Lines 1-112
Link Here
|
1 |
dnl Checks for Kerberos |
|
|
2 |
dnl NOTE: while we intend to do generic gss-api, currently we |
3 |
dnl have a requirement to get an initial Kerberos machine |
4 |
dnl credential. Thus, the requirement for Kerberos. |
5 |
dnl The Kerberos gssapi library will be dynamically loaded? |
6 |
AC_DEFUN([AC_KERBEROS_V5],[ |
1 |
AC_DEFUN([AC_KERBEROS_V5],[ |
|
|
2 |
K5CONFIG="krb5-config" |
7 |
AC_MSG_CHECKING(for Kerberos v5) |
3 |
AC_MSG_CHECKING(for Kerberos v5) |
8 |
AC_ARG_WITH(krb5, |
4 |
AC_ARG_WITH(krb5-config, |
9 |
[AC_HELP_STRING([--with-krb5=DIR], [use Kerberos v5 installation in DIR])], |
5 |
[AC_HELP_STRING([--with-krb5-config=PATH], [Full Path to krb5-config.])], |
10 |
[ case "$withval" in |
6 |
[ case "$withval" in |
11 |
yes|no) |
7 |
yes|no) |
12 |
krb5_with="" |
8 |
K5CONFIG="krb5-config" |
13 |
;; |
9 |
;; |
14 |
*) |
10 |
*) |
15 |
krb5_with="$withval" |
11 |
K5CONFIG="$withval" |
16 |
;; |
12 |
;; |
17 |
esac ] |
13 |
esac ] |
18 |
) |
14 |
) |
19 |
|
15 |
|
20 |
for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \ |
|
|
21 |
/usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do |
22 |
dnl This ugly hack brought on by the split installation of |
23 |
dnl MIT Kerberos on Fedora Core 1 |
24 |
K5CONFIG="" |
25 |
if test -f $dir/bin/krb5-config; then |
26 |
K5CONFIG=$dir/bin/krb5-config |
27 |
elif test -f "/usr/kerberos/bin/krb5-config"; then |
28 |
K5CONFIG="/usr/kerberos/bin/krb5-config" |
29 |
elif test -f "/usr/lib/mit/bin/krb5-config"; then |
30 |
K5CONFIG="/usr/lib/mit/bin/krb5-config" |
31 |
fi |
32 |
if test "$K5CONFIG" != ""; then |
16 |
if test "$K5CONFIG" != ""; then |
33 |
KRBCFLAGS=`$K5CONFIG --cflags` |
17 |
KRBCFLAGS=`$K5CONFIG --cflags` |
34 |
KRBLIBS=`$K5CONFIG --libs gssapi` |
18 |
KRBLIBS=`$K5CONFIG --libs gssapi` |
35 |
K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` |
19 |
if $K5CONFIG --version | grep -q -e heimdal; then |
36 |
AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number]) |
20 |
K5VERS=`$K5CONFIG --version | head -n 1 | cut -f2 -d ' ' | tr -d '.'` |
37 |
if test -f $dir/include/gssapi/gssapi_krb5.h -a \ |
21 |
AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries]) |
38 |
\( -f $dir/lib/libgssapi_krb5.a -o \ |
22 |
gssapi_lib=gssapi |
39 |
-f $dir/lib64/libgssapi_krb5.a -o \ |
23 |
KRBIMPL="heimdal" |
40 |
-f $dir/lib64/libgssapi_krb5.so -o \ |
24 |
elif $K5CONFIG --version | grep -q -e mit; then |
41 |
-f $dir/lib/libgssapi_krb5.so \) ; then |
25 |
K5VERS=`$K5CONFIG --version | head -n 1 | cut -f4 -d ' ' | tr -d '.'` |
42 |
AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries]) |
26 |
AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries]) |
43 |
KRBDIR="$dir" |
|
|
44 |
dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the |
45 |
dnl private function (gss_krb5_ccache_name) to get correct |
46 |
dnl behavior of changing the ccache used by gssapi. |
47 |
dnl Starting in 1.3.2, we *DO NOT* want to use |
48 |
dnl gss_krb5_ccache_name, instead we want to set KRB5CCNAME |
49 |
dnl to get gssapi to use a different ccache |
50 |
if test $K5VERS -le 131; then |
27 |
if test $K5VERS -le 131; then |
51 |
AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable]) |
28 |
AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable]) |
52 |
fi |
29 |
fi |
53 |
gssapi_lib=gssapi_krb5 |
30 |
gssapi_lib=gssapi_krb5 |
54 |
break |
31 |
KRBIMPL="mit-krb5" |
55 |
dnl The following ugly hack brought on by the split installation |
|
|
56 |
dnl of Heimdal Kerberos on SuSe |
57 |
elif test \( -f $dir/include/heim_err.h -o\ |
58 |
-f $dir/include/heimdal/heim_err.h \) -a \ |
59 |
-f $dir/lib/libroken.a; then |
60 |
AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries]) |
61 |
KRBDIR="$dir" |
62 |
gssapi_lib=gssapi |
63 |
break |
64 |
fi |
65 |
fi |
66 |
done |
67 |
dnl We didn't find a usable Kerberos environment |
68 |
if test "x$KRBDIR" = "x"; then |
69 |
if test "x$krb5_with" = "x"; then |
70 |
AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=) |
71 |
else |
32 |
else |
72 |
AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with) |
33 |
AC_MSG_ERROR(Unknown Kerberos 5 Implementation. Is neither heimdal or mit-krb5.) |
73 |
fi |
34 |
KRBIMPL="unknown" |
74 |
fi |
35 |
fi |
75 |
AC_MSG_RESULT($KRBDIR) |
36 |
AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number]) |
76 |
|
|
|
77 |
dnl Check if -rpath=$(KRBDIR)/lib is needed |
78 |
echo "The current KRBDIR is $KRBDIR" |
79 |
if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \ |
80 |
-o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then |
81 |
KRBLDFLAGS=""; |
82 |
elif /sbin/ldconfig -p | grep > /dev/null "=> $KRBDIR/lib/"; then |
83 |
KRBLDFLAGS=""; |
84 |
else |
85 |
KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib" |
86 |
fi |
37 |
fi |
|
|
38 |
AC_MSG_RESULT($KRBIMPL) |
87 |
|
39 |
|
88 |
dnl Now check for functions within gssapi library |
40 |
AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS) |
89 |
AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, |
41 |
AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes, AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS) |
90 |
AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS) |
42 |
AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS) |
91 |
AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes, |
43 |
AC_CHECK_LIB($gssapi_lib, krb5_get_error_message, AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS) |
92 |
AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS) |
44 |
AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless, AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS) |
93 |
AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name, |
|
|
94 |
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS) |
95 |
|
96 |
dnl Check for newer error message facility |
97 |
AC_CHECK_LIB($gssapi_lib, krb5_get_error_message, |
98 |
AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS) |
99 |
|
45 |
|
100 |
dnl Check for function to specify addressless tickets |
|
|
101 |
AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless, |
102 |
AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS) |
103 |
|
104 |
dnl If they specified a directory and it didn't work, give them a warning |
105 |
if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then |
106 |
AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!) |
107 |
fi |
108 |
|
109 |
AC_SUBST([KRBDIR]) |
110 |
AC_SUBST([KRBLIBS]) |
46 |
AC_SUBST([KRBLIBS]) |
111 |
AC_SUBST([KRBCFLAGS]) |
47 |
AC_SUBST([KRBCFLAGS]) |
112 |
AC_SUBST([KRBLDFLAGS]) |
48 |
AC_SUBST([KRBLDFLAGS]) |