1 ########################################################
2 # Compile with LDAP support?
6 AC_MSG_CHECKING([for LDAP support])
9 [ --with-ldap LDAP support (default yes)],
12 with_ldap_support=$withval
16 AC_MSG_RESULT($with_ldap_support)
18 if test x"$with_ldap_support" != x"no"; then
20 ##################################################################
21 # first test for ldap.h and lber.h
22 # (ldap.h is required for this test)
23 AC_CHECK_HEADERS(ldap.h lber.h)
25 if test x"$ac_cv_header_ldap_h" != x"yes"; then
26 if test x"$with_ldap_support" = x"yes"; then
27 AC_MSG_ERROR(ldap.h is needed for LDAP support)
29 AC_MSG_WARN(ldap.h is needed for LDAP support)
36 if test x"$with_ldap_support" != x"no"; then
39 ##################################################################
40 # we might need the lber lib on some systems. To avoid link errors
41 # this test must be before the libldap test
42 AC_CHECK_LIB_EXT(lber, LDAP_LIBS, ber_scanf)
44 ########################################################
45 # now see if we can find the ldap libs in standard paths
46 AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init)
48 AC_CHECK_FUNC_EXT(ldap_domain2hostlist,$LDAP_LIBS)
50 ########################################################
51 # If we have LDAP, does it's rebind procedure take 2 or 3 arguments?
52 # Check found in pam_ldap 145.
53 AC_CHECK_FUNC_EXT(ldap_set_rebind_proc,$LDAP_LIBS)
55 LIBS="$LIBS $LDAP_LIBS"
56 AC_CACHE_CHECK(whether ldap_set_rebind_proc takes 3 arguments, smb_ldap_cv_ldap_set_rebind_proc, [
60 [ldap_set_rebind_proc(0, 0, 0);],
61 [smb_ldap_cv_ldap_set_rebind_proc=3],
62 [smb_ldap_cv_ldap_set_rebind_proc=2]
66 AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $smb_ldap_cv_ldap_set_rebind_proc, [Number of arguments to ldap_set_rebind_proc])
68 AC_CHECK_FUNC_EXT(ldap_initialize,$LDAP_LIBS)
70 if test x"$ac_cv_lib_ext_ldap_ldap_init" = x"yes" -a x"$ac_cv_func_ext_ldap_domain2hostlist" = x"yes"; then
71 AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available])
73 AC_MSG_CHECKING(whether LDAP support is used)
75 SMB_EXT_LIB_ENABLE(LDAP,YES)
77 if test x"$with_ldap_support" = x"yes"; then
78 AC_MSG_ERROR(libldap is needed for LDAP support)
80 AC_MSG_WARN(libldap is needed for LDAP support)
89 #################################################
95 with_krb5_support=auto
97 AC_MSG_CHECKING([for KRB5 support])
99 # Do no harm to the values of CFLAGS and LIBS while testing for
102 [ --with-krb5=base-dir Locate Kerberos 5 support (default=auto)],
110 with_krb5_support=yes
115 with_krb5_support=auto
120 with_krb5_support=yes
122 krb5_withval=$withval
125 AC_MSG_RESULT($with_krb5_support)
128 if test x$with_krb5_support != x"no"; then
131 #################################################
