1# NOTE! this whole m4 file is disabled in configure.in for now 2 3################################################# 4# KRB5 support 5KRB5_CFLAGS="" 6KRB5_CPPFLAGS="" 7KRB5_LDFLAGS="" 8KRB5_LIBS="" 9with_krb5_support=auto 10krb5_withval=auto 11AC_MSG_CHECKING([for KRB5 support]) 12 13# Do no harm to the values of CFLAGS and LIBS while testing for 14# Kerberos support. 15AC_ARG_WITH(krb5, 16[ --with-krb5=base-dir Locate Kerberos 5 support (default=auto)], 17 [ case "$withval" in 18 no) 19 with_krb5_support=no 20 AC_MSG_RESULT(no) 21 krb5_withval=no 22 ;; 23 yes) 24 with_krb5_support=yes 25 AC_MSG_RESULT(yes) 26 krb5_withval=yes 27 ;; 28 auto) 29 with_krb5_support=auto 30 AC_MSG_RESULT(auto) 31 krb5_withval=auto 32 ;; 33 *) 34 with_krb5_support=yes 35 AC_MSG_RESULT(yes) 36 krb5_withval=$withval 37 KRB5CONFIG="$krb5_withval/bin/krb5-config" 38 ;; 39 esac ], 40 AC_MSG_RESULT($with_krb5_support) 41) 42 43if test x$with_krb5_support != x"no"; then 44 FOUND_KRB5=no 45 FOUND_KRB5_VIA_CONFIG=no 46 47 ################################################# 48 # check for krb5-config from recent MIT and Heimdal kerberos 5 49 AC_MSG_CHECKING(for working specified location for krb5-config) 50 if test x$KRB5CONFIG != "x"; then 51 if test -x "$KRB5CONFIG"; then 52 ac_save_CFLAGS=$CFLAGS 53 CFLAGS="";export CFLAGS 54 ac_save_LDFLAGS=$LDFLAGS 55 LDFLAGS="";export LDFLAGS 56 KRB5_LIBS="`$KRB5CONFIG --libs gssapi`" 57 KRB5_CFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`" 58 KRB5_CPPFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`" 59 CFLAGS=$ac_save_CFLAGS;export CFLAGS 60 LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS 61 FOUND_KRB5=yes 62 FOUND_KRB5_VIA_CONFIG=yes 63 AC_MSG_RESULT(yes. Found $KRB5CONFIG) 64 else 65 AC_MSG_RESULT(no. Fallback to specified directory) 66 fi 67 else 68 AC_MSG_RESULT(no. Fallback to finding krb5-config in path) 69 ################################################# 70 # check for krb5-config from recent MIT and Heimdal kerberos 5 71 AC_PATH_PROG(KRB5CONFIG, krb5-config) 72 AC_MSG_CHECKING(for working krb5-config in path) 73 if test -x "$KRB5CONFIG"; then 74 ac_save_CFLAGS=$CFLAGS 75 CFLAGS="";export CFLAGS 76 ac_save_LDFLAGS=$LDFLAGS 77 LDFLAGS="";export LDFLAGS 78 KRB5_LIBS="`$KRB5CONFIG --libs gssapi`" 79 KRB5_CFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`" 80 KRB5_CPPFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`" 81 CFLAGS=$ac_save_CFLAGS;export CFLAGS 82 LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS 83 FOUND_KRB5=yes 84 FOUND_KRB5_VIA_CONFIG=yes 85 AC_MSG_RESULT(yes. Found $KRB5CONFIG) 86 else 87 AC_MSG_RESULT(no. Fallback to previous krb5 detection strategy) 88 fi 89 fi 90 91 if test x$FOUND_KRB5 != x"yes"; then 92 ################################################# 93 # check for location of Kerberos 5 install 94 AC_MSG_CHECKING(for kerberos 5 install path) 95 case "$krb5_withval" in 96 no) 97 AC_MSG_RESULT(no krb5-path given) 98 ;; 99 yes) 100 AC_MSG_RESULT(/usr) 