AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_mech_krb5, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_oid_equal, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_inquire_sec_context_by_oid, $KRB5_LIBS)
fi
+ if test x"$ac_cv_func_ext_gss_get_name_attribute" != x"yes" ; then
+ if test x"$ac_cv_func_ext_gsskrb5_extract_authz_data_from_sec_context" != x"yes" -o \
+ if test x"$ac_cv_func_ext_gss_inquire_sec_context_by_oid" != x"yes"
+ then
+ AC_MSG_WARN(need either gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support)
+ use_ads=no
+ fi
+ fi
+
if test x"$use_ads" = x"yes"; then
AC_DEFINE(WITH_ADS,1,[Whether to include Active Directory support])
AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support])
if not conf.CONFIG_SET('HAVE_KRB5_DECODE_AP_REQ'):
Logs.warn("no KRB5_AP_REQ_DECODING_FUNCTION detected")
use_ads=False
+
+ # We don't actually use
+ # gsskrb5_extract_authz_data_from_sec_context, but it is a
+ # clue that this Heimdal, which does the PAC processing we
+ # need on the standard gss_inquire_sec_context_by_oid
+ if not conf.CONFIG_SET('HAVE_GSS_GET_NAME_ATTRIBUTE') and \
+ not (conf.CONFIG_SET('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT') and \
+ conf.CONFIG_SET('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID')):
+ Logs.warn("need eiterh gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support")
+ use_ads=False
+
if use_ads:
conf.DEFINE('WITH_ADS', '1')
conf.DEFINE('HAVE_KRB5', '1')