AC_PREREQ([2.50])
-AC_INIT([shibboleth],[2.4],[https://bugs.internet2.edu/],[shibboleth])
+AC_INIT([shibboleth],[2.5],[https://bugs.internet2.edu/],[shibboleth])
AC_CONFIG_SRCDIR(shibsp)
AC_CONFIG_AUX_DIR(build-aux)
AC_CONFIG_MACRO_DIR(m4)
AM_INIT_AUTOMAKE
-LT_INIT
+AC_DISABLE_STATIC
+AC_PROG_LIBTOOL
# Docygen features
DX_HTML_FEATURE(ON)
GCC_CXXFLAGS="$CXXFLAGS -O2 -DNDEBUG"
fi
-AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_HEADERS([config.h shibsp/config_pub.h])
AC_CONFIG_FILES([shibboleth.spec pkginfo Portfile])
AC_PROG_CC([gcc gcc3 cc])
AC_PROG_CXX([g++ g++3 c++ CC])
-AC_DISABLE_STATIC
AC_CANONICAL_HOST
if test "$GCC" = "yes" ; then
# Checks for library functions.
AC_FUNC_STRFTIME
AC_FUNC_STRERROR_R
+AC_CHECK_HEADERS([sys/utsname.h])
AC_CHECK_FUNCS([strchr strdup strstr timegm gmtime_r strtok_r strcasecmp])
# checks for pthreads
AC_MSG_CHECKING([Xerces version])
AC_PREPROC_IFELSE(
[AC_LANG_PROGRAM([#include <xercesc/util/XercesVersion.hpp>],
-[#if _XERCES_VERSION != 20600
+[#if _XERCES_VERSION >= 20700
int i = 0;
#else
-#error cannot use version 2.6.0
+#error version 2.7.0 or above required
#endif])],
[AC_MSG_RESULT(OK)],
- [AC_MSG_FAILURE([Xerces-C v2.6.0 has bugs that inhibit use with signed XML, please use a newer version])])
+ [AC_MSG_FAILURE([Xerces-C v2.7.0 or higher is required, v3.x preferred])])
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[#include <xercesc/util/PlatformUtils.hpp>]],[[xercesc::XMLPlatformUtils::Initialize()]])],
,[AC_MSG_ERROR([unable to link with Xerces])])
[AC_MSG_RESULT([yes])AC_DEFINE([SHIBSP_XERCESC_SHORT_ACCEPTNODE],[1],[Define to 1 if Xerces DOMNodeFilter API returns a short.])],
[AC_MSG_RESULT([no])])
+# XML-Security settings
+AC_ARG_WITH(xmlsec,
+ AS_HELP_STRING([--with-xmlsec=PATH],[where xmlsec is installed]),,
+ [with_xmlsec=/usr])
+
+if test x_$with_xmlsec != x_/usr; then
+ LDFLAGS="-L${with_xmlsec}/lib $LDFLAGS"
+ CPPFLAGS="-I${with_xmlsec}/include $CPPFLAGS"
+fi
+XMLSEC_LIBS="-lxml-security-c $XMLSEC_LIBS"
+
+# save and append master libs
+save_LIBS="$LIBS"
+LIBS="$XMLSEC_LIBS $LIBS"
+
+AC_CHECK_HEADER([xsec/utils/XSECPlatformUtils.hpp],,AC_MSG_ERROR([unable to find XML-Security-C header files]))
+AC_MSG_CHECKING([XML-Security-C version])
+AC_PREPROC_IFELSE(
+ [AC_LANG_PROGRAM([#include <xsec/utils/XSECPlatformUtils.hpp>],
+ [#if XSEC_VERSION_MAJOR > 1 || (XSEC_VERSION_MAJOR == 1 && XSEC_VERSION_MEDIUM > 3)
+int i = 0;
+#else
+#error need version 1.4.0 or later
+#endif])],
+ [AC_MSG_RESULT(OK)],
+ [AC_MSG_FAILURE([XML-Security-C version 1.4.0 or greater is required.])])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[#include <xsec/utils/XSECPlatformUtils.hpp>]],
+ [[XSECPlatformUtils::Initialise()]])],,
+ [AC_MSG_ERROR([unable to link with XML-Security])])
+
