-# Process this file with autoconf to produce a configure script.
AC_REVISION($Revision$)
-AC_PREREQ(2.53)
-AC_INIT(mod_auth_kerb, 0.5-rc4, modauthkerb-developers@lists.sourceforge.net)
-AC_CONFIG_SRCDIR([src/mod_auth_kerb.c])
+AC_PREREQ(2.57)
+AC_INIT(mod_auth_gssapi, 0.1, modauthkerb-developers@lists.sourceforge.net)
+AC_CONFIG_SRCDIR([mod_auth_gssapi.c])
AC_CONFIG_HEADER([config.h])
# Checks for programs.
AC_PROG_CC
AC_PROG_MAKE_SET
-
-# Checks for libraries.
-# FIXME: Replace `main' with a function in `-lresolv':
-LIB_resolv=""
-AC_CHECK_LIB([resolv], [main], [LIB_resolv=-lresolv])
-AC_SUBST(LIB_resolv)
+AC_PROG_INSTALL
# Checks for header files.
AC_HEADER_STDC
AC_TYPE_SIZE_T
AC_STRUCT_TM
-# Checks for library functions.
-#AC_FUNC_MALLOC
-#AC_FUNC_MEMCMP
-#AC_CHECK_FUNCS([gethostbyname memset putenv strcasecmp strchr strdup strerror])
-
#
-# kerberos5 enviroment
+# GSS-API enviroment
#
-KRB5_CPPFLAGS=""
-KRB5_LDFLAGS=""
-krb5_config_command=krb5-config
SPNEGO_SRCS=""
-AC_ARG_WITH(krb5,
- AC_HELP_STRING([--with-krb5=dir],[use krb5 in dir]),
- [ with_krb5="$withval" ])
-
-if test "x$with_krb5" != "xno" ; then
- AC_MSG_CHECKING([for Kerberos5 installation])
- if test "x$with_krb5" != "x"; then
- if test -x "$with_krb5/bin/krb5-config"; then
- krb5_config_command="$with_krb5/bin/krb5-config"
- else
- # quick fix for OpenBSD installations where krb5-config is missing.
- # OpenBSD uses Heimdal, so add openbsd-specific configuration
- # libs for Heimdal
- KRB5_CPPFLAGS="-I$with_krb5/include"
- KRB5_LDFLAGS="-L$with_krb5/lib -lgssapi -lkrb5 -lasn1 -ldes -lcrypt"
- krb5_config_command=""
- fi
- fi
-
- if test -n "$krb5_config_command"; then
- KRB5_CPPFLAGS=`$krb5_config_command --cflags gssapi 2>/dev/null`
- KRB5_LDFLAGS=`$krb5_config_command --libs gssapi 2>/dev/null`
- fi
- if test "x$KRB5_LDFLAGS" = "x"; then
- with_krb5=no
- AC_MSG_RESULT(no)
- else
- AC_MSG_RESULT(yes)
-
- ac_save_CFLAGS=$CFLAGS
- ac_save_LDFLAGS=$LDFLAGS
- ac_save_LIBS=$LIBS
- CFLAGS="$CFLAGS $KRB5_CPPFLAGS"
- LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
- LIBS="$LIBS $LDFLAGS $LIB_resolv"
-
- AC_CHECK_LIB(krb5, krb5_init_context, [], [with_krb5=no])
-
- if test "x$with_krb5" != "xno"; then
- # check if krb5_cc_gen_new() is implemented by the krb5 library
- AC_CHECK_FUNC(krb5_cc_gen_new, [AC_DEFINE(HAVE_KRB5_CC_GEN_NEW)])
