summaryrefslogtreecommitdiffstats
path: root/aclocal/kerberos5.m4
blob: f96f0fd44e6ba77ada23424be00da211a34f9a0f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
dnl Checks for Kerberos
dnl NOTE: while we intend to do generic gss-api, currently we
dnl have a requirement to get an initial Kerberos machine
dnl credential.  Thus, the requirement for Kerberos.
dnl The Kerberos gssapi library will be dynamically loaded?
AC_DEFUN([AC_KERBEROS_V5],[
  AC_MSG_CHECKING(for Kerberos v5)
  AC_ARG_WITH(krb5,
  [AS_HELP_STRING([--with-krb5=DIR],[use Kerberos v5 installation in DIR])],
  [ case "$withval" in
    yes|no)
       krb5_with=""
       ;;
    *)
       krb5_with="$withval"
       ;;
    esac ]
  )

  for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \
  	     /usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do
    dnl This ugly hack brought on by the split installation of
    dnl MIT Kerberos on Fedora Core 1
    K5CONFIG=""
    if test -f $dir/bin/krb5-config; then
      K5CONFIG=$dir/bin/krb5-config
    elif test -f "/usr/kerberos/bin/krb5-config"; then
      K5CONFIG="/usr/kerberos/bin/krb5-config"
    elif test -f "/usr/lib/mit/bin/krb5-config"; then
      K5CONFIG="/usr/lib/mit/bin/krb5-config"
    fi
    if test "$K5CONFIG" != ""; then
      KRBCFLAGS=`$K5CONFIG --cflags`
      KRBLIBS=`$K5CONFIG --libs`
      GSSKRB_CFLAGS=`$K5CONFIG --cflags gssapi`
      GSSKRB_LIBS=`$K5CONFIG --libs gssapi`
      K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
      AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
      if test -f $dir/include/gssapi/gssapi_krb5.h -a \
                \( -f $dir/lib/libgssapi_krb5.a -o \
                   -f $dir/lib/libgssapi_krb5.so -o \
                   -f $dir/lib32/libgssapi_krb5.a -o \
                   -f $dir/lib32/libgssapi_krb5.so -o \
                   -f $dir/lib64/libgssapi_krb5.a -o \
                   -f $dir/lib64/libgssapi_krb5.so -o \
                   -f $dir/lib/$(uname -m)-linux-gnu/libgssapi_krb5.a -o \
                   -f $dir/lib/$(uname -m)-linux-gnu/libgssapi_krb5.so \) ; then
         AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
         KRBDIR="$dir"
         gssapi_lib=gssapi_krb5
         break
      dnl The following ugly hack brought on by the split installation
      dnl of Heimdal Kerberos on SuSe
      elif test \( -f $dir/include/heim_err.h -o\
      		 -f $dir/include/heimdal/heim_err.h \) -a \
                -f $dir/lib/libroken.a; then
         AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
         KRBDIR="$dir"
         gssapi_lib=gssapi
        break
      fi
    fi
  done
  dnl We didn't find a usable Kerberos environment
  if test "x$KRBDIR" = "x"; then
    if test "x$krb5_with" = "x"; then
      AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
    else
      AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with)
    fi
  fi
  AC_MSG_RESULT($KRBDIR)

  dnl Check if -rpath=$(KRBDIR)/lib is needed
  echo "The current KRBDIR is $KRBDIR"
  if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \
       -o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then
    KRBLDFLAGS="";
  elif /sbin/ldconfig -p | grep > /dev/null "=> $KRBDIR/lib/"; then
    KRBLDFLAGS="";
  else
    KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib"
  fi

  dnl Now check for functions within gssapi library
  AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context,
    AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS)
  AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes,
    AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)
  AC_CHECK_LIB($gssapi_lib, gss_krb5_free_lucid_sec_context,
    AC_DEFINE(HAVE_GSS_KRB5_FREE_LUCID_SEC_CONTEXT, 1, [Define this if the Kerberos GSS library supports gss_krb5_free_lucid_sec_context]), ,$KRBLIBS)

  dnl Check for newer error message facility
  AC_CHECK_LIB($gssapi_lib, krb5_get_error_message,
    AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)

  dnl Check for function to specify addressless tickets
  AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless,
    AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS)

  dnl If they specified a directory and it didn't work, give them a warning
  if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
    AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!)
  fi

  AC_SUBST([KRBDIR])
  AC_SUBST([KRBLIBS])
  AC_SUBST([KRBCFLAGS])
  AC_SUBST([KRBLDFLAGS])
  AC_SUBST([K5VERS])
  AC_SUBST([GSSKRB_CFLAGS])
  AC_SUBST([GSSKRB_LIBS])

])