Index: head/net/freeradius3/Makefile =================================================================== --- head/net/freeradius3/Makefile (revision 342482) +++ head/net/freeradius3/Makefile (revision 342483) @@ -1,429 +1,430 @@ # Created by: Ryan Steinmetz # $FreeBSD$ PORTNAME= freeradius DISTVERSION= 3.0.1 +PORTREVISION= 1 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \ ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \ http://ftp.cc.uoc.gr/mirrors/ftp.freeradius.org/%SUBDIR%/ \ http://mirrors.rit.edu/zi/ MASTER_SITE_SUBDIR= . old PKGNAMESUFFIX= 3 DISTNAME= freeradius-server-${DISTVERSION} MAINTAINER= zi@FreeBSD.org COMMENT= A free RADIUS server implementation LICENSE= GPLv2 LIB_DEPENDS= gdbm:${PORTSDIR}/databases/gdbm \ talloc:${PORTSDIR}/devel/talloc LOGDIR?= /var/log KRB5_CONFIG?= /usr/bin/krb5-config --libs CONFLICTS= gnu-radius-[0-9].* openradius-[0-9].* radiusd-cistron-[0-9].* \ freeradius-mysql-[0-9].* freeradius-[0124-9].* USE_RC_SUBR= radiusd USES= gmake GNU_CONFIGURE= yes USE_BZIP2= yes USE_OPENSSL= yes MAKE_ARGS+= LDFLAGS="-L${LOCALBASE}/lib ${PTHREAD_LIBS}" CFLAGS+= -I${LOCALBASE}/include -L${LOCALBASE}/lib MAKE_JOBS_SAFE= yes PLIST_SUB= PORTVERSION=${DISTVERSION} LIBVER=0${PORTVERSION:C/\./0/g} OPTIONS_DEFINE= USER KERBEROS HEIMDAL HEIMDAL_PORT LDAP MYSQL \ PGSQL UNIXODBC FIREBIRD REDIS PYTHON RUBY \ EXPERIMENTAL UDPFROMTO DEVELOPER EDIR PERL REST \ FREETDS IDN SSL_PORT OPTIONS_DEFAULT=USER PERL USER_DESC= Run as user freeradius, group freeradius HEIMDAL_DESC= With Heimdal Kerberos support HEIMDAL_PORT_DESC= With Heimdal Kerberos from ports UNIXODBC_DESC= With unixODBC database support FIREBIRD_DESC= With Firebird database support (EXPERIMENTAL) EXPERIMENTAL_DESC= Build experimental modules UDPFROMTO_DESC= Compile in UDPFROMTO support DEVELOPER_DESC= Enable developer options EDIR_DESC= Enable eDirectory support (implies LDAP) REST_DESC= Enable RESTful API support SSL_PORT_DESC= Use OpenSSL from the ports collection NO_STAGE= yes .include # Default requirements for rc script _REQUIRE= NETWORKING SERVERS .if ${PORT_OPTIONS:MUSER} SUB_LIST+= RUN_AS_USER="yes" .else SUB_LIST+= RUN_AS_USER="no" .endif # User and group to use if USER option is chosen RADIUS_USER= freeradius RADIUS_GROUP= freeradius USERS= ${RADIUS_USER} GROUPS= ${RADIUS_GROUP} .if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MKERBEROS) ${UNIQUENAME}_SET+= KERBEROS .endif .if ${PORT_OPTIONS:MKERBEROS} .if ${PORT_OPTIONS:MHEIMDAL} .if ${PORT_OPTIONS:MHEIMDAL_PORT} LIB_DEPENDS+= krb5:${PORTSDIR}/security/heimdal .endif CONFIGURE_ARGS+=--enable-heimdal-krb5 .else LIB_DEPENDS+= krb5:${PORTSDIR}/security/krb5 .endif CONFIGURE_ARGS+=--with-rlm_krb5 .if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) CONFIGURE_ARGS+=--with-rlm-krb5-lib-dir=/usr/lib CONFIGURE_ARGS+=--with-rlm-krb5-include-dir=/usr/include CONFIGURE_ENV+= KRB5LIBS="$$(${KRB5_CONFIG})" .else CONFIGURE_ARGS+=--with-rlm-krb5-lib-dir=${LOCALBASE}/lib CONFIGURE_ARGS+=--with-rlm-krb5-include-dir=${LOCALBASE}/include .endif PLIST_SUB+= KRB5="" .else CONFIGURE_ARGS+=--without-rlm_krb5 PLIST_SUB+= KRB5="@comment " .endif .if ${PORT_OPTIONS:MEDIR} CONFIGURE_ARGS+=--with-edir .if empty(PORT_OPTIONS:MLDAP) PORT_OPTIONS+= LDAP .endif .else CONFIGURE_ARGS+=--without-edir .endif .if ${PORT_OPTIONS:MLDAP} USE_OPENLDAP= YES CONFIGURE_ARGS+=--with-rlm_ldap PLIST_SUB+= LDAP="" _REQUIRE+= slapd .else CONFIGURE_ARGS+=--without-rlm_ldap PLIST_SUB+= LDAP="@comment " .endif .if ${PORT_OPTIONS:MMYSQL} USE_MYSQL= YES CONFIGURE_ARGS+=--with-rlm_sql_mysql PLIST_SUB+= MYSQL="" _REQUIRE+= mysql .else CONFIGURE_ARGS+=--without-rlm_sql_mysql PLIST_SUB+= MYSQL="@comment " .endif .if ${PORT_OPTIONS:MPGSQL} USE_PGSQL= YES CONFIGURE_ARGS+=--with-rlm_sql_postgresql PLIST_SUB+= PGSQL="" _REQUIRE+= postgresql .else CONFIGURE_ARGS+=--without-rlm_sql_postgresql PLIST_SUB+= PGSQL="@comment " .endif .if ${PORT_OPTIONS:MUNIXODBC} CONFIGURE_ARGS+=--with-rlm_sql_unixodbc PLIST_SUB+= UNIXODBC="" LIB_DEPENDS+= odbc:${PORTSDIR}/databases/unixODBC .else