101 FOUND_KRB5=yes 102 ;; 103 *) 104 AC_MSG_RESULT($krb5_withval) 105 KRB5_CFLAGS="-I$krb5_withval/include" 106 KRB5_CPPFLAGS="-I$krb5_withval/include" 107 KRB5_LDFLAGS="-L$krb5_withval/lib" 108 FOUND_KRB5=yes 109 ;; 110 esac 111 fi 112 113 if test x$FOUND_KRB5 != x"yes"; then 114 ################################################# 115 # see if this box has the SuSE location for the heimdal krb implementation 116 AC_MSG_CHECKING(for /usr/include/heimdal) 117 if test -d /usr/include/heimdal; then 118 if test -f /usr/lib/heimdal/lib/libkrb5.a; then 119 KRB5_CFLAGS="-I/usr/include/heimdal" 120 KRB5_CPPFLAGS="-I/usr/include/heimdal" 121 KRB5_LDFLAGS="-L/usr/lib/heimdal/lib" 122 AC_MSG_RESULT(yes) 123 else 124 KRB5_CFLAGS="-I/usr/include/heimdal" 125 KRB5_CPPFLAGS="-I/usr/include/heimdal" 126 AC_MSG_RESULT(yes) 127 fi 128 else 129 AC_MSG_RESULT(no) 130 fi 131 fi 132 133 if test x$FOUND_KRB5 != x"yes"; then 134 ################################################# 135 # see if this box has the RedHat location for kerberos 136 AC_MSG_CHECKING(for /usr/kerberos) 137 if test -d /usr/kerberos -a -f /usr/kerberos/lib/libkrb5.a; then 138 KRB5_LDFLAGS="-L/usr/kerberos/lib" 139 KRB5_CFLAGS="-I/usr/kerberos/include" 140 KRB5_CPPFLAGS="-I/usr/kerberos/include" 141 AC_MSG_RESULT(yes) 142 else 143 AC_MSG_RESULT(no) 144 fi 145 fi 146 147 ac_save_CFLAGS=$CFLAGS 148 ac_save_CPPFLAGS=$CPPFLAGS 149 ac_save_LDFLAGS=$LDFLAGS 150 151 #MIT needs this, to let us see 'internal' parts of the headers we use 152 KRB5_CFLAGS="${KRB5_CFLAGS} -DKRB5_PRIVATE -DKRB5_DEPRECATED" 153 154 #Heimdal needs this 155 #TODO: we need to parse KRB5_LIBS for -L path 156 # and set -Wl,-rpath -Wl,path 157 158 CFLAGS="$CFLAGS $KRB5_CFLAGS" 159 CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS" 160 LDFLAGS="$LDFLAGS $KRB5_LDFLAGS" 161 162 KRB5_LIBS="$KRB5_LDFLAGS $KRB5_LIBS" 163 164 # now check for krb5.h. Some systems have the libraries without the headers! 165 # note that this check is done here to allow for different kerberos 166 # include paths 167 AC_CHECK_HEADERS(krb5.h) 168 169 if test x"$ac_cv_header_krb5_h" = x"no"; then 170 # Give a warning if KRB5 support was not explicitly requested, 171 # i.e with_krb5_support = auto, otherwise die with an error. 172 if test x"$with_krb5_support" = x"yes"; then 173 AC_MSG_ERROR([KRB5 cannot be supported without krb5.h]) 174 else 175 AC_MSG_WARN([KRB5 cannot be supported without krb5.h]) 176 fi 177 # Turn off AD support and restore CFLAGS and LIBS variables 178 with_krb5_support="no" 179 fi 180 181 CFLAGS=$ac_save_CFLAGS 182 CPPFLAGS=$ac_save_CPPFLAGS 183 LDFLAGS=$ac_save_LDFLAGS 184fi 185 186# Now we have determined whether we really want KRB5 support 187 188if test x"$with_krb5_support" != x"no"; then 189 ac_save_CFLAGS=$CFLAGS 190 ac_save_CPPFLAGS=$CPPFLAGS 191 ac_save_LDFLAGS=$LDFLAGS 192 ac_save_LIBS=$LIBS 193 194 CFLAGS="$CFLAGS $KRB5_CFLAGS" 195 CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS" 196 LDFLAGS="$LDFLAGS $KRB5_LDFLAGS" 197 198 # now check for gssapi headers. This is also done here to allow for 199 # different kerberos include paths 200 AC_CHECK_HEADERS(gssapi.h gssapi_krb5.h gssapi/gssapi.h gssapi/gssapi_generic.h gssapi/gssapi_krb5.h com_err.h) 201 202 203 # Heimdal checks. 