+AC_MSG_CHECKING([whether XML-Security-C supports white/blacklisting of algorithms])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <xsec/framework/XSECAlgorithmMapper.hpp>]], [[XSECAlgorithmMapper* mapper; mapper->whitelistAlgorithm(NULL);]])],[AC_MSG_RESULT([yes])
+ AC_DEFINE([SHIBSP_XMLSEC_WHITELISTING],[1],[Define to 1 if XML-Security-C supports white/blacklisting algorithms.])],[AC_MSG_RESULT([no])])
+
+# restore master libs
+LIBS="$save_LIBS"
+
#XML-Tooling settings
AC_ARG_WITH(xmltooling,
AS_HELP_STRING([--with-xmltooling=PATH],[where xmltooling is installed]),
DX_INCLUDE="${with_xmltooling}/include"
fi])
LITE_LIBS="-lxmltooling-lite"
-XMLSEC_LIBS="-lxmltooling"
+XMLSEC_LIBS="-lxmltooling $XMLSEC_LIBS"
AC_CHECK_HEADER([xmltooling/base.h],,AC_MSG_ERROR([unable to find xmltooling header files]))
XMLTOOLINGXMLDIR="$XMLTOOLINGXMLDIR/share/xml/xmltooling"
AC_SUBST(XMLTOOLINGXMLDIR)
-# XML-Security settings
-AC_ARG_WITH(xmlsec,
- AS_HELP_STRING([--with-xmlsec=PATH],[where xmlsec is installed]),,
- [with_xmlsec=/usr])
-
-if test x_$with_xmlsec != x_/usr; then
- LDFLAGS="-L${with_xmlsec}/lib $LDFLAGS"
- CPPFLAGS="-I${with_xmlsec}/include $CPPFLAGS"
-fi
-XMLSEC_LIBS="-lxml-security-c $XMLSEC_LIBS"
-
-# save and append master libs
-save_LIBS="$LIBS"
-LIBS="$XMLSEC_LIBS $LIBS"
-
-AC_CHECK_HEADER([xsec/utils/XSECPlatformUtils.hpp],,AC_MSG_ERROR([unable to find XML-Security-C header files]))
-AC_MSG_CHECKING([XML-Security-C version])
-AC_PREPROC_IFELSE(
- [AC_LANG_PROGRAM([#include <xsec/utils/XSECPlatformUtils.hpp>],
- [#if XSEC_VERSION_MAJOR > 1 || (XSEC_VERSION_MAJOR == 1 && XSEC_VERSION_MEDIUM > 3)
-int i = 0;
-#else
-#error need version 1.4.0 or later
-#endif])],
- [AC_MSG_RESULT(OK)],
- [AC_MSG_FAILURE([XML-Security-C version 1.4.0 or greater is required.])])
-AC_LINK_IFELSE(
- [AC_LANG_PROGRAM([[#include <xsec/utils/XSECPlatformUtils.hpp>]],
- [[XSECPlatformUtils::Initialise()]])],,
- [AC_MSG_ERROR([unable to link with XML-Security])])
-
-
-AC_MSG_CHECKING([whether XML-Security-C supports white/blacklisting of algorithms])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <xsec/framework/XSECAlgorithmMapper.hpp>]], [[XSECAlgorithmMapper* mapper; mapper->whitelistAlgorithm(NULL);]])],[AC_MSG_RESULT([yes])
- AC_DEFINE([SHIBSP_XMLSEC_WHITELISTING],[1],[Define to 1 if XML-Security-C supports white/blacklisting algorithms.])],[AC_MSG_RESULT([no])])
-
-
-# restore master libs
-LIBS="$save_LIBS"
-
# OpenSAML settings
AC_ARG_WITH(saml,
AS_HELP_STRING([--with-saml=PATH],[where saml is installed]),
AC_SUBST(XMLSEC_LIBS)
# output the underlying makefiles
-WANT_SUBDIRS="doc schemas configs shibsp shibd util"
+WANT_SUBDIRS="doc schemas configs shibsp plugins shibd util"
AC_CONFIG_FILES([Makefile doc/Makefile schemas/Makefile \
- configs/Makefile shibsp/Makefile shibd/Makefile \
- util/Makefile selinux/Makefile])
+ configs/Makefile shibsp/Makefile plugins/Makefile \
+ shibd/Makefile util/Makefile selinux/Makefile])