CONFIGURE_ARGS+=--without-rlm_sql_unixodbc PLIST_SUB+= UNIXODBC="@comment " .endif .if ${PORT_OPTIONS:MFIREBIRD} USE_FIREBIRD= YES CONFIGURE_ARGS+=--with-rlm_sql_firebird PLIST_SUB+= FIREBIRD="" .else CONFIGURE_ARGS+=--without-rlm_sql_firebird PLIST_SUB+= FIREBIRD="@comment " .endif # Firebird module is still experimental .if ${PORT_OPTIONS:MFIREBIRD} && empty(PORT_OPTIONS:MEXPERIMENTAL) EXPM= yes .endif .if ${PORT_OPTIONS:MPERL} USES+= perl5 CONFIGURE_ARGS+=--with-rlm_perl PLIST_SUB+= RLMPERL="" .else CONFIGURE_ARGS+=--without-perl --without-rlm_perl PLIST_SUB+= RLMPERL="@comment " .endif .if ${PORT_OPTIONS:MPYTHON} USE_PYTHON= yes CONFIGURE_ARGS+=--with-rlm_python \ --with-rlm-python-lib-dir=${PYTHON_LIBDIR} \ --with-rlm-python-include-dir=${PYTHON_INCLUDEDIR} PLIST_SUB+= RLMPYTHON="" .else CONFIGURE_ARGS+=--without-rlm_python PLIST_SUB+= RLMPYTHON="@comment " .endif .if ${PORT_OPTIONS:MRUBY} USE_RUBY= yes CONFIGURE_ARGS+=--with-rlm_ruby PLIST_SUB+= RLMRUBY="" .else CONFIGURE_ARGS+=--without-rlm_ruby --with-ruby=no PLIST_SUB+= RLMRUBY="@comment " .endif # rlm_ruby module is still experimental .if ${PORT_OPTIONS:MRUBY} && empty(PORT_OPTIONS:MEXPERIMENTAL) EXPM= yes .endif # No SMB option yet; rlm_smb is still unbuildable .if ${PORT_OPTIONS:MSMB} LIB_DEPENDS= smbclient:${PORTSDIR}/net/samba-libsmbclient CONFIGURE_ARGS+=--with-rlm_smb CONFIGURE_ARGS+=--with-rlm-smb-lib-dir=${LOCALBASE}/lib CONFIGURE_ARGS+=--with-rlm-smb-include-dir=${LOCALBASE}/include PLIST_SUB+= SMB="" .else CONFIGURE_ARGS+=--without-rlm_smb PLIST_SUB+= SMB="@comment " .endif # SMB module is still experimental .if ${PORT_OPTIONS:MSMB} && empty(PORT_OPTIONS:MEXPERIMENTAL) EXPM= yes .endif .if ${PORT_OPTIONS:MREDIS} LIB_DEPENDS+= hiredis:${PORTSDIR}/databases/hiredis CONFIGURE_ARGS+=--with-rlm_redis --with-rlm_rediswho PLIST_SUB+= RLMREDIS="" .else CONFIGURE_ARGS+=--without-rlm_redis --without-rlm_rediswho PLIST_SUB+= RLMREDIS="@comment " .endif # redis module is still experimental .if ${PORT_OPTIONS:MREDIS} && empty(PORT_OPTIONS:MEXPERIMENTAL) EXPM= yes .endif .if ${PORT_OPTIONS:MREST} IGNORE= requires devel/json-c to be updated to 0.11 to build with RESTful support LIB_DEPENDS+= json:${PORTSDIR}/devel/json-c \ curl:${PORTSDIR}/ftp/curl CONFIGURE_ARGS+=--with-rlm_rest \ --with-libcurl=${LOCALBASE} \ --with-jsonc-lib-dir=${LOCALBASE}/lib \ --with-jsonc-include-dir=${LOCALBASE}/include PLIST_SUB+= RLMREST="" .else CONFIGURE_ARGS+=--without-rlm_rest PLIST_SUB+= RLMREST="@comment " .endif # rest module is still experimental .if ${PORT_OPTIONS:MREST} && empty(PORT_OPTIONS:MEXPERIMENTAL) EXPM= yes .endif .if ${PORT_OPTIONS:MFREETDS} LIB_DEPENDS+= tds:${PORTSDIR}/databases/freetds CONFIGURE_ARGS+=--with-rlm_freetds PLIST_SUB+= RLMFREETDS="" .else CONFIGURE_ARGS+=--without-rlm_freetds PLIST_SUB+= RLMFREETDS="@comment " .endif # freetds module is still experimental .if ${PORT_OPTIONS:MFREETDS} && empty(PORT_OPTIONS:MEXPERIMENTAL) EXPM= yes .endif .if ${PORT_OPTIONS:MIDN} LIB_DEPENDS+= idn:${PORTSDIR}/dns/libidn CONFIGURE_ARGS+=--with-rlm_idn PLIST_SUB+= RLMIDN="" .else CONFIGURE_ARGS+=--without-rlm_idn PLIST_SUB+= RLMIDN="@comment " .endif # freetds module is still experimental .if ${PORT_OPTIONS:MIDN} && empty(PORT_OPTIONS:MEXPERIMENTAL) EXPM= yes .endif .if ${PORT_OPTIONS:MEXPERIMENTAL} || defined(EXPM) CONFIGURE_ARGS+=--with-experimental-modules PLIST_SUB+= EXPM="" .else CONFIGURE_ARGS+=--without-experimental-modules PLIST_SUB+= EXPM="@comment " .endif .if ${PORT_OPTIONS:MDEVELOPER} CONFIGURE_ARGS+=--enable-developer # Turn off compiler optimisations CFLAGS!= ${ECHO} ${CFLAGS} | ${SED} -Ee 's:-O[0-9]?