configure.in


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321

AC_INIT(ldap-nss.c)
AC_CANONICAL_SYSTEM
AC_PREFIX_DEFAULT()

AM_INIT_AUTOMAKE(nss_ldap, 251)
AM_CONFIG_HEADER(config.h)

AC_PROG_CC
AC_PROG_CPP
AC_PROG_INSTALL

dnl
dnl --enable-rfc2307bis is now deprecated; if this option is set,
dnl then RFC2307bis support will be enabled by default. However
dnl it can now always be enabled at runtime with the nss_schema
dnl keyword. See nss_ldap(5) for more information.
dnl
AC_ARG_ENABLE(rfc2307bis, [  --enable-rfc2307bis       use RFC2307bis schema by default ], [AC_DEFINE(RFC2307BIS)])

dnl
dnl --enable-schema-mapping is no longer necessary as schema
dnl mapping is enabled by default
dnl
dnl AC_ARG_ENABLE(schema-mapping, [  --enable-schema-mapping   enable attribute/objectclass mapping ], [AC_DEFINE(AT_OC_MAP)])
dnl

AC_ARG_ENABLE(debugging, [  --enable-debugging        enable debug code ], [AC_DEFINE(DEBUG)])

dnl
dnl --enable-paged-results is now deprecated; if this option is set,
dnl then paged results will be enabled by default. However, it can
dnl now always be enabled at runtime (as long as the underlying LDAP
dnl library supports ldap_search_ext()) with the nss_paged_results
dnl keyword. See nss_ldap(5) for more information
dnl
AC_ARG_ENABLE(paged-results, [  --enable-paged-results    use paged results control by default ], [AC_DEFINE(PAGE_RESULTS)])

dnl
dnl XXX TODO make configurable-krb5-ccname-* configurable at runtime
dnl
AC_ARG_ENABLE(configurable-krb5-ccname-env, [  --enable-configurable-krb5-ccname-env   enable configurable Kerberos V credentials cache name (putenv method)], [AC_DEFINE(CONFIGURE_KRB5_CCNAME) AC_DEFINE(CONFIGURE_KRB5_CCNAME_ENV)])
AC_ARG_ENABLE(configurable-krb5-ccname-gssapi, [  --enable-configurable-krb5-ccname-gssapi   enable configurable Kerberos V credentials cache name (gssapi method)], [AC_DEFINE(CONFIGURE_KRB5_CCNAME) AC_DEFINE(CONFIGURE_KRB5_CCNAME_GSSAPI)])

AC_ARG_WITH(ldap-lib, [  --with-ldap-lib=type      select ldap library [auto|netscape5|netscape4|netscape3|umich|openldap]])
AC_ARG_WITH(ldap-dir, [  --with-ldap-dir=DIR       base directory of LDAP SDK])
AC_ARG_WITH(ldap-conf-file, [  --with-ldap-conf-file     path to LDAP configuration file],
	    [ NSS_LDAP_PATH_CONF="$with_ldap_conf_file" ],
	    [ NSS_LDAP_PATH_CONF="/etc/ldap.conf" ])
AC_ARG_WITH(ldap-secret-file, [  --with-ldap-secret-file   path to LDAP root secret file],
	    [ NSS_LDAP_PATH_ROOTPASSWD="$with_ldap_secret_file" ],
	    [ NSS_LDAP_PATH_ROOTPASSWD="/etc/ldap.secret" ])
AC_ARG_WITH(gssapi-dir, [  --with-gssapi-dir=DIR     base directory of gssapi SDK])
AC_ARG_WITH(ngroups, [  --with-ngroups=num        average group size hint, experts only], [AC_DEFINE_UNQUOTED(LDAP_NSS_NGROUPS, $with_ngroups)])

AC_DEFINE_UNQUOTED(NSS_LDAP_PATH_CONF, "$NSS_LDAP_PATH_CONF")
AC_DEFINE_UNQUOTED(NSS_LDAP_PATH_ROOTPASSWD, "$NSS_LDAP_PATH_ROOTPASSWD")
AC_SUBST(NSS_LDAP_PATH_CONF)
AC_SUBST(NSS_LDAP_PATH_ROOTPASSWD)

if test "$ac_cv_prog_gcc" = "yes"; then CFLAGS="$CFLAGS -Wall -fPIC"; fi

dnl This is needed for the native Solaris LDAP SDK and
dnl OpenLDAP 2.2, respectively
CPPFLAGS="$CPPFLAGS -DLDAP_REFERRALS -DLDAP_DEPRECATED"

case "$target_os" in
freebsd*) CPPFLAGS="$CPPFLAGS -DPIC -D_REENTRANT" ;;
aix*) CPPFLAGS="$CPPFLAGS -D_THREAD_SAFE" ;;
*) CPPFLAGS="$CPPFLAGS -D_REENTRANT" ;;
esac