## ADFS?
AC_CONFIG_FILES([adfs/Makefile])
AC_SUBST(ODBC_LIBS)
fi
+# GSS-API checking
+
+GSSAPI_ROOT="/usr"
+AC_ARG_WITH(gssapi-includes,
+ AS_HELP_STRING([--with-gssapi-includes=DIR],[Specify location of GSSAPI header]),
+ [ GSSAPI_INCS="-I$withval"
+ want_gss="yes" ]
+)
+
+AC_ARG_WITH(gssapi-libs,
+ AS_HELP_STRING([--with-gssapi-libs=DIR],[Specify location of GSSAPI libs]),
+ [ GSSAPI_LIB_DIR="-L$withval"
+ want_gss="yes" ]
+)
+
+AC_ARG_WITH(gssapi,
+ AS_HELP_STRING([--with-gssapi=DIR],[Where to look for GSSAPI]),
+ [ GSSAPI_ROOT="$withval"
+ if test x"$GSSAPI_ROOT" != xno; then
+ want_gss="yes"
+ if test x"$GSSAPI_ROOT" = xyes; then
+ dnl if yes, then use default root
+ GSSAPI_ROOT="/usr"
+ fi
+ fi
+])
+
+save_CPPFLAGS="$CPPFLAGS"
+AC_MSG_CHECKING([if GSSAPI support is requested])
+if test x"$want_gss" = xyes; then
+ AC_MSG_RESULT(yes)
+
+ if test -z "$GSSAPI_INCS"; then
+ if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+ GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi`
+ elif test "$GSSAPI_ROOT" != "yes"; then
+ GSSAPI_INCS="-I$GSSAPI_ROOT/include"
+ fi
+ fi
+
+ CPPFLAGS="$CPPFLAGS $GSSAPI_INCS"
+
+ AC_CHECK_HEADER(gss.h,
+ [
+ dnl found in the given dirs
+ AC_DEFINE([SHIBSP_HAVE_GSSGNU],[1],[if you have the GNU gssapi libraries])
+ gnu_gss=yes
+ ],
+ [
+ dnl not found, check Heimdal or MIT
+ AC_CHECK_HEADERS([gssapi/gssapi.h], [], [not_mit=1])
+ AC_CHECK_HEADERS(
+ [gssapi/gssapi_generic.h gssapi/gssapi_krb5.h],
+ [],
+ [not_mit=1],
+ [
+AC_INCLUDES_DEFAULT
+#ifdef HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#endif
+ ])
+ if test "x$not_mit" = "x1"; then
+ dnl MIT not found, check for Heimdal
+ AC_CHECK_HEADER([gssapi.h],
+ [
+ dnl found
+ AC_DEFINE([SHIBSP_HAVE_GSSHEIMDAL],[1],[if you have the Heimdal gssapi libraries])
+ ],
+ [
+ dnl no header found, disabling GSS
+ want_gss=no
+ AC_MSG_WARN([disabling GSSAPI since no header files was found])
+ ]
+ )
+ else
+ dnl MIT found
+ AC_DEFINE([SHIBSP_HAVE_GSSMIT],[1],[if you have the MIT gssapi libraries])
+ dnl check if we have a really old MIT kerberos (<= 1.2)
+ AC_MSG_CHECKING([if gssapi headers declare GSS_C_NT_HOSTBASED_SERVICE])
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM([[
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+#include <gssapi/gssapi_krb5.h>
+ ]],[[
+ gss_import_name(
+ (OM_uint32 *)0,
+ (gss_buffer_t)0,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ (gss_name_t *)0);
+ ]])
+ ],[
+ AC_MSG_RESULT([yes])
+ ],[
+ AC_MSG_RESULT([no])
+ AC_DEFINE([HAVE_OLD_GSSMIT],[1],[if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE])
+ ])
+ fi
+ ]
+ )
+else
+ AC_MSG_RESULT(no)
+fi
+if test x"$want_gss" = xyes; then
+ AC_DEFINE([SHIBSP_HAVE_GSSAPI],[1],[if you have the gssapi libraries])
+
+ if test -n "$gnu_gss"; then
+ LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR"
+ LIBS="$LIBS -lgss"
+ else
+ if test -z "$GSSAPI_LIB_DIR"; then
+ GSSAPI_LIB_DIR="$GSSAPI_ROOT/lib$libsuff"
+ fi
+ if test "$GSSAPI_ROOT" != "yes"; then
+ LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff"
+ fi
+ if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+ dnl krb5-config doesn't have --libs-only-L or similar, put everything
+ dnl into LIBS
+ gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
+ else
+ if test "x$not_mit" = "x1"; then
+ gss_libs="-lgssapi"
+ else
+ gss_libs="-lgssapi_krb5"
+ fi
+ fi
+ LIBS="$LIBS $gss_libs"
+ fi
+
+ AC_MSG_CHECKING([whether GSS-API naming extensions are available])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[
+#ifdef SHIBSP_HAVE_GSSGNU
+# include <gss.h>
+#elif defined SHIBSP_HAVE_GSSMIT
+# include <gssapi/gssapi.h>
+# include <gssapi/gssapi_ext.h>
+#else
+# include <gssapi.h>
+#endif]],
+ [[gss_get_name_attribute(NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL);]])],
+ [AC_MSG_RESULT([yes])AC_DEFINE([HAVE_GSSAPI_NAMINGEXTS],[1],[Define to 1 if GSS-API naming extensions are available.])],
+ [AC_MSG_RESULT([no])])
+
+ AC_MSG_CHECKING([whether GSS-API composite name import is available])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[
+#ifdef SHIBSP_HAVE_GSSGNU
+# include <gss.h>
+#elif defined SHIBSP_HAVE_GSSMIT
+# include <gssapi/gssapi.h>
+# include <gssapi/gssapi_ext.h>
+#else
+# include <gssapi.h>
+#endif]],
+ [[
+ OM_uint32 minor;
+ gss_name_t srcname;
+ gss_buffer_desc importbuf;
+ gss_import_name(&minor, &importbuf, GSS_C_NT_EXPORT_NAME_COMPOSITE, &srcname);
+ ]])],
+ [AC_MSG_RESULT([yes])AC_DEFINE([HAVE_GSSAPI_COMPOSITE_NAME],[1],[Define to 1 if GSS-API composite name import is available.])],
+ [AC_MSG_RESULT([no])])
+
+else
+ CPPFLAGS="$save_CPPFLAGS"
+fi
+
AC_SUBST(WANT_SUBDIRS)