGS="-L/usr/lib/heimdal/lib" AC_MSG_RESULT(yes) else KRB5_CFLAGS="-I/usr/include/heimdal" KRB5_CPPFLAGS="-I/usr/include/heimdal" AC_MSG_RESULT(yes) fi else AC_MSG_RESULT(no) fi fi if test x$FOUND_KRB5 != x"yes"; then ################################################# # see if this box has the RedHat location for kerberos AC_MSG_CHECKING(for /usr/kerberos) if test -d /usr/kerberos -a -f /usr/kerberos/lib/libkrb5.a; then KRB5_LDFLAGS="-L/usr/kerberos/lib" KRB5_CFLAGS="-I/usr/kerberos/include" KRB5_CPPFLAGS="-I/usr/kerberos/include" AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi fi ac_save_CFLAGS=$CFLAGS ac_save_CPPFLAGS=$CPPFLAGS ac_save_LDFLAGS=$LDFLAGS #MIT needs this, to let us see 'internal' parts of the headers we use KRB5_CFLAGS="${KRB5_CFLAGS} -DKRB5_PRIVATE -DKRB5_DEPRECATED" CFLAGS="$CFLAGS $KRB5_CFLAGS" CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS" LDFLAGS="$LDFLAGS $KRB5_LDFLAGS" KRB5_LIBS="$KRB5_LDFLAGS $KRB5_LIBS" # now check for krb5.h. Some systems have the libraries without the headers! # note that this check is done here to allow for different kerberos # include paths AC_CHECK_HEADERS(krb5.h) if test x"$ac_cv_header_krb5_h" = x"no"; then # Give a warning if KRB5 support was not explicitly requested, # i.e with_krb5_support = auto, otherwise die with an error. if test x"$with_krb5_support" = x"yes"; then AC_MSG_ERROR([KRB5 cannot be supported without krb5.h]) else AC_MSG_WARN([KRB5 cannot be supported without krb5.h]) fi # Turn off AD support and restore CFLAGS and LIBS variables with_krb5_support="no" fi CFLAGS=$ac_save_CFLAGS CPPFLAGS=$ac_save_CPPFLAGS LDFLAGS=$ac_save_LDFLAGS fi # Now we have determined whether we really want KRB5 support if test x"$with_krb5_support" != x"no"; then ac_save_CFLAGS=$CFLAGS ac_save_CPPFLAGS=$CPPFLAGS ac_save_LDFLAGS=$LDFLAGS ac_save_LIBS=$LIBS CFLAGS="$CFLAGS $KRB5_CFLAGS" CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS" LDFLAGS="$LDFLAGS $KRB5_LDFLAGS" # now check for gssapi headers. This is also done here to allow for # different kerberos include paths AC_CHECK_HEADERS(gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h com_err.h) ################################################################## # we might need the k5crypto and com_err libraries on some systems AC_CHECK_LIB_EXT(com_err, KRB5_LIBS, _et_list) AC_CHECK_LIB_EXT(k5crypto, KRB5_LIBS, krb5_encrypt_data) # Heimdal checks. AC_CHECK_LIB_EXT(crypto, KRB5_LIBS, des_set_key) AC_CHECK_LIB_EXT(asn1, KRB5_LIBS, copy_Authenticator) AC_CHECK_LIB_EXT(roken, KRB5_LIBS, roken_getaddrinfo_hostspec) # Heimdal checks. On static Heimdal gssapi must be linked before krb5. AC_CHECK_LIB_EXT(gssapi, KRB5_LIBS, gss_display_status,[],[], AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])) ######################################################## # now see if we can find the krb5 libs in standard paths # or as specified above AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_mk_req_extended) AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_kt_compare) ######################################################## # now see if we can find the gssapi libs in standard paths AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[], AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])) AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_set_default_in_tkt_etypes, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_set_default_tgs_ktypes, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_principal2salt, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_use_enctype, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_string_to_key, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_pw_salt, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_ktypes, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_principal_get_comp_string, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_verify_checksum, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_c_verify_checksum, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_ticket_get_authorization_data_type, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS) LIBS="$LIBS $KRB5_LIBS" AC_CACHE_CHECK([for addrtype in krb5_address], samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_address kaddr; kaddr.addrtype = ADDRTYPE_INET;], samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=yes, samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=no)]) if test x"$samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS" = x"yes"; then AC_DEFINE(HAVE_ADDRTYPE_IN_KRB5_ADDRESS,1, [Whether the krb5_address struct has a addrtype property]) fi AC_CACHE_CHECK([for addr_type in krb5_address], samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_address kaddr; kaddr.addr_type = KRB5_ADDRESS_INET;], samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=yes, samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=no)]) if test x"$samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS" = x"yes"; then AC_DEFINE(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,1, [Whether the krb5_address struct has a addr_type property]) fi AC_CACHE_CHECK([for enc_part2 in krb5_ticket], samba_cv_HAVE_KRB5_TKT_ENC_PART2,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_ticket tkt; tkt.enc_part2->authorization_data[0]->contents = NULL;], samba_cv_HAVE_KRB5_TKT_ENC_PART2=yes, samba_cv_HAVE_KRB5_TKT_ENC_PART2=no)]) if test x"$samba_cv_HAVE_KRB5_TKT_ENC_PART2" = x"yes"; then AC_DEFINE(HAVE_KRB5_TKT_ENC_PART2,1, [Whether the krb5_ticket struct has a enc_part2 property]) fi AC_CACHE_CHECK([for keyvalue in krb5_keyblock], samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_keyblock key; key.keyvalue.data = NULL;], samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=yes, samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=no)]) if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE" = x"yes"; then AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1, [Whether the krb5_keyblock struct has a keyvalue property]) fi AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5], samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC_MD5;], samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=yes, samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=no)]) AC_CACHE_CHECK([for KEYTYPE_ARCFOUR_56], samba_cv_HAVE_KEYTYPE_ARCFOUR_56,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_keytype keytype; keytype = KEYTYPE_ARCFOUR_56;], samba_cv_HAVE_KEYTYPE_ARCFOUR_56=yes, samba_cv_HAVE_KEYTYPE_ARCFOUR_56=no)]) # Heimdals with KEYTYPE_ARCFOUR but not KEYTYPE_ARCFOUR_56 are broken # w.r.t. arcfour and windows, so we must not enable it here if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5" = x"yes" -a\ x"$samba_cv_HAVE_KEYTYPE_ARCFOUR_56" = x"yes"; then AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1, [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available]) fi AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY], samba_cv_HAVE_AP_OPTS_USE_SUBKEY,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_flags ap_options; ap_options = AP_OPTS_USE_SUBKEY;], samba_cv_HAVE_AP_OPTS_USE_SUBKEY=yes, samba_cv_HAVE_AP_OPTS_USE_SUBKEY=no)]) if test x"$samba_cv_HAVE_AP_OPTS_USE_SUBKEY" = x"yes"; then AC_DEFINE(HAVE_AP_OPTS_USE_SUBKEY,1, [Whether the AP_OPTS_USE_SUBKEY ap option is available]) fi AC_CACHE_CHECK([for KV5M_KEYTAB], samba_cv_HAVE_KV5M_KEYTAB,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_keytab_entry