# Always use native linker on Solaris and AIX
# but only invoke directly if compiling with gcc (?)

case "$target_os" in
aix*) if test "$ac_cv_prog_gcc" = "yes"; then
    nss_ldap_so_LD="/usr/bin/ld"
  fi
  LDFLAGS="$LDFLAGS -Wl,-brtl"
  nss_ldap_so_LDFLAGS="-bM:SRE -bnoentry -bE:\$(srcdir)/exports.aix -brtl -lc"
  NSS_LDAP_LDFLAGS="-bM:SRE -enss_ldap_initialize -brtl -lc"
  CPPFLAGS="$CPPFLAGS -I."
  need_pthread=yes
  TARGET_OS=AIX ;;
solaris*) if test "$ac_cv_prog_gcc" = yes; then
    nss_ldap_so_LD="/usr/ccs/bin/ld"
  fi
  nss_ldap_so_LDFLAGS="-Bdynamic -M \$(srcdir)/exports.solaris -G" ;;
hpux*) if test "$ac_cv_prog_gcc" = yes; then
    nss_ldap_so_LD="/bin/ld"
  fi
  nss_ldap_so_LDFLAGS="-b -dynamic -G `cat exports.hpux`"
  CPPFLAGS="$CPPFLAGS -I. -DHPUX"
  TARGET_OS=HPUX ;;
linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux" ;;
*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic" ;;
esac

AM_CONDITIONAL(GLIBC, test "$target_os" = "linux" -o "$target_os" = "linux-gnu")
AM_CONDITIONAL(AIX, test "$TARGET_OS" = AIX)
AM_CONDITIONAL(HPUX, test "$TARGET_OS" = HPUX)

AM_CONDITIONAL(USE_NATIVE_LINKER, test -n "$nss_ldap_so_LD")

# unfortunately the linker flags have to be defined twice for
# AIX as we can't force using the native linker for configure
# tests, and the gcc front-end does not understand native
# linker flags.
if test -n "$with_ldap_dir"; then
  CPPFLAGS="$CPPFLAGS -I$with_ldap_dir/include"
  LDFLAGS="$LDFLAGS -L$with_ldap_dir/lib"
  case "$target_os" in 
  aix*) LDFLAGS="$LDFLAGS -Wl,-blibpath:$with_ldap_dir/lib"
    nss_ldap_so_LDFLAGS="$nss_ldap_so_LDFLAGS -L$with_ldap_dir/lib -blibpath:$with_ldap_dir/lib"
    NSS_LDAP_LDFLAGS="$NSS_LDAP_LDFLAGS -L$with_ldap_dir/lib -blibpath:$with_ldap_dir/lib" ;;
  hpux*) LDFLAGS="$LDFLAGS -Wl,+b$with_ldap_dir/lib"
    nss_ldap_so_LDFLAGS="$nss_ldap_so_LDFLAGS -L$with_ldap_dir/lib +b$with_ldap_dir/lib" ;;
  solaris*) LDFLAGS="$LDFLAGS -R$with_ldap_dir/lib" 
    nss_ldap_so_LDFLAGS="$nss_ldap_so_LDFLAGS -L$with_ldap_dir/lib -R$with_ldap_dir/lib" ;;
  *) LDFLAGS="$LDFLAGS -Wl,-rpath,$with_ldap_dir/lib" ;;
  esac  
fi
if test -n "$with_gssapi_dir"; then
  CPPFLAGS="$CPPFLAGS -I$with_gssapi_dir/include"
  LDFLAGS="$LDFLAGS -L$with_gssapi_dir/lib"
fi

AC_SUBST(nss_ldap_so_LD)
AC_SUBST(nss_ldap_so_LDFLAGS)
AC_SUBST(NSS_LDAP_LDFLAGS)

AC_CHECK_HEADERS(lber.h)
AC_CHECK_HEADERS(ldap.h, , AC_MSG_ERROR(could not locate <ldap.h>))
AC_CHECK_HEADERS(ldap_ssl.h)

dnl AC_MSG_CHECKING(for ldap_ssl.h)
dnl AC_TRY_COMPILE([#include <sys/types.h>
dnl	#include <ldap.h>
dnl	#include <ldap_ssl.h>], ,
dnl	[
dnl		AC_MSG_RESULT(yes),
dnl		AC_DEFINE(HAVE_LDAP_SSL_H, 1)
dnl	],
dnl	AC_MSG_RESULT(no))

