-dnl ####################
-dnl ## Initialization ##
-dnl ####################
-AC_INIT(README)
+AC_REVISION($Revision$)
+AC_PREREQ(2.57)
+AC_INIT(mod_auth_gssapi, 0.1, modauthkerb-developers@lists.sourceforge.net)
+AC_CONFIG_SRCDIR([mod_auth_gssapi.c])
+AC_CONFIG_HEADER([config.h])
-
-dnl ####################
-dnl ## Config Options ##
-dnl ####################
-AC_ARG_WITH(api,
-[ --with-api=API api to use (apache1, apache2)],
-[
- case $withval in
- 'apache1')
- ac_api=apache1
- ;;
- 'apache2')
- ac_api=apache2
- ;;
- *)
- AC_ERROR(You can only specify apache1 or apache2.)
- ;;
- esac
-]
-)
-
-AC_ARG_WITH(apxs,
-[ --with-apxs=PATH path to apxs],
-[
- if test -e $withval ; then
- APXS="$withval"
- else
- AC_ERROR(Specified apxs path does not exist.)
- fi
-]
-)
-
-AC_ARG_WITH(static,
-[ --with-static module is to be statically linked],
-[
- ac_static="yes"
-]
-)
-
-AC_ARG_WITH(krb5,
-[ --with-krb5=DIR path to Kerberos 5 install],
-[
- if test -d $withval ; then
- CFLAGS="$CFLAGS -I$withval/include -I$withval/include/kerberosIV"
- CPPFLAGS="$CPPFLAGS -I$withval/include -I$withval/include/kerberosIV"
- LDFLAGS="$LDFLAGS -L$withval/lib"
-
- case "$host" in
- *-solaris*)
- LDFLAGS="$LDFLAGS -R$withval/lib"
- ;;
- esac
- else
- AC_ERROR(Specified Kerberos 5 directory doesn't exist.)
- fi
-]
-)
-
-AC_ARG_WITH(krb5-include,
-[ --with-krb5-include=DIR include path to Kerberos 5 install],
-[
- if test -d $withval ; then
- CFLAGS="$CFLAGS -I$withval -I$withval/include/kerberosIV"
- CPPFLAGS="$CPPFLAGS -I$withval -I$withval/include/kerberosIV"
- else
- AC_ERROR(Specified Kerberos 5 directory doesn't exist.)
- fi
-]
-)
-
-AC_ARG_WITH(krb5-lib,
-[ --with-krb5-lib=DIR lib path to Kerberos 5 install],
-[
- if test -d $withval ; then
- LDFLAGS="$LDFLAGS -L$withval"
-
- case "$host" in
- *-solaris*)
- LDFLAGS="$LDFLAGS -R$withval"
- ;;
- esac
- else
- AC_ERROR(Specified Kerberos 5 directory doesn't exist.)
- fi
-]
-)
-
-AC_ARG_ENABLE(krb5,
-[ --disable-krb5 force disabling of krb5 support],
-[
- if test "$enable_krb5" = "no" ; then
- ac_krb5_disable="yes"
- fi
-],
-)
-
-AC_ARG_WITH(krb4,
-[ --with-krb4=DIR path to Kerberos 4 install],
-[
- if test -d $withval ; then
- CFLAGS="$CFLAGS -I$withval/include"
- CPPFLAGS="$CPPFLAGS -I$withval/include"
- LDFLAGS="$LDFLAGS -L$withval/lib"
-
- case "$host" in
- *-solaris*)
- LDFLAGS="$LDFLAGS -R$withval/lib"
- ;;
- esac
- else
- AC_ERROR(Specified Kerberos 4 directory doesn't exist.)
- fi
-]
-)
-
-AC_ARG_WITH(krb4-include,
-[ --with-krb4-include=DIR include path to Kerberos 4 install],
-[
- if test -d $withval ; then
- CFLAGS="$CFLAGS -I$withval"
- CPPFLAGS="$CPPFLAGS -I$withval"
- else
- AC_ERROR(Specified Kerberos 4 directory doesn't exist.)
- fi
-]
-)
-
-AC_ARG_WITH(krb4-lib,
-[ --with-krb4-lib=DIR lib path to Kerberos 4 install],
-[
- if test -d $withval ; then
- LDFLAGS="$LDFLAGS -L$withval"
-
- case "$host" in
- *-solaris*)
- LDFLAGS="$LDFLAGS -R$withval"
- ;;
- esac
- else
- AC_ERROR(Specified Kerberos 4 directory doesn't exist.)
