Attachment #160032 for bug #231396

View | Details | Raw Unified | Return to bug 231396 | Differences between
Collapse All | Expand All




dnl Checks for Kerberos
dnl NOTE: while we intend to do generic gss-api, currently we
dnl have a requirement to get an initial Kerberos machine
dnl credential.  Thus, the requirement for Kerberos.
dnl The Kerberos gssapi library will be dynamically loaded?
AC_DEFUN([AC_KERBEROS_V5],[
  K5CONFIG="krb5-config"
  AC_MSG_CHECKING(for Kerberos v5)
  AC_ARG_WITH(krb5-config,
  [AC_HELP_STRING([--with-krb5-config=PATH], [Full Path to krb5-config.])],
  [ case "$withval" in
    yes|no)
       K5CONFIG="krb5-config"
       ;;
    *)
       K5CONFIG="$withval"
       ;;
    esac ]
  )

  for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \
  	     /usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do
    dnl This ugly hack brought on by the split installation of
    dnl MIT Kerberos on Fedora Core 1
    K5CONFIG=""
    if test -f $dir/bin/krb5-config; then
      K5CONFIG=$dir/bin/krb5-config
    elif test -f "/usr/kerberos/bin/krb5-config"; then
      K5CONFIG="/usr/kerberos/bin/krb5-config"
    elif test -f "/usr/lib/mit/bin/krb5-config"; then
      K5CONFIG="/usr/lib/mit/bin/krb5-config"
    fi
    if test "$K5CONFIG" != ""; then
      KRBCFLAGS=`$K5CONFIG --cflags`
      KRBLIBS=`$K5CONFIG --libs gssapi`
    if $K5CONFIG --version | grep -q -e heimdal; then
      K5VERS=`$K5CONFIG --version | head -n 1 | cut -f2 -d ' ' | tr -d '.'`
      AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
      gssapi_lib=gssapi
      KRBIMPL="heimdal"
    elif $K5CONFIG --version | grep -q -e mit; then
      K5VERS=`$K5CONFIG --version | head -n 1 | cut -f4 -d ' ' | tr -d '.'`
         AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
         KRBDIR="$dir"
  dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the
  dnl private function (gss_krb5_ccache_name) to get correct
  dnl behavior of changing the ccache used by gssapi.
  dnl Starting in 1.3.2, we *DO NOT* want to use
  dnl gss_krb5_ccache_name, instead we want to set KRB5CCNAME
  dnl to get gssapi to use a different ccache
         if test $K5VERS -le 131; then
           AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable])
         fi
         gssapi_lib=gssapi_krb5
      KRBIMPL="mit-krb5"
      dnl The following ugly hack brought on by the split installation
      dnl of Heimdal Kerberos on SuSe
      elif test \( -f $dir/include/heim_err.h -o\
      		 -f $dir/include/heimdal/heim_err.h \) -a \
                -f $dir/lib/libroken.a; then
         AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
         KRBDIR="$dir"
         gssapi_lib=gssapi
        break
      fi
    fi
  done
  dnl We didn't find a usable Kerberos environment
  if test "x$KRBDIR" = "x"; then
    if test "x$krb5_with" = "x"; then
      AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
    else
      AC_MSG_ERROR(Unknown Kerberos 5 Implementation. Is neither heimdal or mit-krb5.)
      KRBIMPL="unknown"
  fi
    AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])

  dnl Check if -rpath=$(KRBDIR)/lib is needed
  echo "The current KRBDIR is $KRBDIR"
  if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \
       -o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then
    KRBLDFLAGS="";
  elif /sbin/ldconfig -p | grep > /dev/null "=> $KRBDIR/lib/"; then
    KRBLDFLAGS="";
  else
    KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib"
  fi
  AC_MSG_RESULT($KRBIMPL)

  AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS)
  AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes, AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)
  AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)
  AC_CHECK_LIB($gssapi_lib, krb5_get_error_message, AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)
  AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless, AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS)
  AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name,
    AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)

  dnl Check for newer error message facility
  AC_CHECK_LIB($gssapi_lib, krb5_get_error_message,
    AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)

  dnl Check for function to specify addressless tickets
  AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless,
    AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS)

  dnl If they specified a directory and it didn't work, give them a warning
  if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
    AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!)
  fi

  AC_SUBST([KRBDIR])
  AC_SUBST([KRBLIBS])
  AC_SUBST([KRBCFLAGS])
  AC_SUBST([KRBLDFLAGS])

