mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-15 02:20:04 -04:00
4404. [misc] Allow krb5-config to be used when configuring gssapi.
[RT #42580]
(cherry picked from commit c8fb7e488a)
This commit is contained in:
Mark Andrews
parent
d12dc09a2d
commit
7eb4402ad8
3 changed files with 200 additions and 2 deletions
3
CHANGES
3
CHANGES
|
|
@ -1,3 +1,6 @@
|
|||
4404. [misc] Allow krb5-config to be used when configuring gssapi.
|
||||
[RT #42580]
|
||||
|
||||
4403. [bug] Rename variables and arguments that shadow: basename,
|
||||
clone and gai_error.
|
||||
|
||||
|
|
|
|||
142
configure
vendored
142
configure
vendored
|
|
@ -857,6 +857,7 @@ ISC_PLATFORM_KRB5HEADER
|
|||
ISC_PLATFORM_GSSAPI_KRB5_HEADER
|
||||
ISC_PLATFORM_GSSAPIHEADER
|
||||
ISC_PLATFORM_HAVEGSSAPI
|
||||
KRB5_CONFIG
|
||||
GEOIPLINKOBJS
|
||||
GEOIPLINKSRCS
|
||||
LWRES_PLATFORM_NEEDSYSSELECTH
|
||||
|
|
@ -1724,7 +1725,7 @@ Optional Packages:
|
|||
(or the compiler's sysroot if not specified).
|
||||
--with-python=PATH specify path to python interpreter
|
||||
--with-geoip=PATH Build with GeoIP support (yes|no|path)
|
||||
--with-gssapi=PATH Specify path for system-supplied GSSAPI [default=yes]
|
||||
--with-gssapi=[PATH|[/path/]krb5-config] Specify path for system-supplied GSSAPI [default=yes]
|
||||
--with-randomdev=PATH Specify path for random device
|
||||
--with-locktype=ARG Specify mutex lock type (adaptive or standard)
|
||||
--with-libtool use GNU libtool
|
||||
|
|
@ -14025,6 +14026,140 @@ else
|
|||
fi
|
||||
|
||||
|
||||
# first try using krb5-config, if that does not work then fall back to "yes" method.
|
||||
|
||||
case "$use_gssapi" in
|
||||
*/krb5-config|krb5-config)
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: trying $use_gssapi" >&5
|
||||
$as_echo "trying $use_gssapi" >&6; }
|
||||
if test "$use_gssapi" = krb5-config
|
||||
then
|
||||
# Extract the first word of "$use_gssapi", so it can be a program name with args.
|
||||
set dummy $use_gssapi; ac_word=$2
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
|
||||
$as_echo_n "checking for $ac_word... " >&6; }
|
||||
if ${ac_cv_path_KRB5_CONFIG+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
else
|
||||
case $KRB5_CONFIG in
|
||||
[\\/]* | ?:[\\/]*)
|
||||
ac_cv_path_KRB5_CONFIG="$KRB5_CONFIG" # Let the user override the test with a path.
|
||||
;;
|
||||
*)
|
||||
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
|
||||
for as_dir in $PATH
|
||||
do
|
||||
IFS=$as_save_IFS
|
||||
test -z "$as_dir" && as_dir=.