- fi
-]
-)
-
-AC_ARG_ENABLE(krb4,
-[ --disable-krb4 force disabling of krb4 support],
-[
- if test "$enable_krb4" = "no" ; then
- ac_krb4_disable="yes"
- fi
-],
-)
-
-
-dnl ####################
-dnl ## Program Checks ##
-dnl ####################
+# Checks for programs.
AC_PROG_CC
-if test -z "$ac_static" ; then
- AC_PATH_PROG(APXS, apxs)
- if test -z "$APXS" ; then
- echo "No apxs found. Defaulting to static module generation."
- ac_static="yes"
- fi
-fi
-
-
-dnl ###############
-dnl ## Libraries ##
-dnl ###############
-if test -z "$ac_krb5_disable" ; then
- AC_CHECK_LIB(krb5, krb5_get_in_tkt_with_password, [
- ac_krb5="yes"
- ac_krbdefs="-DKRB5"
- ac_krblibs="-lkrb5"
- AC_CHECK_LIB(k5crypto, krb5_string_to_key, [
- ac_krblibs="$ac_krblibs -lk5crypto"
- ], [
- AC_CHECK_LIB(crypto, krb5_string_to_key, [
- ac_krblibs="$ac_krblibs -lcrypto"
- ], [
- ac_krblibs=""
- ], "-lcom_err")
- ], "-lcom_err")
- ac_krblibs="$ac_krblibs -lcom_err"
-
- if test -z "$ac_krb4_disable" ; then
- if test -n "$ac_krblibs" ; then
- AC_CHECK_LIB(krb4, krb_get_pw_in_tkt, [
- ac_krb4="yes"
- ac_krbdefs="-DKRB4"
- ac_krblibs="-lkrb4 $ac_krblibs"
- ],, $ac_krblibs)
- fi
- fi
- ],, "-lcom_err")
-fi
-
-if test -z "$ac_krb4_disable" -a -z "$ac_krb4" ; then
- AC_CHECK_LIB(krb, krb_get_pw_in_tkt, [
- ac_krb4="yes"
- ac_krbdefs="-DKRB4"
- ac_krblibs="$ac_krblibs -lkrb -lcom_err"
- ],, "-lcom_err")
+AC_PROG_MAKE_SET
+
+# Checks for header files.
+AC_HEADER_STDC
+AC_CHECK_HEADERS([limits.h netdb.h stddef.h stdlib.h string.h unistd.h])
+
+# Checks for typedefs, structures, and compiler characteristics.
+#AC_C_CONST
+AC_TYPE_SIZE_T
+AC_STRUCT_TM
+
+#
+# GSS-API enviroment
+#
+SPNEGO_SRCS=""
+
+AC_ARG_WITH(gss,
+ AC_HELP_STRING([--with-gss=dir],[use gss in dir]),
+ [ with_gss="$withval" ])
+if test "x$with_gss" = "xyes" ; then
+ with_gss=""
fi
-if test -z "$ac_krb4" -a -z "$ac_krb5" ; then
- AC_ERROR(Neither Kerberos 5 nor 4 support available.)
+ac_save_CPPFLAGS="$CPPFLAGS"
+ac_save_LDFLAGS="$LDFLAGS"
+ac_save_LIBS="$LIBS"
+
+if test -z "$GSS_CPPFLAGS"; then
+ TMP_GSS_CPPFLAGS=""
+ if test -n "with_gss"; then
+ TMP_GSS_CPPFLAGS="-I$with_gss/include"
+ fi
+ CPPFLAGS="$CPPFLAGS $TMP_GSS_CPPFLAGS"
+ AC_CHECK_HEADERS(gssapi.h,
+ [ GSS_CPPFLAGS="$TMP_GSS_CPPFLAGS" ])
+ if test -z "$GSS_CPPFLAGS"; then
+ AC_CHECK_HEADERS(gssapi/gssapi.h,
+ [ GSS_CPPFLAGS="$TMP_GSS_CPPFLAGS" ])
+ fi
+ CPPFLAGS="$ac_save_CPPFLAGS"
fi
-
-dnl #############
-dnl ## Headers ##
-dnl #############
-if test -n "$ac_krb5" ; then
- AC_CHECK_HEADERS(krb5.h, [
- ac_foundkrb5="yes"
- break
- ])
-
- if test -z "$ac_foundkrb5" ; then
- AC_MSG_RESULT(krb5.h not found... removing krb5 support.)