204 # But only if we didn't have a krb5-config to tell us this already 205 if test x"$FOUND_KRB5_VIA_CONFIG" != x"yes"; then 206 ################################################################## 207 # we might need the k5crypto and com_err libraries on some systems 208 AC_CHECK_LIB_EXT(com_err, KRB5_LIBS, _et_list) 209 AC_CHECK_LIB_EXT(k5crypto, KRB5_LIBS, krb5_encrypt_data) 210 211 AC_CHECK_LIB_EXT(crypto, KRB5_LIBS, des_set_key) 212 AC_CHECK_LIB_EXT(asn1, KRB5_LIBS, copy_Authenticator) 213 AC_CHECK_LIB_EXT(roken, KRB5_LIBS, roken_getaddrinfo_hostspec) 214 fi 215 216 # Heimdal checks. On static Heimdal gssapi must be linked before krb5. 217 AC_CHECK_LIB_EXT(gssapi, KRB5_LIBS, gss_display_status,[],[], 218 AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])) 219 220 ######################################################## 221 # now see if we can find the krb5 libs in standard paths 222 # or as specified above 223 AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_mk_req_extended) 224 AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_kt_compare) 225 226 ######################################################## 227 # now see if we can find the gssapi libs in standard paths 228 if test x"$ac_cv_lib_ext_gssapi_gss_display_status" != x"yes"; then 229 AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[], 230 AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])) 231 fi 232 233 AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS) 234 AC_CHECK_FUNC_EXT(krb5_set_default_in_tkt_etypes, $KRB5_LIBS) 235 AC_CHECK_FUNC_EXT(krb5_set_default_tgs_ktypes, $KRB5_LIBS) 236 AC_CHECK_FUNC_EXT(krb5_principal2salt, $KRB5_LIBS) 237 AC_CHECK_FUNC_EXT(krb5_use_enctype, $KRB5_LIBS) 238 AC_CHECK_FUNC_EXT(krb5_string_to_key, $KRB5_LIBS) 239 AC_CHECK_FUNC_EXT(krb5_get_pw_salt, $KRB5_LIBS) 240 AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS) 241 AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS) 242 AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS) 243 AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS) 244 AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS) 245 AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS) 246 AC_CHECK_FUNC_EXT(krb5_free_ktypes, $KRB5_LIBS) 247 AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS) 248 AC_CHECK_FUNC_EXT(krb5_principal_get_comp_string, $KRB5_LIBS) 249 AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS) 250 AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS) 251 AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS) 252 AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS) 253 AC_CHECK_FUNC_EXT(krb5_verify_checksum, $KRB5_LIBS) 254 