forked from freeipa/freeipa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.m4
227 lines (189 loc) · 9.53 KB
/
server.m4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
dnl server dependencies
dnl ---------------------------------------------------------------------------
dnl - Check for DS slapi plugin
dnl ---------------------------------------------------------------------------
# 389-ds headers depend on NSPR
PKG_CHECK_MODULES([NSPR], [nspr])
# Need to hack CPPFLAGS to be able to correctly detect slapi-plugin.h
SAVE_CPPFLAGS=$CPPFLAGS
CPPFLAGS=$NSPR_CFLAGS
AC_CHECK_HEADER(dirsrv/slapi-plugin.h)
if test "x$ac_cv_header_dirsrv_slapi-plugin_h" = "xno" ; then
AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)])
fi
AC_CHECK_HEADER(dirsrv/repl-session-plugin.h)
if test "x$ac_cv_header_dirsrv_repl_session_plugin_h" = "xno" ; then
AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)])
fi
CPPFLAGS=$SAVE_CPPFLAGS
if test "x$ac_cv_header_dirsrv_slapi_plugin_h" = "xno" ; then
AC_MSG_ERROR([Required DS slapi plugin header not available (fedora-ds-base-devel)])
fi
AC_CHECK_FUNC(timegm, [], [AC_MSG_ERROR([timegm not found])])
dnl -- dirsrv is needed for the extdom unit tests --
PKG_CHECK_MODULES([DIRSRV], [dirsrv >= 1.3.0])
# slapi-plugin.h includes nspr.h
DIRSRV_CFLAGS="$DIRSRV_CFLAGS $NSPR_CFLAGS"
bck_cflags="$CFLAGS"
CFLAGS="$CFLAGS $DIRSRV_CFLAGS"
AC_CHECK_DECL([SLAPI_OP_NOTE_MFA_AUTH], [
AC_DEFINE(USE_OP_NOTE_MFA_AUTH,1,
[Use LDAP operation note for multi-factor LDAP BIND])],
[], [[#include <dirsrv/slapi-plugin.h>]])
CFLAGS="$bck_cflags"
dnl -- sss_idmap is needed by the extdom exop --
PKG_CHECK_MODULES([SSSIDMAP], [sss_idmap])
PKG_CHECK_MODULES([SSSNSSIDMAP], [sss_nss_idmap >= 1.15.2])
AC_CHECK_LIB([sss_nss_idmap],
[sss_nss_getlistbycert],
[ ],
[AC_MSG_ERROR([Required sss_nss_getlistbycert symbol in sss_nss_idmap not found])],
[])
dnl --- if sss_nss_idmap provides _timeout() API, use it
bck_cflags="$CFLAGS"
CFLAGS="$CFLAGS -DIPA_389DS_PLUGIN_HELPER_CALLS"
AC_CHECK_DECLS([sss_nss_getpwnam_timeout], [], [], [[#include <sss_nss_idmap.h>]])
CFLAGS="$bck_cflags"
if test "x$ac_cv_have_decl_sss_nss_getpwnam_timeout" = xyes ; then
AC_DEFINE(USE_SSS_NSS_TIMEOUT,1,[Use extended NSS API provided by SSSD])
fi
dnl --- if sss_nss_idmap provides sss_nss_getorigbyusername_timeout and
dnl --- sss_nss_getorigbygroupname_timeout , use it
bck_cflags="$CFLAGS"
CFLAGS="$CFLAGS -DIPA_389DS_PLUGIN_HELPER_CALLS"
AC_CHECK_DECLS([sss_nss_getorigbyusername_timeout, sss_nss_getorigbygroupname_timeout], [], [], [[#include <sss_nss_idmap.h>]])
CFLAGS="$bck_cflags"
dnl -- sss_certmap and certauth.h are needed by the IPA KDB certauth plugin --
PKG_CHECK_EXISTS([sss_certmap],
[PKG_CHECK_MODULES([SSSCERTMAP], [sss_certmap])],
[AC_MSG_NOTICE([sss_certmap not found])])
AC_CHECK_HEADER([krb5/certauth_plugin.h],
[have_certauth_plugin=yes],
[have_certauth_plugin=no])
dnl -- Check if we can build the kdcpolicy plugin
AC_CHECK_HEADER([krb5/kdcpolicy_plugin.h],