-
- # check for Heimdal
- AC_MSG_CHECKING(whether we are using Heimdal)
- AC_TRY_COMPILE([#include <krb5.h>],
- [ char *tmp = heimdal_version; ],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(HEIMDAL) ],
- [ AC_MSG_RESULT(no) ])
- fi
-
- CFLAGS=$ac_save_CFLAGS
- LDFLAGS=$ac_save_LDFLAGS
- LIBS=$ac_save_LIBS
- AC_DEFINE(KRB5)
- SPNEGO_SRCS="\
- spnegokrb5/asn1_MechType.c \
- spnegokrb5/asn1_MechTypeList.c \
- spnegokrb5/asn1_ContextFlags.c \
- spnegokrb5/asn1_NegTokenInit.c \
- spnegokrb5/asn1_NegTokenTarg.c \
- spnegokrb5/der_get.c \
- spnegokrb5/der_put.c \
- spnegokrb5/der_free.c \
- spnegokrb5/der_length.c \
- spnegokrb5/der_copy.c \
- spnegokrb5/timegm.c \
- spnegokrb5/init_sec_context.c \
- spnegokrb5/accept_sec_context.c \
- spnegokrb5/encapsulate.c \
- spnegokrb5/decapsulate.c \
- spnegokrb5/external.c"
- fi
+AC_ARG_WITH(gss,
+ AC_HELP_STRING([--with-gss=dir],[use gss in dir]),
+ [ with_gss="$withval" ])
+if test "x$with_gss" = "xyes" ; then
+ with_gss=""
fi
-AC_SUBST(KRB5_CPPFLAGS)
-AC_SUBST(KRB5_LDFLAGS)
-AC_SUBST(SPNEGO_SRCS)
-#
-# Kerberos4 enviroment
-#
-KRB4_CPPFLAGS=""
-KRB4_LDFLAGS=""
-
-AC_ARG_WITH(krb4,
- AC_HELP_STRING([--with-krb4=dir], [use krb4 in dir]),
- [ with_krb4="$withval" ])
-
-if test "x$with_krb4" != "xno"; then
- AC_MSG_CHECKING([for Kerberos4 installation])
- if test "x$with_krb4" != "x"; then
- if test -x "$with_krb4/bin/krb4-config"; then
- KRB4_CPPFLAGS=`$with_krb4/bin/krb4-config --cflags krb4 2>/dev/null`
- KRB4_LDFLAGS=`$with_krb4/bin/krb4-config --libs krb4 2>/dev/null`
- elif test -x "$with_krb4/bin/krb5-config"; then
- KRB4_CPPFLAGS=`$with_krb4/bin/krb5-config --cflags krb4 2>/dev/null`
- KRB4_LDFLAGS=`$with_krb4/bin/krb5-config --libs krb4 2>/dev/null`
- else
- AC_MSG_ERROR([failed to find krb4-config or krb5-config in $with_krb4/bin])
- fi
- else
- KRB4_CPPFLAGS=`krb4-config --cflags krb4 2>/dev/null`
- KRB4_LDFLAGS=`krb4-config --libs krb4 2>/dev/null`
- if test "x$KRB4_LDFLAGS" = "x"; then
- KRB4_CPPFLAGS=`$krb5_config_command --cflags krb4 2>/dev/null`
- KRB4_LDFLAGS=`$krb5_config_command --libs krb4 2>/dev/null`
- if test $? -ne 0; then
- KRB4_CPPFLAGS=""
- KRB4_LDFLAGS=""
- fi
- fi
- fi
- if test "x$KRB4_LDFLAGS" = "x"; then
- with_krb4=no
- AC_MSG_RESULT(no)
- else
- AC_MSG_RESULT(yes)
-