- ac_krb5=""
- fi
-fi
-
-if test -n "$ac_krb4" ; then
- AC_CHECK_HEADERS(kerberosIV/krb.h krb.h, [
- ac_foundkrb4="yes"
- break
- ])
-
- if test -z "$ac_foundkrb4" ; then
- AC_MSG_RESULT(krb.h not found... removing krb4 support.)
- ac_krb4=""
- fi
+#if test "x$with_gss"="x"; then
+# tmp_lf_inc=""
+# else
+# tmp_lf_inc="-L"
+#fi
+if test -z "$GSS_LDFLAGS"; then
+ TMP_GSS_LDFLAGS=""
+ if test -n "$with_gss"; then
+# XXX think about lib64, etc
+ TMP_GSS_LDFLAGS="-L $with_gss/lib"
+ fi
fi
-
-if test -z "$ac_krb4" -a -z "$ac_krb5" ; then
- AC_ERROR(Neither Kerberos 5 nor 4 support available.)
-fi
-
-
-dnl ##############
-dnl ## Typedefs ##
-dnl ##############
-
-
-dnl ################
-dnl ## Structures ##
-dnl ################
-
-
-dnl ##############################
-dnl ## Compiler Characteristics ##
-dnl ##############################
-if test -z "$ac_api" ; then
- if test -n "`$APXS -q bindir 2> /dev/null`" ; then
- echo "API autodetected to be Apache 2.*"
- ac_api=apache2
- else
- echo "API autodetected to be Apache 1.*"
- ac_api=apache1
- fi
+LIBS="$LIBS $TMP_GSS_LDFLAGS"
+AC_CHECK_LIB(
+ [gssapi_krb5], gss_accept_sec_context,
+ [found_gssapi=yes
+ LIBS="-lgssapi_krb5 $LIBS"],
+ [AC_CHECK_LIB(gssapi, gss_accept_sec_context, [ found_gssapi=yes
+ LIBS="$LIBS -lgssapi"],
+ [LIBS="$ac_save_LIBS"])])
+if test -z "$found_gssapi"; then
+ AC_MSG_ERROR([failed to find a GSS-API library])
fi
+# If SPNEGO is supported by the gssapi libraries, we shouln't build our support.
+# SPNEGO is supported as of Heimdal 0.7, and MIT 1.5.
+gssapi_supports_spnego=""
+AC_MSG_CHECKING(whether the GSSAPI libraries support SPNEGO)
-dnl #######################
-dnl ## Library Functions ##
-dnl #######################
-
-
-dnl #####################
-dnl ## System Services ##
-dnl #####################
-
-
-dnl ##########################
-dnl ## Last Minute Settings ##
-dnl ##########################
-LIBS="$LIBS $ac_krblibs"
-DEFS="$DEFS $ac_krbdefs"
-GENHEADERS=""
-GENSOURCES=""
-case $ac_api in
- 'apache1')
- GENHEADERS="$GENHEADERS apache1/api_inc.h"
- GENHEADERS="$GENHEADERS apache1/auth_config.h"
- GENSOURCES="$GENSOURCES apache1/auth_user.c"
- GENSOURCES="$GENSOURCES apache1/auth_cmds.c"
- GENSOURCES="$GENSOURCES apache1/dir_config.c"
- GENSOURCES="$GENSOURCES apache1/module.c"
- ;;
- 'apache2')
- GENHEADERS="$GENHEADERS apache2/api_inc.h"
- GENHEADERS="$GENHEADERS apache2/auth_config.h"
- GENSOURCES="$GENSOURCES apache2/auth_user.c"
- GENSOURCES="$GENSOURCES apache2/auth_cmds.c"
- GENSOURCES="$GENSOURCES apache2/dir_config.c"
- GENSOURCES="$GENSOURCES apache2/hooks.c"
- GENSOURCES="$GENSOURCES apache2/module.c"
- ;;
-esac
+ac_save_CFLAGS="$CFLAGS"
+CFLAGS="$GSS_CPPFLAGS"
-if test "$ac_krb5" = "yes" ; then
- GENHEADERS="$GENHEADERS krb5/krb5_inc.h"
- GENSOURCES="krb5/validate.c $GENSOURCES"
+ac_save_LDFLAGS=$LDFLAGS
+LDFLAGS="$GSS_LDFLAGS"
+# to make sure the testing binary can be launched:
+if test -n "$with_gss"; then
+ LDFLAGS="$LDFLAGS -Wl,-rpath -Wl,$with_gss/lib"
fi
-
-if test "$ac_krb4" = "yes" ; then
- GENHEADERS="$GENHEADERS krb4/krb4_inc.h"
