X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=aclocal%2Fkerberos5.m4;fp=aclocal%2Fkerberos5.m4;h=44e99b00847015e5de8cbcf5f83b309f3bc23f23;hb=ac5b03be829b4c9369ebfb07a688308721103228;hp=0000000000000000000000000000000000000000;hpb=371ca25167a217d647971384c37aa3fcee8a4aef;p=nfs-utils.git diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4 new file mode 100644 index 0000000..44e99b0 --- /dev/null +++ b/aclocal/kerberos5.m4 @@ -0,0 +1,91 @@ +dnl Checks for Kerberos +dnl NOTE: while we intend to do generic gss-api, currently we +dnl have a requirement to get an initial Kerberos machine +dnl credential. Thus, the requirement for Kerberos. +dnl The Kerberos gssapi library will be dynamically loaded? +AC_DEFUN([AC_KERBEROS_V5],[ + AC_MSG_CHECKING(for Kerberos v5) + AC_ARG_WITH(krb5, + [AC_HELP_STRING([--with-krb5=DIR], [use Kerberos v5 installation in DIR])], + [ case "$withval" in + yes|no) + krb5_with="" + ;; + *) + krb5_with="$withval" + ;; + esac ] + ) + + for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \ + /usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do + dnl This ugly hack brought on by the split installation of + dnl MIT Kerberos on Fedora Core 1 + K5CONFIG="" + if test -f $dir/bin/krb5-config; then + K5CONFIG=$dir/bin/krb5-config + elif test -f "/usr/kerberos/bin/krb5-config"; then + K5CONFIG="/usr/kerberos/bin/krb5-config" + fi + if test "$K5CONFIG" != ""; then + KRBCFLAGS=`$K5CONFIG --cflags` + KRBLIBS=`$K5CONFIG --libs gssapi` + K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` + AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number]) + if test -f $dir/include/gssapi/gssapi_krb5.h -a \ + \( -f $dir/lib/libgssapi_krb5.a -o \ + -f $dir/lib/libgssapi_krb5.so \) ; then + AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries]) + KRBDIR="$dir" + dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the + dnl private function (gss_krb5_ccache_name) to get correct + dnl behavior of changing the ccache used by gssapi. + dnl Starting in 1.3.2, we *DO NOT* want to use + dnl gss_krb5_ccache_name, instead we want to set KRB5CCNAME + dnl to get gssapi to use a different ccache + if test $K5VERS -le 131; then + AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable]) + fi + gssapi_lib=gssapi_krb5 + break + dnl The following ugly hack brought on by the split installation + dnl of Heimdal Kerberos on SuSe + elif test \( -f $dir/include/heim_err.h -o\ + -f $dir/include/heimdal/heim_err.h \) -a \ + -f $dir/lib/libroken.a; then + AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries]) + KRBDIR="$dir" + gssapi_lib=gssapi + break + fi + fi + done + dnl We didn't find a usable Kerberos environment + if test "x$KRBDIR" = "x"; then + if test "x$krb5_with" = "x"; then + AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=) + else + AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with) + fi + fi + AC_MSG_RESULT($KRBDIR) + + dnl Now check for functions within gssapi library + AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, + AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS) + AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes, + AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS) + AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name, + AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS) + + dnl If they specified a directory and it didn't work, give them a warning + if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then + AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!) + fi + + AC_SUBST([KRBDIR]) + AC_SUBST([KRBLIBS]) + AC_SUBST([KRBCFLAGS]) + AC_SUBST([K5VERS]) + +])