AC_CHECK_FUNC_EXT(krb5_c_verify_checksum, $KRB5_LIBS) 255 AC_CHECK_FUNC_EXT(krb5_ticket_get_authorization_data_type, $KRB5_LIBS) 256 AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS) 257 AC_CHECK_FUNC_EXT(krb5_c_enctype_compare, $KRB5_LIBS) 258 AC_CHECK_FUNC_EXT(krb5_enctypes_compatible_keys, $KRB5_LIBS) 259 AC_CHECK_FUNC_EXT(krb5_get_error_string, $KRB5_LIBS) 260 AC_CHECK_FUNC_EXT(krb5_free_error_string, $KRB5_LIBS) 261 AC_CHECK_FUNC_EXT(krb5_initlog, $KRB5_LIBS) 262 AC_CHECK_FUNC_EXT(krb5_addlog_func, $KRB5_LIBS) 263 AC_CHECK_FUNC_EXT(krb5_set_warn_dest, $KRB5_LIBS) 264 265 LIBS="$LIBS $KRB5_LIBS" 266 267 AC_CACHE_CHECK([for krb5_log_facility type], 268 samba_cv_HAVE_KRB5_LOG_FACILITY,[ 269 AC_TRY_COMPILE([#include <krb5.h>], 270 [krb5_log_facility block;], 271 samba_cv_HAVE_KRB5_LOG_FACILITY=yes, 272 samba_cv_HAVE_KRB5_LOG_FACILITY=no)]) 273 274 if test x"$samba_cv_HAVE_KRB5_LOG_FACILITY" = x"yes"; then 275 AC_DEFINE(HAVE_KRB5_LOG_FACILITY,1, 276 [Whether the type krb5_log_facility exists]) 277 fi 278 279 AC_CACHE_CHECK([for krb5_encrypt_block type], 280 samba_cv_HAVE_KRB5_ENCRYPT_BLOCK,[ 281 AC_TRY_COMPILE([#include <krb5.h>], 282 [krb5_encrypt_block block;], 283 samba_cv_HAVE_KRB5_ENCRYPT_BLOCK=yes, 284 samba_cv_HAVE_KRB5_ENCRYPT_BLOCK=no)]) 285 286 if test x"$samba_cv_HAVE_KRB5_ENCRYPT_BLOCK" = x"yes"; then 287 AC_DEFINE(HAVE_KRB5_ENCRYPT_BLOCK,1, 288 [Whether the type krb5_encrypt_block exists]) 289 fi 290 291 AC_CACHE_CHECK([for addrtype in krb5_address], 292 samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[ 293 AC_TRY_COMPILE([#include <krb5.h>], 294 [krb5_address kaddr; kaddr.addrtype = ADDRTYPE_INET;], 295 samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=yes, 296 samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=no)]) 297 if test x"$samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS" = x"yes"; then 298 AC_DEFINE(HAVE_ADDRTYPE_IN_KRB5_ADDRESS,1, 299 [Whether the krb5_address struct has a addrtype property]) 300 fi 301 302 AC_CACHE_CHECK([for addr_type in krb5_address], 303 samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,[ 304 AC_TRY_COMPILE([#include <krb5.h>], 305 [krb5_address kaddr; kaddr.addr_type = KRB5_ADDRESS_INET;], 306 samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=yes, 307 samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=no)]) 308 if test x"$samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS" = x"yes"; then 309 AC_DEFINE(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,1, 310 [Whether the krb5_address struct has a addr_type property]) 311 fi 312 313 AC_CACHE_CHECK([for enc_part2 in krb5_ticket], 314 samba_cv_HAVE_KRB5_TKT_ENC_PART2,[ 315 AC_TRY_COMPILE([#include <krb5.h>], 316 [krb5_ticket tkt; tkt.enc_part2->authorization_data[0]->contents = NULL;], 317 samba_cv_HAVE_KRB5_TKT_ENC_PART2=yes, 318 samba_cv_HAVE_KRB5_TKT_ENC_PART2=no)]) 319 if test x"$samba_cv_HAVE_KRB5_TKT_ENC_PART2" = x"yes"; then 320 AC_DEFINE(HAVE_KRB5_TKT_ENC_PART2,1, 321 [Whether