summaryrefslogtreecommitdiffstats
path: root/aclocal/kerberos5.m4
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--aclocal/kerberos5.m4114
1 files changed, 114 insertions, 0 deletions
diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4
new file mode 100644
index 0000000..f96f0fd
--- /dev/null
+++ b/aclocal/kerberos5.m4
@@ -0,0 +1,114 @@
+dnl Checks for Kerberos
+dnl NOTE: while we intend to do generic gss-api, currently we
+dnl have a requirement to get an initial Kerberos machine
+dnl credential. Thus, the requirement for Kerberos.
+dnl The Kerberos gssapi library will be dynamically loaded?
+AC_DEFUN([AC_KERBEROS_V5],[
+ AC_MSG_CHECKING(for Kerberos v5)
+ AC_ARG_WITH(krb5,
+ [AS_HELP_STRING([--with-krb5=DIR],[use Kerberos v5 installation in DIR])],
+ [ case "$withval" in
+ yes|no)
+ krb5_with=""
+ ;;
+ *)
+ krb5_with="$withval"
+ ;;
+ esac ]
+ )
+
+ for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \
+ /usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do
+ dnl This ugly hack brought on by the split installation of
+ dnl MIT Kerberos on Fedora Core 1
+ K5CONFIG=""
+ if test -f $dir/bin/krb5-config; then
+ K5CONFIG=$dir/bin/krb5-config
+ elif test -f "/usr/kerberos/bin/krb5-config"; then
+ K5CONFIG="/usr/kerberos/bin/krb5-config"
+ elif test -f "/usr/lib/mit/bin/krb5-config"; then
+ K5CONFIG="/usr/lib/mit/bin/krb5-config"
+ fi
+ if test "$K5CONFIG" != ""; then
+ KRBCFLAGS=`$K5CONFIG --cflags`
+ KRBLIBS=`$K5CONFIG --libs`
+ GSSKRB_CFLAGS=`$K5CONFIG --cflags gssapi`
+ GSSKRB_LIBS=`$K5CONFIG --libs gssapi`
+ K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
+ AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
+ if test -f $dir/include/gssapi/gssapi_krb5.h -a \
+ \( -f $dir/lib/libgssapi_krb5.a -o \
+ -f $dir/lib/libgssapi_krb5.so -o \
+ -f $dir/lib32/libgssapi_krb5.a -o \
+ -f $dir/lib32/libgssapi_krb5.so -o \
+ -f $dir/lib64/libgssapi_krb5.a -o \
+ -f $dir/lib64/libgssapi_krb5.so -o \
+ -f $dir/lib/$(uname -m)-linux-gnu/libgssapi_krb5.a -o \
+ -f $dir/lib/$(uname -m)-linux-gnu/libgssapi_krb5.so \) ; then
+ AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
+ KRBDIR="$dir"
+ gssapi_lib=gssapi_krb5
+ break
+ dnl The following ugly hack brought on by the split installation
+ dnl of Heimdal Kerberos on SuSe
+ elif test \( -f $dir/include/heim_err.h -o\
+ -f $dir/include/heimdal/heim_err.h \) -a \
+ -f $dir/lib/libroken.a; then
+ AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
+ KRBDIR="$dir"
+ gssapi_lib=gssapi
+ break
+ fi
+ fi
+ done
+ dnl We didn't find a usable Kerberos environment
+ if test "x$KRBDIR" = "x"; then
+ if test "x$krb5_with" = "x"; then
+ AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
+ else
+ AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with)
+ fi
+ fi
+ AC_MSG_RESULT($KRBDIR)
+
+ dnl Check if -rpath=$(KRBDIR)/lib is needed
+ echo "The current KRBDIR is $KRBDIR"
+ if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \
+ -o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then
+ KRBLDFLAGS="";
+ elif /sbin/ldconfig -p | grep > /dev/null "=> $KRBDIR/lib/"; then
+ KRBLDFLAGS="";
+ else
+ KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib"
+ fi
+
+ dnl Now check for functions within gssapi library
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context,
+ AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes,
+ AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_free_lucid_sec_context,
+ AC_DEFINE(HAVE_GSS_KRB5_FREE_LUCID_SEC_CONTEXT, 1, [Define this if the Kerberos GSS library supports gss_krb5_free_lucid_sec_context]), ,$KRBLIBS)
+
+ dnl Check for newer error message facility
+ AC_CHECK_LIB($gssapi_lib, krb5_get_error_message,
+ AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)
+
+ dnl Check for function to specify addressless tickets
+ AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless,
+ AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS)
+
+ dnl If they specified a directory and it didn't work, give them a warning
+ if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
+ AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!)
+ fi
+
+ AC_SUBST([KRBDIR])
+ AC_SUBST([KRBLIBS])
+ AC_SUBST([KRBCFLAGS])
+ AC_SUBST([KRBLDFLAGS])
+ AC_SUBST([K5VERS])
+ AC_SUBST([GSSKRB_CFLAGS])
+ AC_SUBST([GSSKRB_LIBS])
+
+])