- GENSOURCES="krb4/validate.c $GENSOURCES"
+ AC_TRY_RUN([
+#include <string.h>
+#include <gssapi.h>
+int main(int argc, char** argv)
+{
+ OM_uint32 major_status, minor_status;
+ gss_OID_set mech_set;
+ gss_OID_desc spnego_oid_desc = {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
+ int SPNEGO = 0;
+
+ major_status = gss_indicate_mechs(&minor_status, &mech_set);
+ if (GSS_ERROR(major_status))
+ return 1;
+ else {
+ unsigned int i;
+ for (i=0; i < mech_set->count && !SPNEGO; i++) {
+ gss_OID tmp_oid = &mech_set->elements[i];
+ if (tmp_oid->length == spnego_oid_desc.length &&
+ !memcmp(tmp_oid->elements, spnego_oid_desc.elements,
+ tmp_oid->length)) {
+ SPNEGO = 1;
+ break;
+ }
+ }
+ gss_release_oid_set(&minor_status, &mech_set);
+ return (!SPNEGO);
+ }
+}],
+ [ if test $? -eq 0; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(GSSAPI_SUPPORTS_SPNEGO,1,[GSS-API implementation has its own SPNEGO])
+ gssapi_supports_spnego=yes
+ else
+ AC_MSG_RESULT(no)
+ fi],
+ [ AC_MSG_RESULT(no)]
+ )
+
+CFLAGS="$ac_save_CFLAGS"
+LDFLAGS="$ac_save_LDFLAGS"
+
+if test -z "$gssapi_supports_spnego"; then
+ SPNEGO_SRCS="\
+ spnegokrb5/asn1_MechType.c \
+ spnegokrb5/asn1_MechTypeList.c \
+ spnegokrb5/asn1_ContextFlags.c \
+ spnegokrb5/asn1_NegTokenInit.c \
+ spnegokrb5/asn1_NegTokenTarg.c \
+ spnegokrb5/der_get.c \
+ spnegokrb5/der_put.c \
+ spnegokrb5/der_free.c \
+ spnegokrb5/der_length.c \
+ spnegokrb5/der_copy.c \
+ spnegokrb5/timegm.c \
+ spnegokrb5/init_sec_context.c \
+ spnegokrb5/accept_sec_context.c \
+ spnegokrb5/encapsulate.c \
+ spnegokrb5/decapsulate.c \
+ spnegokrb5/external.c"
fi
-
-
-dnl #########################
-dnl ## Create Output Files ##
-dnl #########################
-echo "Generating mod_auth_kerb.c ..."
-echo "/* Automatically generated by configure. */" > mod_auth_kerb.c
-if test "$ac_krb5" = "yes" ; then
- echo "#define KRB5 1" >> mod_auth_kerb.c
+AC_SUBST(GSS_CPPFLAGS)
+AC_SUBST(GSS_LDFLAGS)
+AC_SUBST(SPNEGO_SRCS)
+
+#
+# Apache enviroment
+#
+AC_ARG_WITH(apache,
+ AC_HELP_STRING([--with-apache=dir],[use apache in dir]),
+ [ with_apache="$withval" ])
+
+AC_PATH_PROG([APXS], [apxs], [], [$with_apache/bin:$with_apache/sbin:$PATH])
+if test -z "$APXS"; then
+ AC_PATH_PROG([APXS], [apxs2], [], [$with_apache/bin:$with_apache/sbin:$PATH])
+ if test -z "$APXS"; then
+ AC_MSG_ERROR([failed to find apache apxs executable])
+ fi
fi
-if test "$ac_krb4" = "yes" ; then
- echo "#define KRB4 1" >> mod_auth_kerb.c
-fi
-for f in $GENHEADERS $GENSOURCES ; do
- echo " Adding $f"
- echo "" >> mod_auth_kerb.c
- cat $f >> mod_auth_kerb.c
-done
+AC_SUBST(APXS)
-if test "$ac_static" = "yes" ; then
- echo ""
- echo ""
- echo "This module is to be built statically into Apache. You will need"
- echo "to place it into the appropriate location in the source tree and"
- echo "compile Apache accordingly. You can look at the online docs at"
- echo "http://modauthkerb.sourceforge.net/ or README.static for more"
- echo "information."
- echo ""
- echo ""
-else
- AC_OUTPUT(Makefile)
-fi
+AC_CONFIG_FILES([Makefile])
-exit 0
+AC_OUTPUT