mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 18:08:23 +00:00
Code Issues Releases Wiki Activity

Move LDAP library checks to m4/ldap.m4 and make more tests cacheable.

Browse Source
This commit is contained in:
Todd C. Miller 2022-12-05 16:52:34 -07:00
parent 00e22508a7
commit 12da6bd0ce
5 changed files with 252 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
MANIFEST
View File

@ -426,6 +426,7 @@ m4/ax_func_getaddrinfo.m4
m4/ax_func_snprintf.m4 m4/ax_func_snprintf.m4
m4/ax_prog_cc_for_build.m4 m4/ax_prog_cc_for_build.m4
m4/hardening.m4 m4/hardening.m4
m4/ldap.m4
m4/libtool.m4 m4/libtool.m4
m4/ltoptions.m4 m4/ltoptions.m4
m4/ltsugar.m4 m4/ltsugar.m4

1
aclocal.m4 vendored
View File

@ -19,6 +19,7 @@ m4_include([m4/ax_func_getaddrinfo.m4])
m4_include([m4/ax_func_snprintf.m4]) m4_include([m4/ax_func_snprintf.m4])
m4_include([m4/ax_prog_cc_for_build.m4]) m4_include([m4/ax_prog_cc_for_build.m4])
m4_include([m4/hardening.m4]) m4_include([m4/hardening.m4])
m4_include([m4/ldap.m4])
m4_include([m4/libtool.m4]) m4_include([m4/libtool.m4])
m4_include([m4/ltoptions.m4]) m4_include([m4/ltoptions.m4])
m4_include([m4/ltsugar.m4]) m4_include([m4/ltsugar.m4])

67
configure vendored
View File

@ -30275,7 +30275,8 @@ fi
COMMON_OBJS="${COMMON_OBJS} event_select.lo" COMMON_OBJS="${COMMON_OBJS} event_select.lo"
fi fi
if test ${with_ldap-'no'} != "no"; then
if test ${with_ldap-'no'} != "no"; then
O_LDFLAGS="$LDFLAGS" O_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then if test "$with_ldap" != "yes"; then
@ -30590,26 +30591,17 @@ fi
LDAP_LIBS="-lldap" LDAP_LIBS="-lldap"
fi fi
LIBS="${_LIBS} ${LDAP_LIBS}" LIBS="${_LIBS} ${LDAP_LIBS}"
#
# Check if we need to link with -llber for ber_set_option()
#
OLIBS="$LIBS" OLIBS="$LIBS"
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether lber.h defines LBER_OPT_DEBUG_LEVEL" >&5 ac_fn_check_decl "$LINENO" "LBER_OPT_DEBUG_LEVEL" "ac_cv_have_decl_LBER_OPT_DEBUG_LEVEL" "$ac_includes_default
printf %s "checking whether lber.h defines LBER_OPT_DEBUG_LEVEL... " >&6; } #include <lber.h>
cat confdefs.h - <<_ACEOF >conftest.$ac_ext " "$ac_c_undeclared_builtin_options" "CFLAGS"
/* end confdefs.h. */ if test "x$ac_cv_have_decl_LBER_OPT_DEBUG_LEVEL" = xyes
#include <sys/types.h>
# include <lber.h>
int
main (void)
{
int opt=LBER_OPT_DEBUG_LEVEL;
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then : then :
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
printf "%s\n" "yes" >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing ber_set_option" >&5 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing ber_set_option" >&5
printf %s "checking for library containing ber_set_option... " >&6; } printf %s "checking for library containing ber_set_option... " >&6; }
if test ${ac_cv_search_ber_set_option+y} if test ${ac_cv_search_ber_set_option+y}
@ -30684,20 +30676,19 @@ fi
LDAP_LIBS="$LDAP_LIBS -llber" LDAP_LIBS="$LDAP_LIBS -llber"
fi fi
fi
LIBS="$OLIBS"
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether lber.h is needed when including ldap.h" >&5
printf %s "checking whether lber.h is needed when including ldap.h... " >&6; }
if test ${sudo_cv_header_lber_h+y}
then :
printf %s "(cached) " >&6
else case e in #( else case e in #(
e) e)
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
printf "%s\n" "no" >&6; }
;;
esac
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether lber.h is needed" >&5
printf %s "checking whether lber.h is needed... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */ /* end confdefs.h. */
#include <sys/types.h> #include <sys/types.h>
# include <ldap.h> #include <ldap.h>
int int
main (void) main (void)
{ {
@ -30708,18 +30699,27 @@ main (void)
_ACEOF _ACEOF
if ac_fn_c_try_link "$LINENO" if ac_fn_c_try_link "$LINENO"
then : then :
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
printf "%s\n" "no" >&6; } # No need to explicitly include lber.h when including ldap.h.
sudo_cv_header_lber_h=no
else case e in #( else case e in #(
e) e)
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 sudo_cv_header_lber_h=yes
printf "%s\n" "yes" >&6; }
printf "%s\n" "#define HAVE_LBER_H 1" >>confdefs.h
;; ;;
esac esac
fi fi
rm -f core conftest.err conftest.$ac_objext conftest.beam \ rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext conftest$ac_exeext conftest.$ac_ext
;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_header_lber_h" >&5
printf "%s\n" "$sudo_cv_header_lber_h" >&6; }
if test X"$sudo_cv_header_lber_h" = X"yes"; then
printf "%s\n" "#define HAVE_LBER_H 1" >>confdefs.h
fi
if test ${enable_sasl-'yes'} = "yes"; then if test ${enable_sasl-'yes'} = "yes"; then
found_sasl_h=no found_sasl_h=no
@ -31045,7 +31045,8 @@ printf "%s\n" "$as_me: WARNING: unable to locate gssapi.h, you will have to edit
SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}" SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS" LIBS="$_LIBS"
LDFLAGS="$O_LDFLAGS" LDFLAGS="$O_LDFLAGS"
fi fi
# #
# How to do dynamic object loading. # How to do dynamic object loading.