132 # check for krb5-config from recent MIT and Heimdal kerberos 5
133 AC_PATH_PROG(KRB5_CONFIG, krb5-config)
134 AC_MSG_CHECKING(for working krb5-config)
135 if test -x "$KRB5_CONFIG"; then
136 ac_save_CFLAGS=$CFLAGS
137 CFLAGS="";export CFLAGS
138 ac_save_LDFLAGS=$LDFLAGS
139 LDFLAGS="";export LDFLAGS
140 KRB5_LIBS="`$KRB5_CONFIG --libs gssapi`"
141 KRB5_CFLAGS="`$KRB5_CONFIG --cflags | sed s/@INCLUDE_des@//`"
142 KRB5_CPPFLAGS="`$KRB5_CONFIG --cflags | sed s/@INCLUDE_des@//`"
143 CFLAGS=$ac_save_CFLAGS;export CFLAGS
144 LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS
148 AC_MSG_RESULT(no. Fallback to previous krb5 detection strategy)
151 if test x$FOUND_KRB5 != x"yes"; then
152 #################################################
153 # check for location of Kerberos 5 install
154 AC_MSG_CHECKING(for kerberos 5 install path)
155 case "$krb5_withval" in
157 AC_MSG_RESULT(no krb5-path given)
164 AC_MSG_RESULT($krb5_withval)
165 KRB5_CFLAGS="-I$krb5_withval/include"
166 KRB5_CPPFLAGS="-I$krb5_withval/include"
167 KRB5_LDFLAGS="-L$krb5_withval/lib"
173 if test x$FOUND_KRB5 != x"yes"; then
174 #################################################
175 # see if this box has the SuSE location for the heimdal krb implementation
176 AC_MSG_CHECKING(for /usr/include/heimdal)
177 if test -d /usr/include/heimdal; then
178 if test -f /usr/lib/heimdal/lib/libkrb5.a; then
179 KRB5_CFLAGS="-I/usr/include/heimdal"
180 KRB5_CPPFLAGS="-I/usr/include/heimdal"
181 KRB5_LDFLAGS="-L/usr/lib/heimdal/lib"
184 KRB5_CFLAGS="-I/usr/include/heimdal"
185 KRB5_CPPFLAGS="-I/usr/include/heimdal"
193 if test x$FOUND_KRB5 != x"yes"; then
194 #################################################
195 # see if this box has the RedHat location for kerberos
196 AC_MSG_CHECKING(for /usr/kerberos)
197 if test -d /usr/kerberos -a -f /usr/kerberos/lib/libkrb5.a; then
198 KRB5_LDFLAGS="-L/usr/kerberos/lib"
199 KRB5_CFLAGS="-I/usr/kerberos/include"
200 KRB5_CPPFLAGS="-I/usr/kerberos/include"
207 ac_save_CFLAGS=$CFLAGS
208 ac_save_CPPFLAGS=$CPPFLAGS
209 ac_save_LDFLAGS=$LDFLAGS
211 #MIT needs this, to let us see 'internal' parts of the headers we use
212 KRB5_CFLAGS="${KRB5_CFLAGS} -DKRB5_PRIVATE -DKRB5_DEPRECATED"
214 CFLAGS="$CFLAGS $KRB5_CFLAGS"
215 CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
216 LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
218 KRB5_LIBS="$KRB5_LDFLAGS $KRB5_LIBS"
220 # now check for krb5.h. Some systems have the libraries without the headers!
221 # note that this check is done here to allow for different kerberos
223 AC_CHECK_HEADERS(krb5.h)
225 if test x"$ac_cv_header_krb5_h" = x"no"; then
226 # Give a warning if KRB5 support was not explicitly requested,
227 # i.e with_krb5_support = auto, otherwise die with an error.