entry; entry.magic = KV5M_KEYTAB;], samba_cv_HAVE_KV5M_KEYTAB=yes, samba_cv_HAVE_KV5M_KEYTAB=no)]) if test x"$samba_cv_HAVE_KV5M_KEYTAB" = x"yes"; then AC_DEFINE(HAVE_KV5M_KEYTAB,1, [Whether the KV5M_KEYTAB option is available]) fi AC_CACHE_CHECK([for the krb5_princ_component macro], samba_cv_HAVE_KRB5_PRINC_COMPONENT,[ AC_TRY_LINK([#include <krb5.h>], [const krb5_data *pkdata; krb5_context context; krb5_principal principal; pkdata = krb5_princ_component(context, principal, 0);], samba_cv_HAVE_KRB5_PRINC_COMPONENT=yes, samba_cv_HAVE_KRB5_PRINC_COMPONENT=no)]) if test x"$samba_cv_HAVE_KRB5_PRINC_COMPONENT" = x"yes"; then AC_DEFINE(HAVE_KRB5_PRINC_COMPONENT,1, [Whether krb5_princ_component is available]) fi AC_CACHE_CHECK([for key in krb5_keytab_entry], samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_keytab_entry entry; krb5_keyblock e; entry.key = e;], samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=yes, samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=no)]) if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY" = x"yes"; then AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEY,1, [Whether krb5_keytab_entry has key member]) fi AC_CACHE_CHECK([for keyblock in krb5_keytab_entry], samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_keytab_entry entry; entry.keyblock.keytype = 0;], samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=yes, samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=no)]) if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK" = x"yes"; then AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,1, [Whether krb5_keytab_entry has keyblock member]) fi AC_CACHE_CHECK([for WRFILE: keytab support], samba_cv_HAVE_WRFILE_KEYTAB,[ AC_TRY_RUN([ #include<krb5.h> main() { krb5_context context; krb5_keytab keytab; krb5_init_context(&context); if (krb5_kt_resolve(context, "WRFILE:api", &keytab)) exit(0); exit(1); }], samba_cv_HAVE_WRFILE_KEYTAB=no, samba_cv_HAVE_WRFILE_KEYTAB=yes)]) if test x"$samba_cv_HAVE_WRFILE_KEYTAB" = x"yes"; then AC_DEFINE(HAVE_WRFILE_KEYTAB,1, [Whether the WRFILE:-keytab is supported]) fi AC_CACHE_CHECK([for krb5_princ_realm returns krb5_realm or krb5_data], samba_cv_KRB5_PRINC_REALM_RETURNS_REALM,[ AC_TRY_COMPILE([#include <krb5.h>], [krb5_context context;krb5_principal principal;krb5_realm realm; realm = *krb5_princ_realm(context, principal);], samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=yes, samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=no)]) if test x"$samba_cv_KRB5_PRINC_REALM_RETURNS_REALM" = x"yes"; then AC_DEFINE(KRB5_PRINC_REALM_RETURNS_REALM,1, [Whether krb5_princ_realm returns krb5_realm or krb5_data]) fi if test x"$ac_cv_lib_ext_krb5_krb5_mk_req_extended" = x"yes"; then AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support]) AC_MSG_CHECKING(whether KRB5 support is used) SMB_EXT_LIB_ENABLE(KRB5,YES) AC_MSG_RESULT(yes) else if test x"$with_krb5_support" = x"yes"; then AC_MSG_ERROR(a working krb5 library is needed for KRB5 support) else AC_MSG_WARN(a working krb5 library is needed for KRB5 support) fi KRB5_CFLAGS="" KRB5_CPPFLAGS="" KRB5_LDFLAGS="" KRB5_LIBS="" with_krb5_support=no fi CFLAGS=$ac_save_CFLAGS CPPFLAGS=$ac_save_CPPFLAGS LDFLAGS=$ac_save_LDFLAGS LIBS="$ac_save_LIBS" # as a nasty hack add the krb5 stuff to the global vars, # at some point this should not be needed anymore when the build system # can handle that alone CFLAGS="$CFLAGS $KRB5_CFLAGS" CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS" LDFLAGS="$LDFLAGS $KRB5_LDFLAGS" fi SMB_EXT_LIB(LDAP,[${LDAP_LIBS}],[${LDAP_CFLAGS}],[${LDAP_CPPFLAGS}],[${LDAP_LDFLAGS}]) SMB_EXT_LIB(KRB5,[${KRB5_LIBS}],[${KRB5_CFLAGS}],[${KRB5_CPPFLAGS}],[${KRB5_LDFLAGS}])