[[:space:]]*::g' .else CONFIGURE_ARGS+=--quiet .endif # Compile in UDPFROMTO support .if ${PORT_OPTIONS:MUDPFROMTO} CONFIGURE_ARGS+=--with-udpfromto .endif .if ${PORT_OPTIONS:MSSL_PORT} WITH_OPENSSL_PORT=yes .endif .include # if we're installing, place sample configs into ${EXAMPLESDIR} .if make(install) MAKE_ENV+= raddbdir="${EXAMPLESDIR}/raddb" .endif .if ${ARCH} == "sparc64" && ${OSVERSION} < 700000 BROKEN= Does not build on sparc64-6 .endif FREERADIUS_LIBDIR= lib/freeradius-${PORTVERSION} PLIST_SUB+= LIBDIR="${FREERADIUS_LIBDIR}" USE_LDCONFIG= ${PREFIX}/${FREERADIUS_LIBDIR} .if empty(PORT_OPTIONS:MDOCS) CONFIGURE_ARGS+=--without-docdir PLIST_SUB+= PORTDOCS="@comment " SUB_LIST+= PORTDOCS="@comment " .else CONFIGURE_ARGS+=--with-docdir=${DOCSDIR} PLIST_SUB+= PORTDOCS="" SUB_LIST+= PORTDOCS="" .endif # This conditionality avoids -L/usr/lib in the radiusd build step when # building with base system OpenSSL .if ${OPENSSLLIB} != "/usr/lib" CONFIGURE_ARGS+=--with-openssl-libraries=${OPENSSLLIB} .endif CONFIGURE_ARGS+=--with-logdir=${LOGDIR} \ --with-openssl-includes=${OPENSSLINC} \ --prefix=${PREFIX} --libdir=${PREFIX}/${FREERADIUS_LIBDIR} \ --localstatedir=/var \ --without-rlm_eap_ikev2 \ --without-rlm_eap_tnc \ --without-rlm_eap2 \ --without-rlm_opendirectory \ --without-rlm_sql_db2 \ --without-rlm_sql_iodbc \ --without-rlm_sql_sqlite \ --without-rlm_sql_sybase \ --without-rlm_yubikey \ --without-rlm_sql_oracle \ --without-rlm_securid \ --with-vmps .if ${ARCH} == amd64 CONFIGURE_ARGS+=--with-pic .endif SUB_LIST+= RADIUS_USER="${RADIUS_USER}" \ RADIUS_GROUP="${RADIUS_GROUP}" \ RADDB_WORK="${WRKSRC}/raddb" \ RADDB="${PREFIX}/etc/raddb" \ LOGDIR="${LOGDIR}" \ LIBDIR="${PREFIX}/${FREERADIUS_LIBDIR}" SUB_FILES+= pkg-install pkg-message MAN1= radclient.1 radeapclient.1 radlast.1 radtest.1 radwho.1 \ radzap.1 smbencrypt.1 MAN5= clients.conf.5 dictionary.5 radiusd.conf.5 radrelay.conf.5 \ rlm_always.5 rlm_attr_filter.5 rlm_chap.5 rlm_counter.5 \ rlm_detail.5 rlm_digest.5 rlm_expr.5 rlm_files.5 rlm_mschap.5 \ rlm_pap.5 rlm_passwd.5 rlm_realm.5 rlm_sql.5 \ rlm_unix.5 unlang.5 users.5 checkrad.5 rlm_idn.5 MAN8= radiusd.8 radmin.8 raddebug.8 radrelay.8 radsqlrelay.8 \ rlm_ippool_tool.8 radconf2xml.8 radcrypt.8 radsniff.8 SUB_LIST+= REQUIRE="${_REQUIRE}" post-patch: @${REINPLACE_CMD} -Ee "s:tests/all.mk ::" ${WRKSRC}/src/all.mk @${CP} ${WRKSRC}/m4/ax_with_prog.m4 ${WRKSRC} @${REINPLACE_CMD} -Ee "s:^make:${GMAKE}:" \ ${WRKSRC}/raddb/certs/bootstrap # Patch raddb/certs/Makefile for the full path to the openssl binary (using # ports OpenSSL if installed) @${REINPLACE_CMD} -E \ -e "s:^([[:space:]])+openssl:\1${OPENSSLBASE}/bin/openssl:g" \ ${WRKSRC}/raddb/certs/Makefile @${REINPLACE_CMD} -Ee 's: ..R...sbindir./rc.radiusd : :' \ ${WRKSRC}/scripts/all.mk # Clean up after the last two operations (so as not to get unwanted files in # raddb) @${FIND} -E ${WRKSRC}/raddb/certs \ -regex '.*/(bootstrap|Makefile)\.(orig|bak)$$' \ -delete # If we're using Heimdal from base, alter the LIBS variable .if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) @${REINPLACE_CMD} -e 's|LIBS|KRB5LIBS|g' ${WRKSRC}/src/modules/rlm_krb5/configure @${REINPLACE_CMD} -e 's|-lkrb5|$$(${KRB5_CONFIG})|g' \ ${WRKSRC}/src/modules/rlm_krb5/configure .endif .if empty(PORT_OPTIONS:MRUBY) @${RM} -fr ${WRKSRC}/src/modules/rlm_ruby/ .endif pre-configure: # Replace -pthread with ${PTHREAD_LIBS} in configure(.in) files @${FIND} -E ${WRKSRC} -regex '.*/configure(\.in)?$$' -exec \ ${REINPLACE_CMD} -e "s:-pthread:${PTHREAD_LIBS}:g" {} \; pre-install: @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} \ PRE-INSTALL post-install: # If ${PREFIX}/etc/raddb isn't a directory (or a symlink), make a copy # of ${EXAMPLESDIR}/raddb as ${PREFIX}/etc/raddb, then bootstrap the # certificates @if ! [ -d ${PREFIX}/etc/raddb -o -L ${PREFIX}/etc/raddb ]; then \ ${CP} -RP ${EXAMPLESDIR}/raddb ${PREFIX}/etc/raddb; \ ${ECHO_MSG} '===> Bootstrapping default certificates, please wait...'; \ ${PREFIX}/etc/raddb/certs/bootstrap >/dev/null 2>&1; \ fi # Set ${PREFIX}/etc/raddb and all the files and folders in it to g-w,o-rwx # (FreeRADIUS will probably complain if this is not done) @${CHMOD} -R g-w,o-rwx ${PREFIX}/etc/raddb @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} \ POST-INSTALL @${CAT} ${PKGMESSAGE} .include Index: head/net/freeradius3/files/patch-rlm_krb5 =================================================================== --- head/net/freeradius3/files/patch-rlm_krb5 (nonexistent) +++ head/net/freeradius3/files/patch-rlm_krb5 (revision 342483) @@ -0,0 +1,894 @@ +--- ./src/modules/rlm_krb5/configure.orig 2014-01-13 20:13:56.000000000 -0500 ++++ ./src/modules/rlm_krb5/configure 2014-02-03 14:45:22.000000000 -0500 +@@ -1468,6 +1468,73 @@ + + } # ac_fn_c_try_link + ++# ac_fn_c_check_func LINENO FUNC VAR ++# ---------------------------------- ++# Tests whether FUNC exists, setting the cache variable VAR accordingly ++ac_fn_c_check_func () ++{ ++ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 ++$as_echo_n "checking for $2... " >&6; } ++if eval \${$3+:} false; then : ++ $as_echo_n "(cached) " >&6 ++else ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++/* Define $2 to an innocuous variant, in case declares $2. ++ For example, HP-UX 11i declares gettimeofday. */ ++#define $2 innocuous_$2 ++ ++/* System header to define __stub macros and hopefully few prototypes, ++ which can conflict with char $2 (); below. ++ Prefer to if __STDC__ is defined, since ++ exists even on freestanding compilers. */ ++ ++#ifdef __STDC__ ++# include ++#else ++# include ++#endif ++ ++#undef $2 ++ ++/* Override any GCC internal prototype to avoid an error. ++ Use char because int might match the return type of a GCC ++ builtin and then its argument prototype would still apply. */ ++#ifdef __cplusplus ++extern "C" ++#endif ++char $2 (); ++/* The GNU C library defines this for functions which it implements ++ to always fail with ENOSYS. Some functions are actually named ++ something starting with __ and the normal name is an alias. */ ++#if defined __stub_$2 || defined __stub___$2 ++choke me ++#endif ++ ++int ++main () ++{ ++return $2 (); ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_link "$LINENO"; then : ++ eval "$3=yes" ++else ++ eval "$3=no" ++fi ++rm -f core conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++fi ++eval ac_res=\$$3 ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 ++$as_echo "$ac_res" >&6; } ++ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno ++ ++} # ac_fn_c_check_func ++ + # ac_fn_c_try_run LINENO + # ---------------------- + # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +@@ -2856,10 +2923,10 @@ + if test "$krb5_config" != 'not-found'; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config CFLAGS" >&5 + $as_echo_n "checking krb5-config CFLAGS... " >&6; } +- SMART_CFLAGS=$($krb5_config --cflags) +- SMART_CFLAGS=$(echo "$SMART_CFLAGS" | sed 's/-I[ ]*/-isystem /g') +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${SMART_CFLAGS}" >&5 +-$as_echo "${SMART_CFLAGS}" >&6; } ++ SMART_CPPFLAGS=$($krb5_config --cflags) ++ SMART_CPPFLAGS=$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g') ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$SMART_CPPFLAGS\"" >&5 ++$as_echo "\"$SMART_CPPFLAGS\"" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config LDFLAGS" >&5 + $as_echo_n "checking krb5-config LDFLAGS... " >&6; } +@@ -2900,7 +2967,7 @@ + + + ac_safe=`echo "krb5.h" | sed 'y%./+-%__pm%'` +-old_CFLAGS="$CFLAGS" ++old_CPPFLAGS="$CPPFLAGS" + smart_include= + smart_include_dir= + +@@ -2908,7 +2975,7 @@ + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5 + $as_echo_n "checking for krb5.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -2937,7 +3004,7 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" = "x"; then +@@ -3003,7 +3070,7 @@ + for try in $smart_include_dir /usr/local/include /opt/include; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5 + $as_echo_n "checking for krb5.