[have_kdcpolicy_plugin=yes],
[have_kdcpolicy_plugin=no])
dnl ---------------------------------------------------------------------------
dnl - Check for KRB5 krad
dnl ---------------------------------------------------------------------------
AC_CHECK_HEADER(krad.h, [], [AC_MSG_ERROR([krad.h not found])])
AC_CHECK_LIB(krad, main, [ ], [AC_MSG_ERROR([libkrad not found])])
KRAD_LIBS="-lkrad"
krb5rundir="${runstatedir}/krb5kdc"
AC_SUBST(KRAD_LIBS)
AC_SUBST(krb5rundir)
dnl ---------------------------------------------------------------------------
dnl - Check for KRB5 KDB API issue_pac support
dnl ---------------------------------------------------------------------------
AC_CHECK_HEADER(kdb.h, [], [AC_MSG_ERROR([kdb.h not found])])
AC_CHECK_MEMBER([kdb_vftabl.issue_pac],
[have_kdb_issue_pac=yes],
[have_kdb_issue_pac=no], [#include <kdb.h>])
dnl ---------------------------------------------------------------------------
dnl - Check for KRB5 krb5_kdc_sign_ticket function
dnl ---------------------------------------------------------------------------
AC_CHECK_LIB(krb5, krb5_pac_full_sign_compat,
[AC_DEFINE([HAVE_KRB5_PAC_FULL_SIGN_COMPAT], [1],
[krb5_pac_full_sign_compat() is available.])],
[AC_MSG_NOTICE([krb5_pac_full_sign_compat() is not available])])
dnl ---------------------------------------------------------------------------
dnl - Check for UUID library
dnl ---------------------------------------------------------------------------
PKG_CHECK_MODULES([UUID], [uuid])
dnl ---------------------------------------------------------------------------
dnl Check for ndr_krb5pac and other samba libraries
dnl ---------------------------------------------------------------------------
PKG_CHECK_MODULES([TALLOC], [talloc])
PKG_CHECK_MODULES([TEVENT], [tevent])
PKG_CHECK_MODULES([NDRPAC], [ndr_krb5pac])
PKG_CHECK_MODULES([NDRNBT], [ndr_nbt])
PKG_CHECK_MODULES([NDR], [ndr])
PKG_CHECK_MODULES([SAMBAUTIL], [samba-util])
SAMBA40EXTRA_LIBPATH="-L`$PKG_CONFIG --variable=libdir samba-util`/samba -Wl,-rpath=`$PKG_CONFIG --variable=libdir samba-util`/samba"
AC_SUBST(SAMBA40EXTRA_LIBPATH)
bck_cflags="$CFLAGS"
CFLAGS="$NDRPAC_CFLAGS"
AC_CHECK_MEMBER(
[struct PAC_DOMAIN_GROUP_MEMBERSHIP.domain_sid],
[AC_DEFINE([HAVE_STRUCT_PAC_DOMAIN_GROUP_MEMBERSHIP], [1],
[struct PAC_DOMAIN_GROUP_MEMBERSHIP is available.])],
[AC_MSG_NOTICE([struct PAC_DOMAIN_GROUP_MEMBERSHIP is not available])],
[[#include <ndr.h>
#include <gen_ndr/krb5pac.h>]])
AC_CHECK_MEMBER(
[struct PAC_UPN_DNS_INFO.ex],
[AC_DEFINE([HAVE_PAC_UPN_DNS_INFO_EX], [1],
[union PAC_UPN_DNS_INFO_EX is available.])],
[AC_MSG_NOTICE([union PAC_UPN_DNS_INFO_EX is not available, account protection is not active])],
[[#include <ndr.h>
#include <gen_ndr/krb5pac.h>]])
AC_CHECK_MEMBER(
[struct PAC_REQUESTER_SID.sid],
[AC_DEFINE([HAVE_PAC_REQUESTER_SID], [1],
[struct PAC_REQUESTER_SID is available.])],
[AC_MSG_NOTICE([struct PAC_REQUESTER_SID is not available, account protection is not active])],
[[#include <ndr.h>