the krb5_ticket struct has a enc_part2 property]) 322 fi 323 324 AC_CACHE_CHECK([for keyblock in krb5_creds], 325 samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS,[ 326 AC_TRY_COMPILE([#include <krb5.h>], 327 [krb5_creds creds; krb5_keyblock kb; creds.keyblock = kb;], 328 samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS=yes, 329 samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS=no)]) 330 331 if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS" = x"yes"; then 332 AC_DEFINE(HAVE_KRB5_KEYBLOCK_IN_CREDS,1, 333 [Whether the krb5_creds struct has a keyblock property]) 334 fi 335 336 AC_CACHE_CHECK([for session in krb5_creds], 337 samba_cv_HAVE_KRB5_SESSION_IN_CREDS,[ 338 AC_TRY_COMPILE([#include <krb5.h>], 339 [krb5_creds creds; krb5_keyblock kb; creds.session = kb;], 340 samba_cv_HAVE_KRB5_SESSION_IN_CREDS=yes, 341 samba_cv_HAVE_KRB5_SESSION_IN_CREDS=no)]) 342 343 if test x"$samba_cv_HAVE_KRB5_SESSION_IN_CREDS" = x"yes"; then 344 AC_DEFINE(HAVE_KRB5_SESSION_IN_CREDS,1, 345 [Whether the krb5_creds struct has a session property]) 346 fi 347 348 AC_CACHE_CHECK([for keyvalue in krb5_keyblock], 349 samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE,[ 350 AC_TRY_COMPILE([#include <krb5.h>], 351 [krb5_keyblock key; key.keyvalue.data = NULL;], 352 samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=yes, 353 samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=no)]) 354 if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE" = x"yes"; then 355 AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1, 356 [Whether the krb5_keyblock struct has a keyvalue property]) 357 fi 358 359 AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5], 360 samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[ 361 AC_TRY_COMPILE([#include <krb5.h>], 362 [krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC_MD5;], 363 samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=yes, 364 samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=no)]) 365 AC_CACHE_CHECK([for KEYTYPE_ARCFOUR_56], 366 samba_cv_HAVE_KEYTYPE_ARCFOUR_56,[ 367 AC_TRY_COMPILE([#include <krb5.h>], 368 [krb5_keytype keytype; keytype = KEYTYPE_ARCFOUR_56;], 369 samba_cv_HAVE_KEYTYPE_ARCFOUR_56=yes, 370 samba_cv_HAVE_KEYTYPE_ARCFOUR_56=no)]) 371 # Heimdals with KEYTYPE_ARCFOUR but not KEYTYPE_ARCFOUR_56 are broken 372 # w.r.t. arcfour and windows, so we must not enable it here 373 if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5" = x"yes" -a\ 374 x"$samba_cv_HAVE_KEYTYPE_ARCFOUR_56" = x"yes"; then 375 AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1, 376 [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available]) 377 fi 378 379 AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY], 380 samba_cv_HAVE_AP_OPTS_USE_SUBKEY,[ 381 AC_TRY_COMPILE([#include <krb5.h>], 382 [krb5_flags ap_options; ap_options = AP_OPTS_USE_SUBKEY;], 383 samba_cv_HAVE_AP_OPTS_USE_SUBKEY=yes, 384 samba_cv_HAVE_AP_OPTS_USE_SUBKEY=no)]) 