228 if test x"$with_krb5_support" = x"yes"; then
229 AC_MSG_ERROR([KRB5 cannot be supported without krb5.h])
231 AC_MSG_WARN([KRB5 cannot be supported without krb5.h])
233 # Turn off AD support and restore CFLAGS and LIBS variables
234 with_krb5_support="no"
237 CFLAGS=$ac_save_CFLAGS
238 CPPFLAGS=$ac_save_CPPFLAGS
239 LDFLAGS=$ac_save_LDFLAGS
242 # Now we have determined whether we really want KRB5 support
244 if test x"$with_krb5_support" != x"no"; then
245 ac_save_CFLAGS=$CFLAGS
246 ac_save_CPPFLAGS=$CPPFLAGS
247 ac_save_LDFLAGS=$LDFLAGS
250 CFLAGS="$CFLAGS $KRB5_CFLAGS"
251 CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
252 LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
254 # now check for gssapi headers. This is also done here to allow for
255 # different kerberos include paths
256 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h com_err.h)
258 ##################################################################
259 # we might need the k5crypto and com_err libraries on some systems
260 AC_CHECK_LIB_EXT(com_err, KRB5_LIBS, _et_list)
261 AC_CHECK_LIB_EXT(k5crypto, KRB5_LIBS, krb5_encrypt_data)
264 AC_CHECK_LIB_EXT(crypto, KRB5_LIBS, des_set_key)
265 AC_CHECK_LIB_EXT(asn1, KRB5_LIBS, copy_Authenticator)
266 AC_CHECK_LIB_EXT(roken, KRB5_LIBS, roken_getaddrinfo_hostspec)
268 # Heimdal checks. On static Heimdal gssapi must be linked before krb5.
269 AC_CHECK_LIB_EXT(gssapi, KRB5_LIBS, gss_display_status,[],[],
270 AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
272 ########################################################
273 # now see if we can find the krb5 libs in standard paths
274 # or as specified above
275 AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_mk_req_extended)
276 AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_kt_compare)
278 ########################################################
279 # now see if we can find the gssapi libs in standard paths
280 AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[],
281 AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
283 AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS)
284 AC_CHECK_FUNC_EXT(krb5_set_default_in_tkt_etypes, $KRB5_LIBS)
285 AC_CHECK_FUNC_EXT(krb5_set_default_tgs_ktypes, $KRB5_LIBS)
286 AC_CHECK_FUNC_EXT(krb5_principal2salt, $KRB5_LIBS)
287 AC_CHECK_FUNC_EXT(krb5_use_enctype, $KRB5_LIBS)
288 AC_CHECK_FUNC_EXT(krb5_string_to_key, $KRB5_LIBS)
289 AC_CHECK_FUNC_EXT(krb5_get_pw_salt, $KRB5_LIBS)
290 AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS)
291 AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS)
292 AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS)
293 AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS)
294 AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS)
295 AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS)
296 AC_CHECK_FUNC_EXT(krb5_free_ktypes, $KRB5_LIBS)
297 AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
298 AC_CHECK_FUNC_EXT(krb5_principal_get_comp_string, $KRB5_LIBS)
299 AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS)
300 AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS)
301 AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS)
302 AC_CHECK_FUNC_EXT(krb5_verify_checksum, $KRB5_LIBS)
303 AC_CHECK_FUNC_EXT(krb5_c_verify_checksum, $KRB5_LIBS)
304 AC_CHECK_FUNC_EXT(krb5_ticket_get_authorization_data_type, $KRB5_LIBS)
305 AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS)
307 LIBS="$LIBS $KRB5_LIBS"
309 AC_CACHE_CHECK([for addrtype in krb5_address],
310 samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[
311 AC_TRY_COMPILE([#include <krb5.h>],
312 [krb5_address kaddr; kaddr.addrtype = ADDRTYPE_INET;],