#include <gen_ndr/krb5pac.h>]])
AC_CHECK_MEMBER(
[struct PAC_ATTRIBUTES_INFO.flags],
[AC_DEFINE([HAVE_PAC_ATTRIBUTES_INFO], [1],
[struct PAC_ATTRIBUTES_INFO is available.])],
[AC_MSG_NOTICE([struct PAC_ATTRIBUTES_INFO is not available, account protection is not active])],
[[#include <ndr.h>
#include <gen_ndr/krb5pac.h>]])
CFLAGS="$bck_cflags"
LIBPDB_NAME=""
AC_CHECK_LIB([samba-passdb],
[make_pdb_method],
[LIBPDB_NAME="samba-passdb"; HAVE_LIBPDB=1],
[LIBPDB_NAME="pdb"],
[$SAMBA40EXTRA_LIBPATH])
if test "x$LIB_PDB_NAME" = "xpdb" ; then
AC_CHECK_LIB([$LIBPDB_NAME],
[make_pdb_method],
[HAVE_LIBPDB=1],
[AC_MSG_ERROR([Neither libpdb nor libsamba-passdb does have make_pdb_method])],
[$SAMBA40EXTRA_LIBPATH])
fi
AC_SUBST(LIBPDB_NAME)
AC_CHECK_LIB([$LIBPDB_NAME],[pdb_enum_upn_suffixes],
[AC_DEFINE([HAVE_PDB_ENUM_UPN_SUFFIXES], [1], [Ability to enumerate UPN suffixes])],
[AC_MSG_WARN([libpdb does not have pdb_enum_upn_suffixes, no support for realm domains in ipasam])],
[$SAMBA40EXTRA_LIBPATH])
AC_CHECK_LIB([smbldap],[smbldap_get_ldap],
[AC_DEFINE([HAVE_SMBLDAP_GET_LDAP], [1], [struct smbldap_state is opaque])],
[AC_MSG_WARN([libsmbldap is not opaque, not using smbldap_get_ldap])],
[$SAMBA40EXTRA_LIBPATH])
AC_CHECK_LIB([smbldap],[smbldap_set_bind_callback],
[AC_DEFINE([HAVE_SMBLDAP_SET_BIND_CALLBACK], [1], [struct smbldap_state is opaque])],
[AC_MSG_WARN([libsmbldap is not opaque, not using smbldap_set_bind_callback])],
[$SAMBA40EXTRA_LIBPATH])
AC_CHECK_LIB([samba-security-private-samba],[dom_sid_string],
[SAMBA_SECURITY_LIBS=samba-security-private-samba],
[AC_CHECK_LIB([samba-security-samba4],[dom_sid_string],
[SAMBA_SECURITY_LIBS=samba-security-samba4],
[AC_MSG_ERROR([Cannot find private samba-security library])],
[$SAMBA40EXTRA_LIBPATH])],
[$SAMBA40EXTRA_LIBPATH])
AC_SUBST(SAMBA_SECURITY_LIBS)
dnl ---------------------------------------------------------------------------
dnl Check for libunistring
dnl ---------------------------------------------------------------------------
AC_CHECK_HEADERS([unicase.h],,AC_MSG_ERROR([Could not find unicase.h]))
AC_CHECK_LIB([unistring],
[ulc_casecmp],
[UNISTRING_LIBS="-lunistring"],
[AC_MSG_ERROR([libunistring does not have ulc_casecmp])])
AC_SUBST(UNISTRING_LIBS)
dnl ---------------------------------------------------------------------------
dnl Check for libverto
dnl ---------------------------------------------------------------------------
PKG_CHECK_MODULES([LIBVERTO], [libverto])
dnl ---------------------------------------------------------------------------
dnl Check for unshare(2) - Linux-only. We also check for chroot(2) as we use both
dnl ---------------------------------------------------------------------------
AC_CHECK_HEADER(sched.h, [
AC_CHECK_FUNC(unshare, [], [AC_MSG_WARN([unshare not found, no extdom unit tests to be run])])
AC_CHECK_FUNC(chroot, [], [AC_MSG_WARN([chroot not found, no extdom unit tests to be run])])
], [AC_MSG_WARN([sched.h not found, unshare is not available])])