124
configure.ac
View File

@ -4032,128 +4032,10 @@ else
fi fi
dnl dnl
dnl extra lib and .o file for LDAP support dnl If LDAP support is enabled, add sudo ldap objects to SUDOERS_OBJS
dnl and add LDAP libraries to SUDOERS_LDFLAGS SUDOERS_LIBS.
dnl dnl
if test ${with_ldap-'no'} != "no"; then SUDO_CHECK_LDAP
O_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
LDFLAGS="$LDFLAGS -L${with_ldap}/lib"
if test -d "${with_ldap}/lib64"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib64])
LDFLAGS="$LDFLAGS -L${with_ldap}/lib64"
fi
AX_APPEND_FLAG([-I${with_ldap}/include], [CPPFLAGS])
with_ldap=yes
fi
SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo ldap_conf.lo"
case "$SUDOERS_OBJS" in
*ldap_util.lo*) ;;
*) SUDOERS_OBJS="${SUDOERS_OBJS} ldap_util.lo";;
esac
LDAP=""
_LIBS="$LIBS"
LDAP_LIBS=""
IBMLDAP_EXTRA=""
found=no
# On HP-UX, libibmldap has a hidden dependency on libCsup
case "$host_os" in
hpux*) AC_CHECK_LIB([Csup], [main], [IBMLDAP_EXTRA=" -lCsup"]);;
esac
AC_SEARCH_LIBS([ldap_init], ["ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}" "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}]", [
test "${ac_cv_search_ldap_init}" != "none required" && LDAP_LIBS="${ac_cv_search_ldap_init}"
found=yes
])
# If nothing linked, try -lldap and hope for the best
if test "$found" = "no"; then
LDAP_LIBS="-lldap"
fi
LIBS="${_LIBS} ${LDAP_LIBS}"
dnl check if we need to link with -llber for ber_set_option
OLIBS="$LIBS"
AC_MSG_CHECKING([whether lber.h defines LBER_OPT_DEBUG_LEVEL])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
# include <lber.h>]], [[int opt=LBER_OPT_DEBUG_LEVEL;]])], [
AC_MSG_RESULT([yes])
AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
LDAP_LIBS="$LDAP_LIBS -llber"
fi
], [
AC_MSG_RESULT([no])
])
dnl check if ldap.h includes lber.h for us
AC_MSG_CHECKING([whether lber.h is needed])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
# include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
if test ${enable_sasl-'yes'} = "yes"; then
found_sasl_h=no
AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [
found_sasl_h=yes
AC_CHECK_FUNCS([ldap_sasl_interactive_bind_s])
break
])
if test X${enable_sasl} = X"yes"; then
if test X"$found_sasl_h" != X"yes"; then
AC_MSG_ERROR([--enable-sasl specified but unable to locate SASL development headers.])
fi
if test X"$ac_cv_func_ldap_sasl_interactive_bind_s" != X"yes"; then :
AC_MSG_ERROR([--enable-sasl specified but SASL support is missing in your LDAP library])
fi
fi
fi
AC_CHECK_HEADERS([ldapssl.h] [ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
AC_CHECK_FUNCS([ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np])
AC_CHECK_FUNCS([ldap_search_ext_s ldap_search_st], [break])
if test X"$check_gss_krb5_ccache_name" = X"yes"; then
AC_CHECK_LIB([gssapi], [gss_krb5_ccache_name], [
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
LDAP_LIBS="${LDAP_LIBS} -lgssapi"
], [
AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name, [
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"
])
])
# gssapi headers may be separate or part of Kerberos V
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
# Use AC_PREPROC_IFELSE to check existence to avoid caching
# since we test with multiple values of CPPFLAGS
AC_PREPROC_IFELSE([
AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])
], [
AC_CHECK_HEADERS([gssapi/gssapi.h])
break
], [
AC_PREPROC_IFELSE([
AC_LANG_PROGRAM([[#include <gssapi.h>]])
], [
AC_CHECK_HEADERS([gssapi.h])
break
])
])
done
if test X"$ac_cv_header_gssapi_gssapi_h" != X"no"; then
AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
elif test X"$ac_cv_header_gssapi_h" = X"no"; then
CPPFLAGS="$O_CPPFLAGS"
AC_MSG_WARN([unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
fi
fi
SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
LDFLAGS="$O_LDFLAGS"
fi
# #
# How to do dynamic object loading. # How to do dynamic object loading.