- ac_save_CFLAGS=$CFLAGS
- ac_save_CPPFLAGS=$CPPFLAGS
- ac_save_LDFLAGS=$LDFLAGS
- ac_save_LIBS=$LIBS
- CFLAGS="$CFLAGS $KRB4_CPPFLAGS"
- CPPFLAGS="$CFLAGS $KRB4_CPPFLAGS"
- LDFLAGS="$LDFLAGS $KRB4_LDFLAGS"
- LIBS="$LIBS $LDFLAGS $LIB_resolv"
-
-# if not found krb.h suppose it's in the kerberosIV subdirectory
- AC_CHECK_HEADER(krb.h, , with_krb4=no)
- if test "x$with_krb4" = "xno"; then
- KRB4_CPPFLAGS="$KRB4_CPPFLAGS ${KRB4_CPPFLAGS}/kerberosIV"
-# second run of AC_CHECK_HEADER for the same library returns the cached
-# result created by previous run :-(
- AC_CHECK_HEADER(kerberosIV/krb.h, with_krb4=yes,
- [ with_krb4=no
- KRB4_CPPFLAGS=""
- KRB4_LDFLAGS=""])
- fi
-
- if test "x$with_krb4" != "xno"; then
- AC_CHECK_LIB(krb4, krb_get_pw_in_tkt, [], [with_krb4=no])
- if test "x$with_krb4" = "xno"; then
- AC_CHECK_LIB(krb, krb_get_pw_in_tkt, [with_krb4=yes],
- [with_krb4=no
- KRB4_CPPFLAGS=""
- KRB4_LDFLAGS=""])
- fi
- fi
-
- CFLAGS=$ac_save_CFLAGS
- CPPFLAGS=$ac_save_CPPFLAGS
- LDFLAGS=$ac_save_LDFLAGS
- LIBS=$ac_save_LIBS
-
- AC_DEFINE(KRB4)
- fi
+ac_save_CPPFLAGS="$CPPFLAGS"
+ac_save_LDFLAGS="$LDFLAGS"
+ac_save_LIBS="$LIBS"
+
+if test -z "$GSS_CPPFLAGS"; then
+ TMP_GSS_CPPFLAGS=""
+ if test -n "with_gss"; then
+ TMP_GSS_CPPFLAGS="-I$with_gss/include"
+ fi
+ CPPFLAGS="$CPPFLAGS $TMP_GSS_CPPFLAGS"
+ AC_CHECK_HEADERS(gssapi.h,
+ [ GSS_CPPFLAGS="$TMP_GSS_CPPFLAGS" ])
+ if test -z "$GSS_CPPFLAGS"; then
+ AC_CHECK_HEADERS(gssapi/gssapi.h,
+ [ GSS_CPPFLAGS="$TMP_GSS_CPPFLAGS" ])
+ fi
+ CPPFLAGS="$ac_save_CPPFLAGS"
+fi
+
+#if test "x$with_gss"="x"; then
+# tmp_lf_inc=""
+# else
+# tmp_lf_inc="-L"
+#fi
+if test -z "$GSS_LDFLAGS"; then
+ TMP_GSS_LDFLAGS=""
+ if test -n "$with_gss"; then
+# XXX think about lib64, etc
+ TMP_GSS_LDFLAGS="-L $with_gss/lib"
+ fi
+fi
+LIBS="$LIBS $TMP_GSS_LDFLAGS"
+AC_CHECK_LIB(
+ [gssapi_krb5], gss_accept_sec_context,
+ [found_gssapi=yes
+ LIBS="-lgssapi_krb5 $LIBS"],
+ [AC_CHECK_LIB(gssapi, gss_accept_sec_context, [ found_gssapi=yes
+ LIBS="$LIBS -lgssapi"],
+ [LIBS="$ac_save_LIBS"])])
+if test -z "$found_gssapi"; then
+ AC_MSG_ERROR([failed to find a GSS-API library])
fi
-AC_SUBST(KRB4_CPPFLAGS)
-AC_SUBST(KRB4_LDFLAGS)
+# If SPNEGO is supported by the gssapi libraries, we shouln't build our support.
+# SPNEGO is supported as of Heimdal 0.7, and MIT 1.5.
