1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
diff -NaurwB nfs-utils-1.1.2.orig/aclocal/kerberos5.m4 nfs-utils-1.1.2/aclocal/kerberos5.m4
--- nfs-utils-1.1.2.orig/aclocal/kerberos5.m4 2008-03-14 16:46:29.000000000 +0100
+++ nfs-utils-1.1.2/aclocal/kerberos5.m4 2008-06-12 17:13:51.000000000 +0200
@@ -1,112 +1,48 @@
-dnl Checks for Kerberos
-dnl NOTE: while we intend to do generic gss-api, currently we
-dnl have a requirement to get an initial Kerberos machine
-dnl credential. Thus, the requirement for Kerberos.
-dnl The Kerberos gssapi library will be dynamically loaded?
AC_DEFUN([AC_KERBEROS_V5],[
+ K5CONFIG="krb5-config"
AC_MSG_CHECKING(for Kerberos v5)
- AC_ARG_WITH(krb5,
- [AC_HELP_STRING([--with-krb5=DIR], [use Kerberos v5 installation in DIR])],
+ AC_ARG_WITH(krb5-config,
+ [AC_HELP_STRING([--with-krb5-config=PATH], [Full Path to krb5-config.])],
[ case "$withval" in
yes|no)
- krb5_with=""
+ K5CONFIG="krb5-config"
;;
*)
- krb5_with="$withval"
+ K5CONFIG="$withval"
;;
esac ]
)
- for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \
- /usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do
- dnl This ugly hack brought on by the split installation of
- dnl MIT Kerberos on Fedora Core 1
- K5CONFIG=""
- if test -f $dir/bin/krb5-config; then
- K5CONFIG=$dir/bin/krb5-config
- elif test -f "/usr/kerberos/bin/krb5-config"; then
- K5CONFIG="/usr/kerberos/bin/krb5-config"
- elif test -f "/usr/lib/mit/bin/krb5-config"; then
- K5CONFIG="/usr/lib/mit/bin/krb5-config"
- fi
if test "$K5CONFIG" != ""; then
KRBCFLAGS=`$K5CONFIG --cflags`
KRBLIBS=`$K5CONFIG --libs gssapi`
- K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
- AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
- if test -f $dir/include/gssapi/gssapi_krb5.h -a \
- \( -f $dir/lib/libgssapi_krb5.a -o \
- -f $dir/lib64/libgssapi_krb5.a -o \
- -f $dir/lib64/libgssapi_krb5.so -o \
- -f $dir/lib/libgssapi_krb5.so \) ; then
+ if $K5CONFIG --version | grep -q -e heimdal; then
+ K5VERS=`$K5CONFIG --version | head -n 1 | cut -f2 -d ' ' | tr -d '.'`
+ AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
+ gssapi_lib=gssapi
+ KRBIMPL="heimdal"
+ elif $K5CONFIG --version | grep -q -e mit; then
+ K5VERS=`$K5CONFIG --version | head -n 1 | cut -f4 -d ' ' | tr -d '.'`
AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
- KRBDIR="$dir"
- dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the
- dnl private function (gss_krb5_ccache_name) to get correct
- dnl behavior of changing the ccache used by gssapi.
- dnl Starting in 1.3.2, we *DO NOT* want to use
- dnl gss_krb5_ccache_name, instead we want to set KRB5CCNAME
- dnl to get gssapi to use a different ccache
if test $K5VERS -le 131; then
AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable])
fi
gssapi_lib=gssapi_krb5
- break
- dnl The following ugly hack brought on by the split installation
- dnl of Heimdal Kerberos on SuSe
- elif test \( -f $dir/include/heim_err.h -o\
- -f $dir/include/heimdal/heim_err.h \) -a \
- -f $dir/lib/libroken.a; then
- AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
- KRBDIR="$dir"
- gssapi_lib=gssapi
- break
- fi
- fi
- done
- dnl We didn't find a usable Kerberos environment
- if test "x$KRBDIR" = "x"; then
- if test "x$krb5_with" = "x"; then
- AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
+ KRBIMPL="mit-krb5"
else
- AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with)
- fi
+ AC_MSG_ERROR(Unknown Kerberos 5 Implementation. Is neither heimdal or mit-krb5.)
+ KRBIMPL="unknown"
fi
- AC_MSG_RESULT($KRBDIR)
-
- dnl Check if -rpath=$(KRBDIR)/lib is needed
- echo "The current KRBDIR is $KRBDIR"
- if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \
- -o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then
- KRBLDFLAGS="";
- elif /sbin/ldconfig -p | grep > /dev/null "=> $KRBDIR/lib/"; then
- KRBLDFLAGS="";
- else
- KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib"
+ AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
fi
+ AC_MSG_RESULT($KRBIMPL)
- dnl Now check for functions within gssapi library
- AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context,
- AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS)
- AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes,
- AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)
- AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name,
- AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)
-
- dnl Check for newer error message facility
- AC_CHECK_LIB($gssapi_lib, krb5_get_error_message,
- AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes, AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, krb5_get_error_message, AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless, AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS)
- dnl Check for function to specify addressless tickets
- AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless,
- AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS)
-
- dnl If they specified a directory and it didn't work, give them a warning
- if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
- AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!)
- fi
-
- AC_SUBST([KRBDIR])
AC_SUBST([KRBLIBS])
AC_SUBST([KRBCFLAGS])
AC_SUBST([KRBLDFLAGS])
|