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -3032,13 +3099,13 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" != "x"; then + eval "ac_cv_header_$ac_safe=yes" +- CFLAGS="$old_CFLAGS $smart_include" +- SMART_CFLAGS="$SMART_CFLAGS $smart_include" ++ CPPFLAGS="$smart_include $old_CPPFLAGS" ++ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" + fi + + if test "$ac_cv_header_krb5_h" != "yes"; then +@@ -3053,14 +3120,17 @@ + sm_func_safe=`echo "krb5_encrypt_data" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5 + $as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; } +- LIBS="-L$try -lk5crypto $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lk5crypto $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_encrypt_data(); +@@ -3074,7 +3144,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lk5crypto -Wl,-rpath,$try" ++ smart_lib="-lk5crypto" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3087,6 +3158,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -3178,7 +3250,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5 + $as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; } +- LIBS="-L$try -lk5crypto $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lk5crypto $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_encrypt_data(); +@@ -3192,7 +3265,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lk5crypto -Wl,-rpath,$try" ++ smart_lib="-lk5crypto" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3205,12 +3279,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then +@@ -3224,14 +3299,17 @@ + sm_func_safe=`echo "DH_new" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5 + $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; } +- LIBS="-L$try -lcrypto $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lcrypto $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char DH_new(); +@@ -3245,7 +3323,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lcrypto -Wl,-rpath,$try" ++ smart_lib="-lcrypto" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3258,6 +3337,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -3349,7 +3429,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5 + $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; } +- LIBS="-L$try -lcrypto $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lcrypto $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char DH_new(); +@@ -3363,7 +3444,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lcrypto -Wl,-rpath,$try" ++ smart_lib="-lcrypto" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3376,12 +3458,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_crypto_DH_new" = xyes; then +@@ -3400,14 +3483,17 @@ + sm_func_safe=`echo "set_com_err_hook" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5 + $as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; } +- LIBS="-L$try -lcom_err $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lcom_err $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char set_com_err_hook(); +@@ -3421,7 +3507,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lcom_err -Wl,-rpath,$try" ++ smart_lib="-lcom_err" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3434,6 +3521,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -3525,7 +3613,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5 + $as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; } +- LIBS="-L$try -lcom_err $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lcom_err $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char set_com_err_hook(); +@@ -3539,7 +3628,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lcom_err -Wl,-rpath,$try" ++ smart_lib="-lcom_err" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3552,12 +3642,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then +@@ -3571,14 +3662,17 @@ + sm_func_safe=`echo "krb5_verify_user_opt" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_verify_user_opt(); +@@ -3592,7 +3686,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3605,6 +3700,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -3696,7 +3792,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_verify_user_opt(); +@@ -3710,7 +3807,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3723,12 +3821,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" == xyes; then +@@ -3742,14 +3841,17 @@ + sm_func_safe=`echo "krb5_get_init_creds_password" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_get_init_creds_password(); +@@ -3763,7 +3865,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3776,6 +3879,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -3867,7 +3971,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_get_init_creds_password(); +@@ -3881,7 +3986,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3894,12 +4000,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then +@@ -3910,7 +4017,29 @@ + fi + + LDFLAGS="${LDFLAGS} ${SMART_LIBS}" +- CFLAGS="${CFLAGS} ${SMART_CFLAGS}" ++ CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}" ++ ++ for ac_func in krb5_get_error_message krb5_free_error_string krb5_free_error_message ++do : ++ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" ++if eval test \"x\$"$as_ac_var"\" = x"yes"; then : ++ cat >>confdefs.h <<_ACEOF ++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 ++_ACEOF ++ ++fi ++done ++ ++ if test "x$ac_cv_func_krb5_get_error_message" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_GET_ERROR_MESSAGE" ++ fi ++ if test "x$ac_cv_func_krb5_free_error_message" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_MESSAGE" ++ fi ++ if test "x$ac_cv_func_krb5_free_error_string" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_STRING" ++ fi + + if test "$krb5threadsafe" != "no"; then + krb5threadsafe= +@@ -3921,14 +4050,17 @@ + sm_func_safe=`echo "krb5_is_thread_safe" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_is_thread_safe(); +@@ -3942,7 +4074,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3955,6 +4088,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -4046,7 +4180,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_is_thread_safe(); +@@ -4060,7 +4195,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -4073,12 +4209,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" == xyes; then +@@ -4118,7 +4255,7 @@ + + + ac_safe=`echo "com_err.h" | sed 'y%./+-%__pm%'` +-old_CFLAGS="$CFLAGS" ++old_CPPFLAGS="$CPPFLAGS" + smart_include= + smart_include_dir= + +@@ -4126,7 +4263,7 @@ + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5 + $as_echo_n "checking for com_err.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -4155,7 +4292,7 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" = "x"; then +@@ -4221,7 +4358,7 @@ + for try in $smart_include_dir /usr/local/include /opt/include; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5 + $as_echo_n "checking for com_err.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -4250,20 +4387,20 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" != "x"; then + eval "ac_cv_header_$ac_safe=yes" +- CFLAGS="$old_CFLAGS $smart_include" +- SMART_CFLAGS="$SMART_CFLAGS $smart_include" ++ CPPFLAGS="$smart_include $old_CPPFLAGS" ++ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" + fi + + if test "$ac_cv_header_com_err_h" != "yes"; then + + + ac_safe=`echo "et/com_err.h" | sed 'y%./+-%__pm%'` +-old_CFLAGS="$CFLAGS" ++old_CPPFLAGS="$CPPFLAGS" + smart_include= + smart_include_dir= + +@@ -4271,7 +4408,7 @@ + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5 + $as_echo_n "checking for et/com_err.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -4300,7 +4437,7 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" = "x"; then +@@ -4366,7 +4503,7 @@ + for try in $smart_include_dir /usr/local/include /opt/include; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5 + $as_echo_n "checking for et/com_err.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -4395,13 +4532,13 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" != "x"; then + eval "ac_cv_header_$ac_safe=yes" +- CFLAGS="$old_CFLAGS $smart_include" +- SMART_CFLAGS="$SMART_CFLAGS $smart_include" ++ CPPFLAGS="$smart_include $old_CPPFLAGS" ++ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" + fi + + if test "$ac_cv_header_et_com_err_h" != "yes"; then +@@ -4431,8 +4568,8 @@ + fi + fi + +-mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}" +-mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}" ++mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS" ++mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS" + + + +--- ./src/modules/rlm_krb5/configure.ac.orig 