+gssapi_supports_spnego=""
+AC_MSG_CHECKING(whether the GSSAPI libraries support SPNEGO)
-if test "x$with_krb5" = "xno" -a "x$with_krb4" = "xno"; then
- AC_MSG_ERROR([No Kerberos enviroment found])
+ac_save_CFLAGS="$CFLAGS"
+CFLAGS="$GSS_CPPFLAGS"
+
+ac_save_LDFLAGS=$LDFLAGS
+LDFLAGS="$GSS_LDFLAGS"
+# to make sure the testing binary can be launched:
+if test -n "$with_gss"; then
+ LDFLAGS="$LDFLAGS -Wl,-rpath -Wl,$with_gss/lib"
+fi
+ AC_TRY_RUN([
+#include <string.h>
+#include <gssapi.h>
+int main(int argc, char** argv)
+{
+ OM_uint32 major_status, minor_status;
+ gss_OID_set mech_set;
+ gss_OID_desc spnego_oid_desc = {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
+ int SPNEGO = 0;
+
+ major_status = gss_indicate_mechs(&minor_status, &mech_set);
+ if (GSS_ERROR(major_status))
+ return 1;
+ else {
+ unsigned int i;
+ for (i=0; i < mech_set->count && !SPNEGO; i++) {
+ gss_OID tmp_oid = &mech_set->elements[i];
+ if (tmp_oid->length == spnego_oid_desc.length &&
+ !memcmp(tmp_oid->elements, spnego_oid_desc.elements,
+ tmp_oid->length)) {
+ SPNEGO = 1;
+ break;
+ }
+ }
+ gss_release_oid_set(&minor_status, &mech_set);
+ return (!SPNEGO);
+ }
+}],
+ [ if test $? -eq 0; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(GSSAPI_SUPPORTS_SPNEGO,1,[GSS-API implementation has its own SPNEGO])
+ gssapi_supports_spnego=yes
+ else
+ AC_MSG_RESULT(no)
+ fi],
+ [ AC_MSG_RESULT(no)]
+ )
+
+CFLAGS="$ac_save_CFLAGS"
+LDFLAGS="$ac_save_LDFLAGS"
+
+if test -z "$gssapi_supports_spnego"; then
+ SPNEGO_SRCS="\
+ spnegokrb5/asn1_MechType.c \
+ spnegokrb5/asn1_MechTypeList.c \
+ spnegokrb5/asn1_ContextFlags.c \
+ spnegokrb5/asn1_NegTokenInit.c \
+ spnegokrb5/asn1_NegTokenTarg.c \
+ spnegokrb5/der_get.c \
+ spnegokrb5/der_put.c \
+ spnegokrb5/der_free.c \
+ spnegokrb5/der_length.c \
+ spnegokrb5/der_copy.c \
+ spnegokrb5/timegm.c \
+ spnegokrb5/init_sec_context.c \
+ spnegokrb5/accept_sec_context.c \
+ spnegokrb5/encapsulate.c \
+ spnegokrb5/decapsulate.c \
+ spnegokrb5/external.c"
fi
+AC_SUBST(GSS_CPPFLAGS)
+AC_SUBST(GSS_LDFLAGS)
+AC_SUBST(SPNEGO_SRCS)
#
# Apache enviroment
AC_HELP_STRING([--with-apache=dir],[use apache in dir]),
[ with_apache="$withval" ])
-AC_MSG_CHECKING([for Apache installation])
-
-APXS="apxs"
-HTTPD="httpd"
-if test "x$with_apache" != "x"; then
- if test ! -x "$with_apache/bin/httpd" -o ! -x "$with_apache/bin/apxs"; then
- AC_MSG_ERROR([failed to find apache files in $with_apache])
- fi
- APXS="$with_apache/bin/apxs"
- if test ! -x $APXS; then
- APXS="$with_apache/sbin/apxs"
- fi
- HTTPD="$with_apache/bin/httpd"
- if test ! -x $HTTPD; then
- HTTPD"$with_apache/sbin/httpd"
- fi
+AC_PATH_PROG([APXS], [apxs], [], [$with_apache/bin:$with_apache/sbin:$PATH])
+if test -z "$APXS"; then
+ AC_PATH_PROG([APXS], [apxs2], [], [$with_apache/bin:$with_apache/sbin:$PATH])
+ if test -z "$APXS"; then
+ AC_MSG_ERROR([failed to find apache apxs executable])
+ fi
fi
-
-apache_v1_3=`$HTTPD -v | grep "^Server version: Apache/1.3."`
-apache_v2_0=`$HTTPD -v | grep "^Server version: Apache/2.0."`
-if test "x$apache_v1_3" = "x" -a "x$apache_v2_0" = "x"; then
- AC_MSG_ERROR([cannot find valid apache installation on your system])
-fi
-if test -n "$apache_v1_3"; then
- AC_DEFINE(APXS1)
-fi
-AC_MSG_RESULT(yes)
-
AC_SUBST(APXS)
AC_CONFIG_FILES([Makefile])