|
||||
for ac_exec_ext in '' $ac_executable_extensions; do
|
||||
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
|
||||
ac_cv_path_KRB5_CONFIG="$as_dir/$ac_word$ac_exec_ext"
|
||||
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
|
||||
break 2
|
||||
fi
|
||||
done
|
||||
done
|
||||
IFS=$as_save_IFS
|
||||
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
KRB5_CONFIG=$ac_cv_path_KRB5_CONFIG
|
||||
if test -n "$KRB5_CONFIG"; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5_CONFIG" >&5
|
||||
$as_echo "$KRB5_CONFIG" >&6; }
|
||||
else
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
||||
$as_echo "no" >&6; }
|
||||
fi
|
||||
|
||||
|
||||
else
|
||||
KRB5_CONFIG="$use_gssapi"
|
||||
fi
|
||||
gssapi_cflags=`$KRB5_CONFIG --cflags gssapi`
|
||||
gssapi_libs=`$KRB5_CONFIG --libs gssapi`
|
||||
saved_cppflags="$CPPFLAGS"
|
||||
CPPFLAGS="$gssapi_cflags $CPPFLAGS"
|
||||
for ac_header in gssapi.h gssapi/gssapi.h
|
||||
do :
|
||||
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
|
||||
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
|
||||
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
|
||||
_ACEOF
|
||||
ISC_PLATFORM_GSSAPIHEADER="#define ISC_PLATFORM_GSSAPIHEADER <$ac_header>"
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
if test "$ISC_PLATFORM_GSSAPIHEADER" = ""; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: krb5-config: gssapi.h not found" >&5
|
||||
$as_echo "krb5-config: gssapi.h not found" >&6; }
|
||||
CPPFLAGS="$saved_cppflags"
|
||||
use_gssapi="yes"
|
||||
else
|
||||
for ac_header in krb5/krb5.h krb5.h
|
||||
do :
|
||||
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
|
||||
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
|
||||
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
|
||||
_ACEOF
|
||||
ISC_PLATFORM_KRB5HEADER="#define ISC_PLATFORM_KRB5HEADER <$ac_header>"
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
if test "$ISC_PLATFORM_KRB5HEADER" = ""; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: krb5-config: krb5.h not found" >&5
|
||||
$as_echo "krb5-config: krb5.h not found" >&6; }
|
||||
CPPFLAGS="$saved_cppflags"
|
||||
use_gssapi="yes"
|
||||
else
|
||||
CPPFLAGS="$saved_cppflags"
|
||||
saved_libs="$LIBS"
|
||||
LIBS=$gssapi_libs
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config linking as $LIBS" >&5
|
||||
$as_echo_n "checking krb5-config linking as $LIBS... " >&6; }
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
int
|
||||
main ()
|
||||
{
|
||||
gss_acquire_cred();krb5_init_context()
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
gssapi_linked=yes
|
||||
else
|
||||
gssapi_linked=no
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
case $gssapi_linked in
|
||||
yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: krb5-config: linked" >&5
|
||||
$as_echo "krb5-config: linked" >&6; };;
|
||||
no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: krb5-config: could not determine proper GSSAPI linkage" >&5
|
||||
$as_echo "krb5-config: could not determine proper GSSAPI linkage" >&6; }
|
||||
use_gssapi="yes"
|
||||
;;
|
||||
esac
|
||||
LIBS=$saved_libs
|
||||
fi
|
||||
fi
|
||||
if test "$use_gssapi" = "yes"; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GSSAPI library, non krb5-config method" >&5
|
||||
$as_echo_n "checking for GSSAPI library, non krb5-config method... " >&6; }
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
# gssapi is just the framework, we really require kerberos v5, so
|
||||
# look for those headers (the gssapi headers must be there, too)
|
||||
# The problem with this implementation is that it doesn't allow
|
||||
|
|
@ -14069,6 +14204,11 @@ $as_echo "disabled" >&6; }
|
|||
yes)
|
||||
as_fn_error $? "--with-gssapi must specify a path" "$LINENO" 5
|
||||
;;
|
||||
*/krb5-config|krb5-config)
|
||||
USE_GSSAPI='-DGSSAPI'
|
||||
DST_GSSAPI_INC="$gssapi_cflags"
|
||||
DNS_GSSAPI_LIBS="$gssapi_libs"
|
||||
;;
|
||||
*)
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: looking in $use_gssapi/lib" >&5
|
||||
$as_echo "looking in $use_gssapi/lib" >&6; }
|
||||
|
|
|
|||
57
configure.in
57
configure.in
|
|
@ -821,9 +821,59 @@ AC_SUBST(GEOIPLINKOBJS)
|
|||
|
||||
AC_MSG_CHECKING(for GSSAPI library)
|
||||
AC_ARG_WITH(gssapi,
|
||||
[ --with-gssapi=PATH Specify path for system-supplied GSSAPI [[default=yes]]],
|
||||
[ --with-gssapi=[[PATH|[/path/]krb5-config]] Specify path for system-supplied GSSAPI [[default=yes]]],
|
||||
use_gssapi="$withval", use_gssapi="yes")