385 if test x"$samba_cv_HAVE_AP_OPTS_USE_SUBKEY" = x"yes"; then 386 AC_DEFINE(HAVE_AP_OPTS_USE_SUBKEY,1, 387 [Whether the AP_OPTS_USE_SUBKEY ap option is available]) 388 fi 389 390 AC_CACHE_CHECK([for KV5M_KEYTAB], 391 samba_cv_HAVE_KV5M_KEYTAB,[ 392 AC_TRY_COMPILE([#include <krb5.h>], 393 [krb5_keytab_entry entry; entry.magic = KV5M_KEYTAB;], 394 samba_cv_HAVE_KV5M_KEYTAB=yes, 395 samba_cv_HAVE_KV5M_KEYTAB=no)]) 396 if test x"$samba_cv_HAVE_KV5M_KEYTAB" = x"yes"; then 397 AC_DEFINE(HAVE_KV5M_KEYTAB,1, 398 [Whether the KV5M_KEYTAB option is available]) 399 fi 400 401 AC_CACHE_CHECK([for the krb5_princ_component macro], 402 samba_cv_HAVE_KRB5_PRINC_COMPONENT,[ 403 AC_TRY_LINK([#include <krb5.h>], 404 [const krb5_data *pkdata; krb5_context context; krb5_principal principal; 405 pkdata = krb5_princ_component(context, principal, 0);], 406 samba_cv_HAVE_KRB5_PRINC_COMPONENT=yes, 407 samba_cv_HAVE_KRB5_PRINC_COMPONENT=no)]) 408 if test x"$samba_cv_HAVE_KRB5_PRINC_COMPONENT" = x"yes"; then 409 AC_DEFINE(HAVE_KRB5_PRINC_COMPONENT,1, 410 [Whether krb5_princ_component is available]) 411 fi 412 413 AC_CACHE_CHECK([for key in krb5_keytab_entry], 414 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY,[ 415 AC_TRY_COMPILE([#include <krb5.h>], 416 [krb5_keytab_entry entry; krb5_keyblock e; entry.key = e;], 417 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=yes, 418 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=no)]) 419 if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY" = x"yes"; then 420 AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEY,1, 421 [Whether krb5_keytab_entry has key member]) 422 fi 423 424 AC_CACHE_CHECK([for keyblock in krb5_keytab_entry], 425 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,[ 426 AC_TRY_COMPILE([#include <krb5.h>], 427 [krb5_keytab_entry entry; entry.keyblock.keytype = 0;], 428 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=yes, 429 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=no)]) 430 if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK" = x"yes"; then 431 AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,1, 432 [Whether krb5_keytab_entry has keyblock member]) 433 fi 434 435 AC_CACHE_CHECK([for WRFILE: keytab support], 436 samba_cv_HAVE_WRFILE_KEYTAB,[ 437 AC_TRY_RUN([ 438 #include<krb5.h> 439 main() 440 { 441 krb5_context context; 442 krb5_keytab keytab; 443 krb5_init_context(&context); 444 return krb5_kt_resolve(context, "WRFILE:api", &keytab); 445 }], 446 samba_cv_HAVE_WRFILE_KEYTAB=yes, 447 samba_cv_HAVE_WRFILE_KEYTAB=no)]) 448 if test x"$samba_cv_HAVE_WRFILE_KEYTAB" = x"yes"; then 449 AC_DEFINE(HAVE_WRFILE_KEYTAB,1, 450 [Whether the WRFILE:-keytab is supported]) 451 fi 452 453 AC_CACHE_CHECK([for krb5_princ_realm returns krb5_realm or krb5_data], 454 samba_cv_KRB5_PRINC_REALM_RETURNS_REALM,[ 455 AC_TRY_COMPILE([#include <krb5.h>], 456 [krb5_context context;krb5_principal principal;krb5_realm realm; 457 realm = *krb5_princ_realm(context, principal);], 