+AC_TCP_WRAPPER
+AC_SUBST(LIBWRAP)
+
+if test "$enable_gss" = yes; then
+ dnl 'gss' also depends on nfsidmap.h - at least for svcgssd_proc.c
+ AC_CHECK_HEADERS(nfsidmap.h, ,[AC_MSG_ERROR(libnfsidmap needed for gss support)])
+
+ dnl Checks for Kerberos
+ dnl NOTE: while we intend to do generic gss-api, currently we
+ dnl have a requirement to get an initial Kerberos machine
+ dnl credential. Thus, the requirement for Kerberos.
+ dnl The Kerberos gssapi library will be dynamically loaded?
+ AC_MSG_CHECKING(for Kerberos v5)
+ AC_ARG_WITH(krb5,
+ [ --with-krb5=DIR use Kerberos v5 installation in DIR],
+ [ case "$withval" in
+ yes|no)
+ krb5_with=""
+ ;;
+ *)
+ krb5_with="$withval"
+ ;;
+ esac ]
+ )
+
+ for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \
+ /usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do
+ dnl This ugly hack brought on by the split installation of
+ dnl MIT Kerberos on Fedora Core 1
+ K5CONFIG=""
+ if test -f $dir/bin/krb5-config; then
+ K5CONFIG=$dir/bin/krb5-config
+ elif test -f "/usr/kerberos/bin/krb5-config"; then
+ K5CONFIG="/usr/kerberos/bin/krb5-config"
+ fi
+ if test "$K5CONFIG" != ""; then
+ KRBINC=`$K5CONFIG --cflags`
+ KRBLIB=`$K5CONFIG --libs gssapi`
+ K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($4,v,"."); if (v[[3]] == "") v[[3]] = "0"; print v[[1]]v[[2]]v[[3]] }'`
+ AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
+ if test -f $dir/include/gssapi/gssapi_krb5.h -a \
+ \( -f $dir/lib/libgssapi_krb5.a -o \
+ -f $dir/lib/libgssapi_krb5.so \) ; then
+ AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
+ KRBDIR="$dir"
+ dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the
+ dnl private function (gss_krb5_ccache_name) to get correct
+ dnl behavior of changing the ccache used by gssapi.
+ dnl Starting in 1.3.2, we *DO NOT* want to use
+ dnl gss_krb5_ccache_name, instead we want to set KRB5CCNAME
+ dnl to get gssapi to use a different ccache
+ if test $K5VERS -le 131; then
+ AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable])
+ fi
+ gssapi_lib=gssapi_krb5
+ break
+ dnl The following ugly hack brought on by the split installation
+ dnl of Heimdal Kerberos on SuSe
+ elif test \( -f $dir/include/heim_err.h -o\
+ -f $dir/include/heimdal/heim_err.h \) -a \
+ -f $dir/lib/libroken.a; then
+ AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
+ KRBDIR="$dir"
+ gssapi_lib=gssapi
+ break
+ fi
+ CFLAGS=$CFLAGS `$K5CONFIG --cflags`
+ fi
+ done
+ dnl We didn't find a usable Kerberos environment
+ if test "x$KRBDIR" = "x"; then
+ if test "x$krb5_with" = "x"; then
+ AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
+ else
+ AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with)
+ fi
+ fi
+ CFLAGS="$CFLAGS `$K5CONFIG --cflags`"
+ AC_MSG_RESULT($KRBDIR)
+
+ dnl Now check for functions within gssapi library
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context,
+ AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIB)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes,
+ AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIB)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name,
+ AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIB)
+
+ dnl If they specified a directory and it didn't work, give them a warning
+ if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
+ AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!)
+ fi
+
+ dnl This is not done until here because we need to have KRBLIB set
+ dnl "librpcsecgss=1" is so that it doesn't get added to LIBS
+ AC_CHECK_LIB(rpcsecgss, authgss_create_default, [librpcsecgss=1], [AC_MSG_ERROR(librpcsecgss needed for nfsv4 support)], $KRBLIB)
+ AC_CHECK_LIB(rpcsecgss, authgss_set_debug_level,
+ AC_DEFINE(HAVE_AUTHGSS_SET_DEBUG_LEVEL, 1, [Define this if the rpcsec_gss library has the function authgss_set_debug_level]),, $KRBLIB)
+
+ AC_SUBST([KRBDIR])
+ AC_SUBST([KRBLIB])
+ AC_SUBST([KRBINC])
+ AC_SUBST([K5VERS])
+fi
+