128
m4/ldap.m4 Normal file
View File

@ -0,0 +1,128 @@
AC_DEFUN([SUDO_CHECK_LDAP], [
if test ${with_ldap-'no'} != "no"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
LDFLAGS="$LDFLAGS -L${with_ldap}/lib"
if test -d "${with_ldap}/lib64"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib64])
LDFLAGS="$LDFLAGS -L${with_ldap}/lib64"
fi
AX_APPEND_FLAG([-I${with_ldap}/include], [CPPFLAGS])
with_ldap=yes
fi
SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo ldap_conf.lo"
case "$SUDOERS_OBJS" in
*ldap_util.lo*) ;;
*) SUDOERS_OBJS="${SUDOERS_OBJS} ldap_util.lo";;
esac
LDAP=""
_LIBS="$LIBS"
LDAP_LIBS=""
IBMLDAP_EXTRA=""
found=no
# On HP-UX, libibmldap has a hidden dependency on libCsup
case "$host_os" in
hpux*) AC_CHECK_LIB([Csup], [main], [IBMLDAP_EXTRA=" -lCsup"]);;
esac
AC_SEARCH_LIBS([ldap_init], ["ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}" "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}]", [
test "${ac_cv_search_ldap_init}" != "none required" && LDAP_LIBS="${ac_cv_search_ldap_init}"
found=yes
])
# If nothing linked, try -lldap and hope for the best
if test "$found" = "no"; then
LDAP_LIBS="-lldap"
fi
LIBS="${_LIBS} ${LDAP_LIBS}"
#
# Check if we need to link with -llber for ber_set_option()
#
OLIBS="$LIBS"
AC_CHECK_DECL([LBER_OPT_DEBUG_LEVEL], [
AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
LDAP_LIBS="$LDAP_LIBS -llber"
fi
], [], [AC_INCLUDES_DEFAULT
#include <lber.h>])
LIBS="$OLIBS"
AC_CACHE_CHECK([whether lber.h is needed when including ldap.h], [sudo_cv_header_lber_h], [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [
# No need to explicitly include lber.h when including ldap.h.
sudo_cv_header_lber_h=no
], [
sudo_cv_header_lber_h=yes
])
])
if test X"$sudo_cv_header_lber_h" = X"yes"; then
AC_DEFINE(HAVE_LBER_H)
fi
if test ${enable_sasl-'yes'} = "yes"; then
found_sasl_h=no
AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [
found_sasl_h=yes
AC_CHECK_FUNCS([ldap_sasl_interactive_bind_s])
break
])
if test X${enable_sasl} = X"yes"; then
if test X"$found_sasl_h" != X"yes"; then
AC_MSG_ERROR([--enable-sasl specified but unable to locate SASL development headers.])
fi
if test X"$ac_cv_func_ldap_sasl_interactive_bind_s" != X"yes"; then :
AC_MSG_ERROR([--enable-sasl specified but SASL support is missing in your LDAP library])
fi
fi
fi
AC_CHECK_HEADERS([ldapssl.h] [ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
AC_CHECK_FUNCS([ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np])
AC_CHECK_FUNCS([ldap_search_ext_s ldap_search_st], [break])
if test X"$check_gss_krb5_ccache_name" = X"yes"; then
AC_CHECK_LIB([gssapi], [gss_krb5_ccache_name], [
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
LDAP_LIBS="${LDAP_LIBS} -lgssapi"
], [
AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name, [
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"
])
])
# gssapi headers may be separate or part of Kerberos V
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
# Use AC_PREPROC_IFELSE to check existence to avoid caching
# since we test with multiple values of CPPFLAGS
AC_PREPROC_IFELSE([
AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])
], [
AC_CHECK_HEADERS([gssapi/gssapi.h])
break
], [
AC_PREPROC_IFELSE([
AC_LANG_PROGRAM([[#include <gssapi.h>]])
], [
AC_CHECK_HEADERS([gssapi.h])
break
])
])
done
if test X"$ac_cv_header_gssapi_gssapi_h" != X"no"; then
AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
elif test X"$ac_cv_header_gssapi_h" = X"no"; then
CPPFLAGS="$O_CPPFLAGS"
AC_MSG_WARN([unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
fi
fi
SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
LDFLAGS="$O_LDFLAGS"
fi
])