458 samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=yes, 459 samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=no)]) 460 if test x"$samba_cv_KRB5_PRINC_REALM_RETURNS_REALM" = x"yes"; then 461 AC_DEFINE(KRB5_PRINC_REALM_RETURNS_REALM,1, 462 [Whether krb5_princ_realm returns krb5_realm or krb5_data]) 463 fi 464 465 # TODO: check all gssapi headers for this 466 AC_CACHE_CHECK([for GSS_C_DCE_STYLE in gssapi.h], 467 samba_cv_GSS_C_DCE_STYLE,[ 468 AC_TRY_COMPILE([#include <gssapi.h>], 469 [int flags = GSS_C_DCE_STYLE;], 470 samba_cv_GSS_C_DCE_STYLE=yes, 471 samba_cv_GSS_C_DCE_STYLE=no)]) 472 473 AC_CHECK_FUNC_EXT(gsskrb5_get_initiator_subkey, $KRB5_LIBS) 474 AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS) 475 AC_CHECK_FUNC_EXT(gsskrb5_register_acceptor_identity, $KRB5_LIBS) 476 AC_CHECK_FUNC_EXT(gss_krb5_ccache_name, $KRB5_LIBS) 477 if test x"$ac_cv_lib_ext_krb5_krb5_mk_req_extended" = x"yes"; then 478 AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support]) 479 AC_MSG_CHECKING(whether KRB5 support is used) 480 SMB_ENABLE(KRB5,YES) 481 AC_MSG_RESULT(yes) 482 echo "KRB5_CFLAGS: ${KRB5_CFLAGS}" 483 echo "KRB5_CPPFLAGS: ${KRB5_CPPFLAGS}" 484 echo "KRB5_LDFLAGS: ${KRB5_LDFLAGS}" 485 echo "KRB5_LIBS: ${KRB5_LIBS}" 486 else 487 if test x"$with_krb5_support" = x"yes"; then 488 AC_MSG_ERROR(a working krb5 library is needed for KRB5 support) 489 else 490 AC_MSG_WARN(a working krb5 library is needed for KRB5 support) 491 fi 492 KRB5_CFLAGS="" 493 KRB5_CPPFLAGS="" 494 KRB5_LDFLAGS="" 495 KRB5_LIBS="" 496 with_krb5_support=no 497 fi 498 499 # checks if we have access to a libkdc 500 # and can use it for our builtin kdc server_service 501 KDC_CFLAGS="" 502 KDC_CPPFLAGS="" 503 KDC_DLFLAGS="" 504 KDC_LIBS="" 505 AC_CHECK_HEADERS(kdc.h) 506 AC_CHECK_LIB_EXT(kdc, KDC_LIBS, krb5_kdc_default_config) 507 AC_CHECK_LIB_EXT(hdb, KDC_LIBS, hdb_generate_key_set_password) 508 509 AC_MSG_CHECKING(whether libkdc is used) 510 if test x"$ac_cv_header_kdc_h" = x"yes"; then 511 if test x"$ac_cv_lib_ext_kdc_krb5_kdc_default_config" = x"yes"; then 512 if test x"$ac_cv_lib_ext_hdb_hdb_generate_key_set_password" = x"yes"; then 513 SMB_ENABLE(KDC,YES) 514 AC_MSG_RESULT(yes) 515 echo "KDC_LIBS: ${KDC_LIBS}" 516 else 517 AC_MSG_RESULT(no) 518 fi 519 else 520 AC_MSG_RESULT(no) 521 fi 522 else 523 AC_MSG_RESULT(no) 524 fi 525 526 CFLAGS=$ac_save_CFLAGS 527 CPPFLAGS=$ac_save_CPPFLAGS 528 LDFLAGS=$ac_save_LDFLAGS 529 LIBS="$ac_save_LIBS" 530 531 # as a nasty hack add the krb5 stuff to the global vars, 532 # at some point this should not be needed anymore when the build system 533 # can handle that alone 534 CFLAGS="$CFLAGS $KRB5_CFLAGS" 535 CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS" 536 LDFLAGS="$LDFLAGS $KRB5_LDFLAGS" 537fi 538 539SMB_EXT_LIB(KRB5,[${KRB5_LIBS}],[${KRB5_CFLAGS}],[${KRB5_CPPFLAGS}],[${KRB5_LDFLAGS}]) 540SMB_EXT_LIB(KDC,[${KDC_LIBS}],[${KDC_CFLAGS}],[${KDC_CPPFLAGS}],[${KDC_LDFLAGS}]) 541