# For HP-UX and AIX we use private API, the headers for which
# are included locally. We need to do something to stop both
# API being detected.
case "$target_os" in
  aix*) AC_CHECK_HEADERS(irs.h usersec.h) ;;
  hpux*) AC_CHECK_HEADERS(nsswitch.h) ;;
  *) AC_CHECK_HEADERS(nss.h)
     AC_CHECK_HEADERS(nsswitch.h)
     AC_CHECK_HEADERS(irs.h) ;;
esac
AC_CHECK_HEADERS(thread.h)
AC_CHECK_HEADERS(pthread.h)
AC_CHECK_HEADERS(synch.h)
AC_CHECK_HEADERS(malloc.h)
AC_CHECK_HEADERS(shadow.h)
AC_CHECK_HEADERS(prot.h)
AC_CHECK_HEADERS(port_before.h)
AC_CHECK_HEADERS(port_after.h)
AC_CHECK_HEADERS(aliases.h)
AC_CHECK_HEADERS(net/route.h)
AC_CHECK_HEADERS(netinet/if_ether.h)
AC_CHECK_HEADERS(netinet/ether.h)
AC_CHECK_HEADERS(ctype.h)
dnl AC_CHECK_HEADERS(db.h)
dnl AC_CHECK_HEADERS(db1/db.h)
dnl AC_CHECK_HEADERS(db_185.h)
dnl AC_CHECK_HEADERS(db3/db_185.h)
AC_CHECK_HEADERS(alignof.h)
AC_CHECK_HEADERS(rpc/rpcent.h)
AC_CHECK_HEADERS(sys/byteorder.h)
AC_CHECK_HEADERS(sys/un.h)
AC_CHECK_HEADERS(libc-lock.h)
AC_CHECK_HEADERS(bits/libc-lock.h)
AC_CHECK_HEADERS(sasl.h sasl/sasl.h)
AC_CHECK_HEADERS(strings.h)
AC_CHECK_HEADERS(gssldap.h)
AC_CHECK_HEADERS(gsssasl.h)
AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi.h)

AC_CHECK_LIB(resolv, main)
AC_CHECK_LIB(nsl, main)
AC_CHECK_LIB(socket, main)

AC_CHECK_FUNCS(strtok_r)
AC_CHECK_FUNCS(sigaction)
AC_CHECK_FUNCS(sigset)
AC_CHECK_FUNCS(res_search)
AC_CHECK_FUNCS(dn_expand)
AC_CHECK_FUNCS(snprintf)
AC_CHECK_FUNCS(gethostbyname)
AC_CHECK_FUNCS(nsdispatch)
AC_CHECK_FUNCS(pthread_atfork)
AC_CHECK_FUNCS(ether_aton)
AC_CHECK_FUNCS(ether_ntoa)

AC_MSG_CHECKING(for struct ether_addr)
AC_TRY_COMPILE([#include <sys/types.h>
	#include <sys/socket.h>
	#include <net/if.h>
	#include <netinet/in.h>
	#include <netinet/if_ether.h>],
	[struct ether_addr x;],
	[
		AC_MSG_RESULT(yes)
		AC_DEFINE(HAVE_STRUCT_ETHER_ADDR, 1)
	],
	AC_MSG_RESULT(no))

AC_MSG_CHECKING(for socklen_t)
AC_TRY_COMPILE([#include <sys/types.h>
	#include <sys/socket.h>],
	[socklen_t len;],
	[
		AC_MSG_RESULT(yes)
		AC_DEFINE(HAVE_SOCKLEN_T, 1)
	],
	AC_MSG_RESULT(no))

AC_MSG_CHECKING(for pw_change in struct passwd)
AC_TRY_COMPILE([#include <pwd.h>],
	[struct passwd pwd; time_t t = pwd.pw_change],
	[
		AC_MSG_RESULT(yes)
		AC_DEFINE(HAVE_PASSWD_PW_CHANGE, 1)
	],
	AC_MSG_RESULT(no))
AC_MSG_CHECKING(for pw_expire in struct passwd)
AC_TRY_COMPILE([#include <pwd.h>],
	[struct passwd pwd; time_t t = pwd.pw_expire],
	[
		AC_MSG_RESULT(yes)
		AC_DEFINE(HAVE_PASSWD_PW_EXPIRE, 1)
	],
	AC_MSG_RESULT(no))

dnl check which ldap library we have
dnl check which ldap library we have
if test -z "$with_ldap_lib"; then
  with_ldap_lib=auto
fi

AC_CHECK_LIB(dl, dlopen,[LIBS="-ldl $LIBS"],,$LIBS)
dnl AC_CHECK_LIB(db, main,[LIBS="-ldb $LIBS"],,$LIBS)

AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,[LIBS="-lgssapi $LIBS" found_gssapi_lib=yes],,$LIBS)
if test -z "$found_gssapi_lib"; then
  AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,[LIBS="-lgssapi_krb5 $LIBS"],,$LIBS)
fi

dnl Following checks probably not strictly necessary.
dnl AC_CHECK_LIB(crypto, main,[LIBS="-lcrypto $LIBS"],,$LIBS)
dnl AC_CHECK_LIB(ssl, main,[LIBS="-lssl $LIBS"],,$LIBS)
dnl AC_CHECK_LIB(com_err, main,[LIBS="-lcom_err $LIBS"],,$LIBS)
dnl AC_CHECK_LIB(k5crypto, main,[LIBS="-lk5crypto $LIBS"],,$LIBS)
dnl AC_CHECK_LIB(krb5, main,[LIBS="-lkrb5 $LIBS"],,$LIBS)
dnl AC_CHECK_LIB(krb4, main,[LIBS="-lkrb4 $LIBS"],,$LIBS)
dnl AC_CHECK_LIB(sasl, sasl_client_init,[LIBS="-lsasl $LIBS"],,$LIBS)

if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \); then
  AC_CHECK_LIB(lber, main)
  AC_CHECK_LIB(ldap, main, [LIBS="-lldap_r $LIBS" found_ldap_lib=yes],,$LIBS)
fi
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape5 \); then
AC_CHECK_LIB(ldap50, main, LIBS="-lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 $LIBS" found_ldap_lib=yes need_pthread=yes,, -lpthread)
fi
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape4 \); then
  AC_CHECK_LIB(ldapssl41, main, LIBS="-lldapssl41 -lplc3 -lplds3 -lnspr3 $LIBS" found_ldap_lib=yes need_pthread=yes,, -lpthread)
  if test -z "$found_ldap_lib"; then
    AC_CHECK_LIB(ldapssl40, main, LIBS="-lldapssl40 $LIBS" found_ldap_lib=yes need_pthread=yes,, -lpthread)
  fi
  if test -z "$found_ldap_lib"; then
    AC_CHECK_LIB(ldap41, main, LIBS="-lldap41 $LIBS" found_ldap_lib=yes need_pthread=no,,)
  fi
  if test -z "$found_ldap_lib"; then
    AC_CHECK_LIB(ldap40, main, LIBS="-lldap40 $LIBS" found_ldap_lib=yes need_pthread=no,,)
  fi
fi
if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape3 \); then
  AC_CHECK_LIB(ldapssl30, main, LIBS="-lldapssl30 $LIBS" found_ldap_lib=yes need_pthread=yes,, -lpthread)
fi

if test -z "$found_ldap_lib"; then
  AC_MSG_ERROR(could not locate a valid LDAP library)
fi

if test "$need_pthread" = "yes"; then
  AC_CHECK_LIB(pthread, main)
fi

AC_CHECK_LIB(gssldap, ldap_gss_bind,[LIBS="-lgssldap $LIBS"],,$LIBS)

AC_CHECK_FUNCS(sasl_auxprop_request)
AC_CHECK_FUNCS(ldap_init ldap_get_lderrno ldap_parse_result ldap_memfree ldap_controls_free)
AC_CHECK_FUNCS(ldap_ld_free ldap_explode_rdn ldap_set_option ldap_get_option)
AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s ldap_initialize ldap_search_ext)
AC_CHECK_FUNCS(ldap_create_control ldap_create_page_control ldap_parse_page_control)
if test "$enable_ssl" \!= "no"; then
  AC_CHECK_FUNCS(ldapssl_client_init ldap_start_tls_s ldap_pvt_tls_set_option ldap_start_tls)
fi
AC_CHECK_FUNCS(gethostbyname_r)

if test "$ac_cv_func_gethostbyname_r" = "yes"; then
AC_CACHE_CHECK(whether gethostbyname_r takes 6 arguments, nss_ldap_cv_gethostbyname_r_args, [
AC_TRY_COMPILE([
#include <netdb.h>], [gethostbyname_r(0, 0, 0, 0, 0, 0);], [nss_ldap_cv_gethostbyname_r_args=6], [nss_ldap_cv_gethostbyname_r_args=5]) ])
AC_DEFINE_UNQUOTED(GETHOSTBYNAME_R_ARGS, $nss_ldap_cv_gethostbyname_r_args)
fi

AC_CHECK_FUNCS(ldap_set_rebind_proc)
AC_CACHE_CHECK(whether ldap_set_rebind_proc takes 3 arguments, nss_ldap_cv_ldap_set_rebind_proc, [
AC_TRY_COMPILE([
#include <lber.h>
#include <ldap.h>], [ldap_set_rebind_proc(0, 0, 0);], [nss_ldap_cv_ldap_set_rebind_proc=3], [nss_ldap_cv_ldap_set_rebind_proc=2]) ])
AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $nss_ldap_cv_ldap_set_rebind_proc)

AC_OUTPUT(Makefile)