Return to bug 231396

Lines 1-112 Link Here

(-)nfs-utils-1.1.2.orig/aclocal/kerberos5.m4 (-86 / +22 lines)
1	dnl Checks for Kerberos
2	dnl NOTE: while we intend to do generic gss-api, currently we
3	dnl have a requirement to get an initial Kerberos machine
4	dnl credential. Thus, the requirement for Kerberos.
5	dnl The Kerberos gssapi library will be dynamically loaded?
6	AC_DEFUN([AC_KERBEROS_V5],[	1	AC_DEFUN([AC_KERBEROS_V5],[
		2	K5CONFIG="krb5-config"
7	AC_MSG_CHECKING(for Kerberos v5)	3	AC_MSG_CHECKING(for Kerberos v5)
8	AC_ARG_WITH(krb5,	4	AC_ARG_WITH(krb5-config,
9	[AC_HELP_STRING([--with-krb5=DIR], [use Kerberos v5 installation in DIR])],	5	[AC_HELP_STRING([--with-krb5-config=PATH], [Full Path to krb5-config.])],
10	[ case "$withval" in	6	[ case "$withval" in
11	yes\|no)	7	yes\|no)
12	krb5_with=""	8	K5CONFIG="krb5-config"
13	;;	9	;;
14	*)	10	*)
15	krb5_with="$withval"	11	K5CONFIG="$withval"
16	;;	12	;;
17	esac ]	13	esac ]
18	)	14	)
19		15
20	for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \
21	/usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do
22	dnl This ugly hack brought on by the split installation of
23	dnl MIT Kerberos on Fedora Core 1
24	K5CONFIG=""
25	if test -f $dir/bin/krb5-config; then
26	K5CONFIG=$dir/bin/krb5-config
27	elif test -f "/usr/kerberos/bin/krb5-config"; then
28	K5CONFIG="/usr/kerberos/bin/krb5-config"
29	elif test -f "/usr/lib/mit/bin/krb5-config"; then
30	K5CONFIG="/usr/lib/mit/bin/krb5-config"
31	fi
32	if test "$K5CONFIG" != ""; then	16	if test "$K5CONFIG" != ""; then
33	KRBCFLAGS=`$K5CONFIG --cflags`	17	KRBCFLAGS=`$K5CONFIG --cflags`
34	KRBLIBS=`$K5CONFIG --libs gssapi`	18	KRBLIBS=`$K5CONFIG --libs gssapi`
35	K5VERS=`$K5CONFIG --version \| head -n 1 \| awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`	19	if $K5CONFIG --version \| grep -q -e heimdal; then
36	AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])	20	K5VERS=`$K5CONFIG --version \| head -n 1 \| cut -f2 -d ' ' \| tr -d '.'`
37	if test -f $dir/include/gssapi/gssapi_krb5.h -a \	21	AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
38	\( -f $dir/lib/libgssapi_krb5.a -o \	22	gssapi_lib=gssapi
39	-f $dir/lib64/libgssapi_krb5.a -o \	23	KRBIMPL="heimdal"
40	-f $dir/lib64/libgssapi_krb5.so -o \	24	elif $K5CONFIG --version \| grep -q -e mit; then
41	-f $dir/lib/libgssapi_krb5.so \) ; then	25	K5VERS=`$K5CONFIG --version \| head -n 1 \| cut -f4 -d ' ' \| tr -d '.'`
42	AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])	26	AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
43	KRBDIR="$dir"
44	dnl If we are using MIT K5 1.3.1 and before, we MUST use the
45	dnl private function (gss_krb5_ccache_name) to get correct
46	dnl behavior of changing the ccache used by gssapi.
47	dnl Starting in 1.3.2, we DO NOT want to use
48	dnl gss_krb5_ccache_name, instead we want to set KRB5CCNAME
49	dnl to get gssapi to use a different ccache
50	if test $K5VERS -le 131; then	27	if test $K5VERS -le 131; then
51	AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable])	28	AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable])
52	fi	29	fi
53	gssapi_lib=gssapi_krb5	30	gssapi_lib=gssapi_krb5
54	break	31	KRBIMPL="mit-krb5"
55	dnl The following ugly hack brought on by the split installation
56	dnl of Heimdal Kerberos on SuSe
57	elif test \( -f $dir/include/heim_err.h -o\
58	-f $dir/include/heimdal/heim_err.h \) -a \
59	-f $dir/lib/libroken.a; then
60	AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
61	KRBDIR="$dir"
62	gssapi_lib=gssapi
63	break
64	fi
65	fi
66	done
67	dnl We didn't find a usable Kerberos environment
68	if test "x$KRBDIR" = "x"; then
69	if test "x$krb5_with" = "x"; then
70	AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
71	else	32	else
72	AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with)	33	AC_MSG_ERROR(Unknown Kerberos 5 Implementation. Is neither heimdal or mit-krb5.)
73	fi	34	KRBIMPL="unknown"
74	fi	35	fi
75	AC_MSG_RESULT($KRBDIR)	36	AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
76
77	dnl Check if -rpath=$(KRBDIR)/lib is needed
78	echo "The current KRBDIR is $KRBDIR"
79	if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \
80	-o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then
81	KRBLDFLAGS="";
82	elif /sbin/ldconfig -p \| grep > /dev/null "=> $KRBDIR/lib/"; then
83	KRBLDFLAGS="";
84	else
85	KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib"
86	fi	37	fi
		38	AC_MSG_RESULT($KRBIMPL)
87		39
88	dnl Now check for functions within gssapi library	40	AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS)
89	AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context,	41	AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes, AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)
90	AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS)	42	AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)
91	AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes,	43	AC_CHECK_LIB($gssapi_lib, krb5_get_error_message, AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)
92	AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)	44	AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless, AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS)
93	AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name,
94	AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)
95
96	dnl Check for newer error message facility
97	AC_CHECK_LIB($gssapi_lib, krb5_get_error_message,
98	AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)
99		45
100	dnl Check for function to specify addressless tickets
101	AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless,
102	AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS)
103
104	dnl If they specified a directory and it didn't work, give them a warning
105	if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
106	AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!)
107	fi
108
109	AC_SUBST([KRBDIR])
110	AC_SUBST([KRBLIBS])	46	AC_SUBST([KRBLIBS])
111	AC_SUBST([KRBCFLAGS])	47	AC_SUBST([KRBCFLAGS])
112	AC_SUBST([KRBLDFLAGS])	48	AC_SUBST([KRBLDFLAGS])