2014-01-13 20:13:56.000000000 -0500 ++++ ./src/modules/rlm_krb5/configure.ac 2014-02-03 14:45:22.000000000 -0500 +@@ -31,9 +31,9 @@ + dnl # + if test "$krb5_config" != 'not-found'; then + AC_MSG_CHECKING([krb5-config CFLAGS]) +- SMART_CFLAGS=$($krb5_config --cflags) +- SMART_CFLAGS=[$(echo "$SMART_CFLAGS" | sed 's/-I[ ]*/-isystem /g')] +- AC_MSG_RESULT(${SMART_CFLAGS}) ++ SMART_CPPFLAGS=$($krb5_config --cflags) ++ SMART_CPPFLAGS=[$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')] ++ AC_MSG_RESULT("$SMART_CPPFLAGS") + + AC_MSG_CHECKING([krb5-config LDFLAGS]) + SMART_LIBS=$($krb5_config --libs) +@@ -111,7 +111,21 @@ + dnl # Need to ensure the test program(s) link against the right library + dnl # + LDFLAGS="${LDFLAGS} ${SMART_LIBS}" +- CFLAGS="${CFLAGS} ${SMART_CFLAGS}" ++ CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}" ++ ++ dnl # ++ dnl # Check how to free things returned by krb5_get_error_message ++ dnl # ++ AC_CHECK_FUNCS([krb5_get_error_message krb5_free_error_string krb5_free_error_message]) ++ if test "x$ac_cv_func_krb5_get_error_message" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_GET_ERROR_MESSAGE" ++ fi ++ if test "x$ac_cv_func_krb5_free_error_message" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_MESSAGE" ++ fi ++ if test "x$ac_cv_func_krb5_free_error_string" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_STRING" ++ fi + + dnl # + dnl # Only check if version checks have not found kerberos to be thread unsafe +@@ -160,8 +174,8 @@ + fi + fi + +-mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}" +-mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}" ++mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS" ++mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS" + + AC_SUBST(mod_ldflags) + AC_SUBST(mod_cflags) +--- ./src/modules/rlm_krb5/krb5.c.orig 2014-01-13 20:13:56.000000000 -0500 ++++ ./src/modules/rlm_krb5/krb5.c 2014-02-03 14:47:32.000000000 -0500 +@@ -15,19 +15,19 @@ + */ + + /** +- * $Id: 81ed1d4bd3c41b41042141caa8e862d51f1f75df $ ++ * $Id: c830bff1cbb89a9e3faf56a3275b9ba00c5b57d0 $ + * @file krb5.h + * @brief Context management functions for rlm_krb5 + * + * @copyright 2013 The FreeRADIUS server project + * @copyright 2013 Arran Cudbard-Bell + */ +-RCSID("$Id: 81ed1d4bd3c41b41042141caa8e862d51f1f75df $") ++RCSID("$Id: c830bff1cbb89a9e3faf56a3275b9ba00c5b57d0 $") + + #include + #include "krb5.h" + +-#ifdef HEIMDAL_KRB5 ++#ifdef HAVE_KRB5_GET_ERROR_MESSAGE + # define KRB5_STRERROR_BUFSIZE (2048) + + fr_thread_local_setup(char *, krb5_error_buffer) /* macro */ +@@ -60,7 +60,7 @@ + + ret = fr_thread_local_set(krb5_error_buffer, buffer); + if (ret != 0) { +- ERROR("Failed setting up TLS for krb5 error buffer: %s", fr_syserror(ret)); ++ ERROR("Failed setting up TLS for krb5 error buffer."); + free(buffer); + return NULL; + } +@@ -69,7 +69,13 @@ + msg = krb5_get_error_message(context, code); + if (msg) { + strlcpy(buffer, msg, KRB5_STRERROR_BUFSIZE); ++#ifdef HAVE_KRB5_FREE_ERROR_MESSAGE + krb5_free_error_message(context, msg); ++#elif defined(HAVE_KRB5_FREE_ERROR_STRING) ++ krb5_free_error_string(context, msg); ++#else ++# error "No way to free error strings, missing krb5_free_error_message() and krb5_free_error_string()" ++#endif + } else { + strlcpy(buffer, "Unknown error", KRB5_STRERROR_BUFSIZE); + } +--- ./src/modules/rlm_krb5/krb5.h.orig 2014-01-13 20:13:56.000000000 -0500 ++++ ./src/modules/rlm_krb5/krb5.h 2014-02-03 14:45:22.000000000 -0500 +@@ -15,14 +15,14 @@ + */ + + /** +- * $Id: 37805a2a2d917fd3ecea904afa6b15958c235509 $ ++ * $Id: 59b1f8526e121f9de1c88dcd9cba4386255b722a $ + * @file krb5.h + * @brief types and function signatures for rlm_krb5. + * + * @copyright 2013 The FreeRADIUS server project + * @copyright 2013 Arran Cudbard-Bell + */ +-RCSIDH(krb5_h, "$Id: 37805a2a2d917fd3ecea904afa6b15958c235509 $") ++RCSIDH(krb5_h, "$Id: 59b1f8526e121f9de1c88dcd9cba4386255b722a $") + + #if defined(KRB5_IS_THREAD_SAFE) && !defined(HAVE_PTHREAD_H) + # undef