- dnl Checks for Kerberos
- dnl NOTE: while we intend to do generic gss-api, currently we
- dnl have a requirement to get an initial Kerberos machine
- dnl credential. Thus, the requirement for Kerberos.
- dnl The Kerberos gssapi library will be dynamically loaded?
- AC_MSG_CHECKING(for Kerberos v5)
- AC_ARG_WITH(krb5,
- [ --with-krb5=DIR use Kerberos v5 installation in DIR],
- [ case "$withval" in
- yes|no)
- krb5_with=""
- ;;
- *)
- krb5_with="$withval"
- ;;
- esac ]
- )
-
- for dir in $krb5_with /usr/kerberos /usr/local /usr/local/krb5 /usr/krb5 \
- /usr/heimdal /usr/local/heimdal /usr/athena /usr ; do
- dnl This ugly hack brought on by the split installation of
- dnl MIT Kerberos on Fedora Core 1
- K5CONFIG=""
- if test -f $dir/bin/krb5-config; then
- K5CONFIG=$dir/bin/krb5-config
- elif test -f "/usr/kerberos/bin/krb5-config"; then
- K5CONFIG="/usr/kerberos/bin/krb5-config"
- fi
- if test "$K5CONFIG" != ""; then
- if test -f $dir/include/gssapi/gssapi_krb5.h -a \
- \( -f $dir/lib/libgssapi_krb5.a -o \
- -f $dir/lib/libgssapi_krb5.so \) ; then
- AC_DEFINE(HAVE_KRB5)
- KRBDIR="$dir"
- K5VERS=`$K5CONFIG --version | awk '{split($4,v,"."); print v[[1]]v[[2]]v[[3]] }'`
- AC_DEFINE_UNQUOTED(KRB5_VERSION,$K5VERS)
- KRBLIB=`$K5CONFIG --libs gssapi`
- if test $K5VERS -le 131; then
- AC_DEFINE(USE_PRIVATE_KRB5_FUNCTIONS)
- fi
- AC_CHECK_LIB(gssapi_krb5, gss_krb5_export_lucid_sec_context,
- AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT),,$KRBLIB)
- AC_CHECK_LIB(gssapi_krb5, gss_krb5_set_allowable_enctypes,
- AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES),,$KRBLIB)
- AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
- AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME),,$KRBLIB)
- break
- dnl The following ugly hack brought on by the split installation
- dnl of Heimdal Kerberos on SuSe
- elif test \( -f $dir/include/heim_err.h -o\
- -f $dir/include/heimdal/heim_err.h \) -a \
- -f $dir/lib/libroken.a; then
- AC_DEFINE(HAVE_HEIMDAL)
- KRBDIR="$dir"
- K5VERS=`$K5CONFIG --version | head -1 | awk '{split($2,v,"."); print v[[1]]v[[2]]v[[3]] }'`
- AC_DEFINE_UNQUOTED(KRB5_VERSION,$K5VERS)
- KRBLIB=`$K5CONFIG --libs gssapi`
- AC_CHECK_LIB(gssapi, gss_krb5_export_lucid_sec_context,
- AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT),,$KRBLIB)
- AC_CHECK_LIB(gssapi, gss_krb5_set_allowable_enctypes,
- AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES),,$KRBLIB)
- AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
- AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME),,$KRBLIB)
- break
- fi
- CFLAGS=$CFLAGS `K5CONFIG --cflags`
- fi
- done
- dnl We didn't find a usable Kerberos environment
- if test "x$KRBDIR" = "x"; then
- if test "x$krb5_with" = "x"; then
- AC_MSG_ERROR(Kerberos v5 with GSS support not found)
- else
- AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with)
- fi
- fi
- AC_MSG_RESULT($KRBDIR)
- dnl If they specified a directory and it didn't work, give them a warning
- if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
- AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!)
- fi
-
- AC_SUBST([KRBDIR])
- AC_SUBST([KRBLIB])
- AC_SUBST([K5VERS])
+ dnl 'gss' also depends on nfsidmap.h - at least for svcgssd_proc.c
+ AC_CHECK_HEADERS(nfsidmap.h, ,AC_MSG_ERROR([libnfsidmap needed for gss support]))
+ AC_CHECK_HEADERS(spkm3.h, ,AC_MSG_WARN([could not locate SPKM3 header; will not have SPKM3 support]))
+ dnl the nfs4_set_debug function doesn't appear in all version of the library
+ AC_CHECK_LIB(nfsidmap, nfs4_set_debug,
+ AC_DEFINE(HAVE_NFS4_SET_DEBUG,1,
+ [Whether nfs4_set_debug() is present in libnfsidmap]),)
+
+ dnl Check for Kerberos V5
+ AC_KERBEROS_V5
+
+ dnl This is not done until here because we need to have KRBLIBS set
+ dnl ("librpcsecgss=1" is so that it doesn't get added to LIBS)
+ AC_CHECK_LIB(rpcsecgss, authgss_create_default, [librpcsecgss=1], AC_MSG_ERROR([librpcsecgss needed for nfsv4 support]), -lgssapi -ldl)
+ AC_CHECK_LIB(rpcsecgss, authgss_set_debug_level,
+ AC_DEFINE(HAVE_AUTHGSS_SET_DEBUG_LEVEL, 1, [Define this if the rpcsec_gss library has the function authgss_set_debug_level]),, -lgssapi -ldl)
+