313 samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=yes,
314 samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=no)])
315 if test x"$samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS" = x"yes"; then
316 AC_DEFINE(HAVE_ADDRTYPE_IN_KRB5_ADDRESS,1,
317 [Whether the krb5_address struct has a addrtype property])
320 AC_CACHE_CHECK([for addr_type in krb5_address],
321 samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,[
322 AC_TRY_COMPILE([#include <krb5.h>],
323 [krb5_address kaddr; kaddr.addr_type = KRB5_ADDRESS_INET;],
324 samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=yes,
325 samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=no)])
326 if test x"$samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS" = x"yes"; then
327 AC_DEFINE(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,1,
328 [Whether the krb5_address struct has a addr_type property])
331 AC_CACHE_CHECK([for enc_part2 in krb5_ticket],
332 samba_cv_HAVE_KRB5_TKT_ENC_PART2,[
333 AC_TRY_COMPILE([#include <krb5.h>],
334 [krb5_ticket tkt; tkt.enc_part2->authorization_data[0]->contents = NULL;],
335 samba_cv_HAVE_KRB5_TKT_ENC_PART2=yes,
336 samba_cv_HAVE_KRB5_TKT_ENC_PART2=no)])
337 if test x"$samba_cv_HAVE_KRB5_TKT_ENC_PART2" = x"yes"; then
338 AC_DEFINE(HAVE_KRB5_TKT_ENC_PART2,1,
339 [Whether the krb5_ticket struct has a enc_part2 property])
342 AC_CACHE_CHECK([for keyvalue in krb5_keyblock],
343 samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE,[
344 AC_TRY_COMPILE([#include <krb5.h>],
345 [krb5_keyblock key; key.keyvalue.data = NULL;],
346 samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=yes,
347 samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=no)])
348 if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE" = x"yes"; then
349 AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1,
350 [Whether the krb5_keyblock struct has a keyvalue property])
353 AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5],
354 samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[
355 AC_TRY_COMPILE([#include <krb5.h>],
356 [krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC_MD5;],
357 samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=yes,
358 samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=no)])
359 AC_CACHE_CHECK([for KEYTYPE_ARCFOUR_56],
360 samba_cv_HAVE_KEYTYPE_ARCFOUR_56,[
361 AC_TRY_COMPILE([#include <krb5.h>],
362 [krb5_keytype keytype; keytype = KEYTYPE_ARCFOUR_56;],
363 samba_cv_HAVE_KEYTYPE_ARCFOUR_56=yes,
364 samba_cv_HAVE_KEYTYPE_ARCFOUR_56=no)])
365 # Heimdals with KEYTYPE_ARCFOUR but not KEYTYPE_ARCFOUR_56 are broken
366 # w.r.t. arcfour and windows, so we must not enable it here
367 if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5" = x"yes" -a\
368 x"$samba_cv_HAVE_KEYTYPE_ARCFOUR_56" = x"yes"; then
369 AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1,
370 [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available])
373 AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY],
374 samba_cv_HAVE_AP_OPTS_USE_SUBKEY,[
375 AC_TRY_COMPILE([#include <krb5.h>],
376 [krb5_flags ap_options; ap_options = AP_OPTS_USE_SUBKEY;],
377 samba_cv_HAVE_AP_OPTS_USE_SUBKEY=yes,
378 samba_cv_HAVE_AP_OPTS_USE_SUBKEY=no)])
379 if test x"$samba_cv_HAVE_AP_OPTS_USE_SUBKEY" = x"yes"; then
380 AC_DEFINE(HAVE_AP_OPTS_USE_SUBKEY,1,
381 [Whether the AP_OPTS_USE_SUBKEY ap option is available])
384 AC_CACHE_CHECK([for KV5M_KEYTAB],
385 samba_cv_HAVE_KV5M_KEYTAB,[
386 AC_TRY_COMPILE([#include <krb5.h>],
387 [krb5_keytab_entry entry; entry.magic = KV5M_KEYTAB;],
388 samba_cv_HAVE_KV5M_KEYTAB=yes,
389 samba_cv_HAVE_KV5M_KEYTAB=no)])
390 if test x"$samba_cv_HAVE_KV5M_KEYTAB" = x"yes"; then
391 AC_DEFINE(HAVE_KV5M_KEYTAB,1,