|
||||
|
||||
# first try using krb5-config, if that does not work then fall back to "yes" method.
|
||||
|
||||
case "$use_gssapi" in
|
||||
*/krb5-config|krb5-config)
|
||||
AC_MSG_RESULT(trying $use_gssapi)
|
||||
if test "$use_gssapi" = krb5-config
|
||||
then
|
||||
AC_PATH_PROG(KRB5_CONFIG, $use_gssapi)
|
||||
else
|
||||
KRB5_CONFIG="$use_gssapi"
|
||||
fi
|
||||
gssapi_cflags=`$KRB5_CONFIG --cflags gssapi`
|
||||
gssapi_libs=`$KRB5_CONFIG --libs gssapi`
|
||||
saved_cppflags="$CPPFLAGS"
|
||||
CPPFLAGS="$gssapi_cflags $CPPFLAGS"
|
||||
AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h,
|
||||
[ISC_PLATFORM_GSSAPIHEADER="#define ISC_PLATFORM_GSSAPIHEADER <$ac_header>"])
|
||||
if test "$ISC_PLATFORM_GSSAPIHEADER" = ""; then
|
||||
AC_MSG_RESULT([krb5-config: gssapi.h not found])
|
||||
CPPFLAGS="$saved_cppflags"
|
||||
use_gssapi="yes"
|
||||
else
|
||||
AC_CHECK_HEADERS(krb5/krb5.h krb5.h,
|
||||
[ISC_PLATFORM_KRB5HEADER="#define ISC_PLATFORM_KRB5HEADER <$ac_header>"])
|
||||
if test "$ISC_PLATFORM_KRB5HEADER" = ""; then
|
||||
AC_MSG_RESULT([krb5-config: krb5.h not found])
|
||||
CPPFLAGS="$saved_cppflags"
|
||||
use_gssapi="yes"
|
||||
else
|
||||
CPPFLAGS="$saved_cppflags"
|
||||
saved_libs="$LIBS"
|
||||
LIBS=$gssapi_libs
|
||||
AC_MSG_CHECKING([krb5-config linking as $LIBS])
|
||||
AC_TRY_LINK( , [gss_acquire_cred();krb5_init_context()],
|
||||
gssapi_linked=yes, gssapi_linked=no)
|
||||
case $gssapi_linked in
|
||||
yes) AC_MSG_RESULT([krb5-config: linked]);;
|
||||
no) AC_MSG_RESULT([krb5-config: could not determine proper GSSAPI linkage])
|
||||
use_gssapi="yes"
|
||||
;;
|
||||
esac
|
||||
LIBS=$saved_libs
|
||||
fi
|
||||
fi
|
||||
if test "$use_gssapi" = "yes"; then
|
||||
AC_MSG_CHECKING([for GSSAPI library, non krb5-config method])
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
# gssapi is just the framework, we really require kerberos v5, so
|
||||
# look for those headers (the gssapi headers must be there, too)
|
||||
# The problem with this implementation is that it doesn't allow
|
||||
|
|
@ -867,6 +917,11 @@ case "$use_gssapi" in
|
|||
yes)
|
||||
AC_MSG_ERROR([--with-gssapi must specify a path])
|
||||
;;
|
||||
*/krb5-config|krb5-config)
|
||||
USE_GSSAPI='-DGSSAPI'
|
||||
DST_GSSAPI_INC="$gssapi_cflags"
|
||||
DNS_GSSAPI_LIBS="$gssapi_libs"
|
||||
;;
|
||||
*)
|
||||
AC_MSG_RESULT(looking in $use_gssapi/lib)
|
||||
USE_GSSAPI='-DGSSAPI'
|
||||
|
|
|
|||
Loading…
Reference in a new issue