diff options
Diffstat (limited to '')
-rw-r--r-- | aclocal/kerberos5.m4 | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4 new file mode 100644 index 0000000..f96f0fd --- /dev/null +++ b/aclocal/kerberos5.m4 @@ -0,0 +1,114 @@ +dnl Checks for Kerberos +dnl NOTE: while we intend to do generic gss-api, currently we +dnl have a requirement to get an initial Kerberos machine +dnl credential. Thus, the requirement for Kerberos. +dnl The Kerberos gssapi library will be dynamically loaded? +AC_DEFUN([AC_KERBEROS_V5],[ + AC_MSG_CHECKING(for Kerberos v5) + AC_ARG_WITH(krb5, + [AS_HELP_STRING([--with-krb5=DIR],[use Kerberos v5 installation in DIR])], + [ case "$withval" in + yes|no) + krb5_with="" + ;; + *) + krb5_with="$withval" + ;; + esac ] + ) + + for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \ + /usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do + dnl This ugly hack brought on by the split installation of + dnl MIT Kerberos on Fedora Core 1 + K5CONFIG="" + if test -f $dir/bin/krb5-config; then + K5CONFIG=$dir/bin/krb5-config + elif test -f "/usr/kerberos/bin/krb5-config"; then + K5CONFIG="/usr/kerberos/bin/krb5-config" + elif test -f "/usr/lib/mit/bin/krb5-config"; then + K5CONFIG="/usr/lib/mit/bin/krb5-config" + fi + if test "$K5CONFIG" != ""; then + KRBCFLAGS=`$K5CONFIG --cflags` + KRBLIBS=`$K5CONFIG --libs` + GSSKRB_CFLAGS=`$K5CONFIG --cflags gssapi` + GSSKRB_LIBS=`$K5CONFIG --libs gssapi` + K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` + AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number]) + if test -f $dir/include/gssapi/gssapi_krb5.h -a \ + \( -f $dir/lib/libgssapi_krb5.a -o \ + -f $dir/lib/libgssapi_krb5.so -o \ + -f $dir/lib32/libgssapi_krb5.a -o \ + -f $dir/lib32/libgssapi_krb5.so -o \ + -f $dir/lib64/libgssapi_krb5.a -o \ + -f $dir/lib64/libgssapi_krb5.so -o \ + -f $dir/lib/$(uname -m)-linux-gnu/libgssapi_krb5.a -o \ + -f $dir/lib/$(uname -m)-linux-gnu/libgssapi_krb5.so \) ; then + AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries]) + KRBDIR="$dir" + gssapi_lib=gssapi_krb5 + break + dnl The following ugly hack brought on by the split installation + dnl of Heimdal Kerberos on SuSe + elif test \( -f $dir/include/heim_err.h -o\ + -f $dir/include/heimdal/heim_err.h \) -a \ + -f $dir/lib/libroken.a; then + AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries]) + KRBDIR="$dir" + gssapi_lib=gssapi + break + fi + fi + done + dnl We didn't find a usable Kerberos environment + if test "x$KRBDIR" = "x"; then + if test "x$krb5_with" = "x"; then + AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=) + else + AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with) + fi + fi + AC_MSG_RESULT($KRBDIR) + + dnl Check if -rpath=$(KRBDIR)/lib is needed + echo "The current KRBDIR is $KRBDIR" + if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \ + -o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then + KRBLDFLAGS=""; + elif /sbin/ldconfig -p | grep > /dev/null "=> $KRBDIR/lib/"; then + KRBLDFLAGS=""; + else + KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib" + fi + + dnl Now check for functions within gssapi library + AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, + AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS) + AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes, + AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS) + AC_CHECK_LIB($gssapi_lib, gss_krb5_free_lucid_sec_context, + AC_DEFINE(HAVE_GSS_KRB5_FREE_LUCID_SEC_CONTEXT, 1, [Define this if the Kerberos GSS library supports gss_krb5_free_lucid_sec_context]), ,$KRBLIBS) + + dnl Check for newer error message facility + AC_CHECK_LIB($gssapi_lib, krb5_get_error_message, + AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS) + + dnl Check for function to specify addressless tickets + AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless, + AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS) + + dnl If they specified a directory and it didn't work, give them a warning + if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then + AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!) + fi + + AC_SUBST([KRBDIR]) + AC_SUBST([KRBLIBS]) + AC_SUBST([KRBCFLAGS]) + AC_SUBST([KRBLDFLAGS]) + AC_SUBST([K5VERS]) + AC_SUBST([GSSKRB_CFLAGS]) + AC_SUBST([GSSKRB_LIBS]) + +]) |