392 [Whether the KV5M_KEYTAB option is available])
395 AC_CACHE_CHECK([for the krb5_princ_component macro],
396 samba_cv_HAVE_KRB5_PRINC_COMPONENT,[
397 AC_TRY_LINK([#include <krb5.h>],
398 [const krb5_data *pkdata; krb5_context context; krb5_principal principal;
399 pkdata = krb5_princ_component(context, principal, 0);],
400 samba_cv_HAVE_KRB5_PRINC_COMPONENT=yes,
401 samba_cv_HAVE_KRB5_PRINC_COMPONENT=no)])
402 if test x"$samba_cv_HAVE_KRB5_PRINC_COMPONENT" = x"yes"; then
403 AC_DEFINE(HAVE_KRB5_PRINC_COMPONENT,1,
404 [Whether krb5_princ_component is available])
407 AC_CACHE_CHECK([for key in krb5_keytab_entry],
408 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY,[
409 AC_TRY_COMPILE([#include <krb5.h>],
410 [krb5_keytab_entry entry; krb5_keyblock e; entry.key = e;],
411 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=yes,
412 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=no)])
413 if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY" = x"yes"; then
414 AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEY,1,
415 [Whether krb5_keytab_entry has key member])
418 AC_CACHE_CHECK([for keyblock in krb5_keytab_entry],
419 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,[
420 AC_TRY_COMPILE([#include <krb5.h>],
421 [krb5_keytab_entry entry; entry.keyblock.keytype = 0;],
422 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=yes,
423 samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=no)])
424 if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK" = x"yes"; then
425 AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,1,
426 [Whether krb5_keytab_entry has keyblock member])
429 AC_CACHE_CHECK([for WRFILE: keytab support],
430 samba_cv_HAVE_WRFILE_KEYTAB,[
435 krb5_context context;
437 krb5_init_context(&context);
438 if (krb5_kt_resolve(context, "WRFILE:api", &keytab))
442 samba_cv_HAVE_WRFILE_KEYTAB=no,
443 samba_cv_HAVE_WRFILE_KEYTAB=yes)])
444 if test x"$samba_cv_HAVE_WRFILE_KEYTAB" = x"yes"; then
445 AC_DEFINE(HAVE_WRFILE_KEYTAB,1,
446 [Whether the WRFILE:-keytab is supported])
449 AC_CACHE_CHECK([for krb5_princ_realm returns krb5_realm or krb5_data],
450 samba_cv_KRB5_PRINC_REALM_RETURNS_REALM,[
451 AC_TRY_COMPILE([#include <krb5.h>],
452 [krb5_context context;krb5_principal principal;krb5_realm realm;
453 realm = *krb5_princ_realm(context, principal);],
454 samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=yes,
455 samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=no)])
456 if test x"$samba_cv_KRB5_PRINC_REALM_RETURNS_REALM" = x"yes"; then
457 AC_DEFINE(KRB5_PRINC_REALM_RETURNS_REALM,1,
458 [Whether krb5_princ_realm returns krb5_realm or krb5_data])
461 if test x"$ac_cv_lib_ext_krb5_krb5_mk_req_extended" = x"yes"; then
462 AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support])
463 AC_MSG_CHECKING(whether KRB5 support is used)
464 SMB_EXT_LIB_ENABLE(KRB5,YES)
467 if test x"$with_krb5_support" = x"yes"; then
468 AC_MSG_ERROR(a working krb5 library is needed for KRB5 support)
470 AC_MSG_WARN(a working krb5 library is needed for KRB5 support)
479 CFLAGS=$ac_save_CFLAGS
480 CPPFLAGS=$ac_save_CPPFLAGS
481 LDFLAGS=$ac_save_LDFLAGS
484 # as a nasty hack add the krb5 stuff to the global vars,
485 # at some point this should not be needed anymore when the build system
486 # can handle that alone
487 CFLAGS="$CFLAGS $KRB5_CFLAGS"
488 CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
489 LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
492 SMB_EXT_LIB(LDAP,[${LDAP_LIBS}],[${LDAP_CFLAGS}],[${LDAP_CPPFLAGS}],[${LDAP_LDFLAGS}])
493 SMB_EXT_LIB(KRB5,[${KRB5_LIBS}],[${KRB5_CFLAGS}],[${KRB5_CPPFLAGS}],[${KRB5_LDFLAGS}])
git.samba.org / samba.git / blob