KRB5_IS_THREAD_SAFE +@@ -79,7 +79,7 @@ + * MIT Kerberos uses comm_err, so the macro just expands to a call + * to error_message. + */ +-#ifndef HEIMDAL_KRB5 ++#ifndef HAVE_KRB5_GET_ERROR_MESSAGE + # ifdef ET_COMM_ERR + # include + # else +--- ./src/modules/rlm_krb5/rlm_krb5.c.orig 2014-01-13 20:13:56.000000000 -0500 ++++ ./src/modules/rlm_krb5/rlm_krb5.c 2014-02-03 14:45:22.000000000 -0500 +@@ -15,7 +15,7 @@ + */ + + /** +- * $Id: 4c96eb58baaf37c8bc7701ba772c09752ee0505c $ ++ * $Id: caf186e694151905d607447151fa65e429fb95e3 $ + * @file rlm_krb5.c + * @brief Authenticate users, retrieving their TGT from a Kerberos V5 TDC. + * +@@ -24,7 +24,7 @@ + * @copyright 2000 Nathan Neulinger + * @copyright 2000 Alan DeKok + */ +-RCSID("$Id: 4c96eb58baaf37c8bc7701ba772c09752ee0505c $") ++RCSID("$Id: caf186e694151905d607447151fa65e429fb95e3 $") + + #include + #include +@@ -84,7 +84,7 @@ + + #ifndef KRB5_IS_THREAD_SAFE + if (!krb5_is_thread_safe()) { +- DEBUGI("libkrb5 is not threadsafe, recompile it, and the server with thread support enabled"); ++ WDEBUG("libkrb5 is not threadsafe, recompile it, and the server with thread support enabled"); + WDEBUG("rlm_krb5 will run in single threaded mode, performance may be degraded"); + } else { + WDEBUG("Build time libkrb5 was not threadsafe, but run time library claims to be"); +@@ -331,8 +331,9 @@ + break; + + case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: +- RDEBUG("User not found: %s (%i)", ret, rlm_krb5_error(conn->context, ret)); ++ RDEBUG("User not found (%i): %s", ret, rlm_krb5_error(conn->context, ret)); + rcode = RLM_MODULE_NOTFOUND; ++ break; + + default: + REDEBUG("Error verifying credentials (%i): %s", ret, rlm_krb5_error(conn->context, ret)); Property changes on: head/net/freeradius3/files/patch-rlm_krb5 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/net/freeradius3/files/patch-udpfromtofix =================================================================== --- head/net/freeradius3/files/patch-udpfromtofix (nonexistent) +++ head/net/freeradius3/files/patch-udpfromtofix (revision 342483) @@ -0,0 +1,61 @@ +From d51c75c1ce24dbbb1045b1e72a3c89729ca91016 Mon Sep 17 00:00:00 2001 +From: Arran Cudbard-Bell +Date: Tue, 28 Jan 2014 14:25:19 +0000 +Subject: [PATCH] Don't use IP_SENDSRCADDR (in sendfromto) if on FreeBSD and + the socket were using is bound to a specific IP + +FreeBSD is extra pedantic about the use of IP_SENDSRCADDR, and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used with a socket which is bound to something other than INADDR_ANY. +--- + src/lib/udpfromto.c | 31 ++++++++++++++++++++++++++++++- + 1 file changed, 30 insertions(+), 1 deletion(-) + +diff --git a/src/lib/udpfromto.c b/src/lib/udpfromto.c +index 680e354..b022136 100644 +--- src/lib/udpfromto.c ++++ src/lib/udpfromto.c +@@ -292,12 +292,41 @@ int sendfromto(int s, void *buf, size_t len, int flags, + struct iovec iov; + char cbuf[256]; + +-#if !defined(IP_PKTINFO) && !defined(IP_SENDSRCADDR) && !defined(IPV6_PKTINFO) ++#ifdef __FreeBSD__ ++ /* ++ * FreeBSD is extra pedantic about the use of IP_SENDSRCADDR, ++ * and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used ++ * with a socket which is bound to something other than ++ * INADDR_ANY ++ */ ++ struct sockaddr bound; ++ socklen_t bound_len = sizeof(bound); ++ ++ if (getsockname(s, &bound, &bound_len) < 0) { ++ return -1; ++ } ++ ++ switch (bound.sa_family) { ++ case AF_INET: ++ if (((struct sockaddr_in *) &bound)->sin_addr.s_addr != INADDR_ANY) { ++ from = NULL; ++ } ++ break; ++ ++ case AF_INET6: ++ if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr)) { ++ from = NULL; ++ } ++ break; ++ } ++#else ++# if !defined(IP_PKTINFO) && !defined(IP_SENDSRCADDR) && !defined(IPV6_PKTINFO) + /* + * If the sendmsg() flags aren't defined, fall back to + * using sendto(). + */ + from = NULL; ++# endif + #endif + + /* +-- +1.8.5.1 + Property changes on: head/net/freeradius3/files/patch-udpfromtofix ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property