# Determine whether this platform supports GSSAPI. # Copyright (c) 2001, 2002, 2003 # Derek R. Price, Ximbiot , # and the Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # 02111-1307, USA. # ACX_WITH_GSSAPI # ------------------- # Determine whether this platform supports GSSAPI. AC_DEFUN([ACX_WITH_GSSAPI],[ # # Use --with-gssapi[=DIR] to enable GSSAPI support. # # defaults to enabled with DIR in default list below # # Search for /SUNHEA/ and read the comments about this default below. # AC_ARG_WITH( [gssapi], AC_HELP_STRING( [--with-gssapi], [GSSAPI directory (default autoselects)]), , [with_gssapi=yes])dnl dnl dnl FIXME - cache withval and obliterate later cache values when options change dnl # # Try to locate a GSSAPI installation if no location was specified, assuming # GSSAPI was enabled (the default). # if test -n "$acx_gssapi_cv_gssapi"; then # Granted, this is a slightly ugly way to print this info, but the # AC_CHECK_HEADER used in the search for a GSSAPI installation makes using # AC_CACHE_CHECK worse AC_MSG_CHECKING([for GSSAPI]) else :; fi AC_CACHE_VAL([acx_gssapi_cv_gssapi], [ if test x$with_gssapi = xyes; then # --with but no location specified # assume a gssapi.h or gssapi/gssapi.h locates our install. # # This isn't always strictly true. For instance Solaris 7's SUNHEA (header) # package installs gssapi.h whether or not the necessary libraries are # installed. I'm still not sure whether to consider this a bug. The long # way around is to not consider GSSPAI installed unless gss_import_name is # found, but that brings up a lot of other hassles, like continuing to let # gcc & ld generate the error messages when the user uses --with-gssapi=dir # as a debugging aid. The short way around is to disable GSSAPI by default, # but I think Sun users have been faced with this for awhile and I haven't # heard many complaints. acx_gssapi_save_CPPFLAGS=$CPPFLAGS for acx_gssapi_cv_gssapi in yes /usr/kerberos /usr/cygnus/kerbnet no; do if test x$acx_gssapi_cv_gssapi = xno; then break fi if test x$acx_gssapi_cv_gssapi = xyes; then AC_MSG_CHECKING([for GSSAPI]) AC_MSG_RESULT([]) else CPPFLAGS="$acx_gssapi_save_CPPFLAGS -I$acx_gssapi_cv_gssapi/include" AC_MSG_CHECKING([for GSSAPI in $acx_gssapi_cv_gssapi]) AC_MSG_RESULT([]) fi unset ac_cv_header_gssapi_h unset ac_cv_header_gssapi_gssapi_h unset ac_cv_header_krb5_h AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h krb5.h]) if (test "$ac_cv_header_gssapi_h" = yes || test "$ac_cv_header_gssapi_gssapi_h" = yes) && test "$ac_cv_header_krb5_h" = yes; then break fi done CPPFLAGS=$acx_gssapi_save_CPPFLAGS else acx_gssapi_cv_gssapi=$with_gssapi fi AC_MSG_CHECKING([for GSSAPI]) ])dnl AC_MSG_RESULT([$acx_gssapi_cv_gssapi]) # # Set up GSSAPI includes for later use. We don't bother to check for # $acx_gssapi_cv_gssapi=no here since that will be caught later. # if test x$acx_gssapi_cv_gssapi = xyes; then # no special includes necessary GSSAPI_INCLUDES="" else # GSSAPI at $acx_gssapi_cv_gssapi (could be 'no') GSSAPI_INCLUDES=" -I$acx_gssapi_cv_gssapi/include" fi # # Get the rest of the information CVS needs to compile with GSSAPI support # if test x$acx_gssapi_cv_gssapi != xno; then # define HAVE_GSSAPI and set up the includes AC_DEFINE([HAVE_GSSAPI], , [Define if you have GSSAPI with Kerberos version 5 available.]) CPPFLAGS=$CPPFLAGS$GSSAPI_INCLUDES cvs_client_objects="$cvs_client_objects gssapi-client.o" # locate any other headers dnl We don't use HAVE_KRB5_H anywhere, but including it here might make it dnl easier to spot errors by reading configure output AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h gssapi/gssapi_generic.h krb5.h]) # And look through them for GSS_C_NT_HOSTBASED_SERVICE or its alternatives AC_CACHE_CHECK( [for GSS_C_NT_HOSTBASED_SERVICE], [acx_gssapi_cv_gss_c_nt_hostbased_service], [ acx_gssapi_cv_gss_c_nt_hostbased_service=no if test "$ac_cv_header_gssapi_h" = "yes"; then AC_EGREP_HEADER( [GSS_C_NT_HOSTBASED_SERVICE], [gssapi.h], [acx_gssapi_cv_gss_c_nt_hostbased_service=yes], [ AC_EGREP_HEADER( [gss_nt_service_name], [gssapi.h], [acx_gssapi_cv_gss_c_nt_hostbased_service=gss_nt_service_name]) ]) fi if test $acx_gssapi_cv_gss_c_nt_hostbased_service = no && test "$ac_cv_header_gssapi_gssapi_h" = "yes"; then AC_EGREP_HEADER( [GSS_C_NT_HOSTBASED_SERVICE], [gssapi/gssapi.h], [acx_gssapi_cv_gss_c_nt_hostbased_service=yes], [ AC_EGREP_HEADER([gss_nt_service_name], [gssapi/gssapi.h], [acx_gssapi_cv_gss_c_nt_hostbased_service=gss_nt_service_name]) ]) else :; fi if test $acx_gssapi_cv_gss_c_nt_hostbased_service = no && test "$ac_cv_header_gssapi_gssapi_generic_h" = "yes"; then AC_EGREP_HEADER( [GSS_C_NT_HOSTBASED_SERVICE], [gssapi/gssapi_generic.h], [acx_gssapi_cv_gss_c_nt_hostbased_service=yes], [ AC_EGREP_HEADER( [gss_nt_service_name], [gssapi/gssapi_generic.h], [acx_gssapi_cv_gss_c_nt_hostbased_service=gss_nt_service_name]) ]) else :; fi ]) if test $acx_gssapi_cv_gss_c_nt_hostbased_service != yes && test $acx_gssapi_cv_gss_c_nt_hostbased_service != no; then # don't define for yes since that means it already means something and # don't define for no since we'd rather the compiler catch the error # It's debatable whether we'd prefer that the compiler catch the error # - it seems our estranged developer is more likely to be familiar with # the intricacies of the compiler than with those of autoconf, but by # the same token, maybe we'd rather alert them to the fact that most # of the support they need to fix the problem is installed if they can # simply locate the appropriate symbol. AC_DEFINE_UNQUOTED( [GSS_C_NT_HOSTBASED_SERVICE], [$acx_gssapi_cv_gss_c_nt_hostbased_service], [Define to an alternative value if GSS_C_NT_HOSTBASED_SERVICE isn't defined in the gssapi.h header file. MIT Kerberos 1.2.1 requires this. Only relevant when using GSSAPI.]) else :; fi # Expect the libs to be installed parallel to the headers # # We could try once with and once without, but I'm not sure it's worth the # trouble. if test x$acx_gssapi_cv_gssapi != xyes; then if test -z "$LIBS"; then LIBS="-L$acx_gssapi_cv_gssapi/lib" else LIBS="-L$acx_gssapi_cv_gssapi/lib $LIBS" fi else :; fi dnl What happens if we want to enable, say, krb5 and some other GSSAPI dnl authentication method at the same time? # # Some of the order below is particular due to library dependencies # # # des Heimdal K 0.3d, but Heimdal seems to be set up such # that it could have been installed from elsewhere. # AC_SEARCH_LIBS([des_set_odd_parity], [des]) # # com_err Heimdal K 0.3d # # com_err MIT K5 v1.2.2-beta1 # AC_SEARCH_LIBS([com_err], [com_err]) # # asn1 Heimdal K 0.3d -lcom_err # AC_SEARCH_LIBS([initialize_asn1_error_table_r], [asn1]) # # resolv required, but not installed by Heimdal K 0.3d # # resolv MIT K5 1.2.2-beta1 # Linux 2.2.17 # AC_SEARCH_LIBS([__dn_expand], [resolv]) # # crypto Need by gssapi under FreeBSD 5.4 # AC_SEARCH_LIBS([RC4], [crypto]) # # crypt Needed by roken under FreeBSD 4.6. # AC_SEARCH_LIBS([crypt], [crypt]) # # roken Heimdal K 0.3d -lresolv # roken FreeBSD 4.6 -lcrypt # AC_SEARCH_LIBS([roken_gethostbyaddr], [roken]) # # k5crypto MIT K5 v1.2.2-beta1 # AC_SEARCH_LIBS([valid_enctype], [k5crypto]) # # gen ? ? ? Needed on Irix 5.3 with some # Irix 5.3 version of Kerberos. I'm not # sure which since Irix didn't # get any testing this time # around. Original comment: # # This is necessary on Irix 5.3, in order to link against libkrb5 -- # there, an_to_ln.o refers to things defined only in -lgen. # AC_SEARCH_LIBS([compile], [gen]) # # krb5 ? ? ? -lgen -l??? # Irix 5.3 # # krb5 MIT K5 v1.1.1 # # krb5 MIT K5 v1.2.2-beta1 -lcrypto -lcom_err # Linux 2.2.17 # # krb5 MIT K5 v1.2.2-beta1 -lcrypto -lcom_err -lresolv # # krb5 Heimdal K 0.3d -lasn1 -lroken -ldes # AC_SEARCH_LIBS([krb5_free_context], [krb5]) # # gssapi_krb5 Only lib needed with MIT K5 v1.2.1, so find it first in # order to prefer MIT Kerberos. If both MIT & Heimdal # Kerberos are installed and in the path, this will leave # some of the libraries above in LIBS unnecessarily, but # noone would ever do that, right? # # gssapi_krb5 MIT K5 v1.2.2-beta1 -lkrb5 # # gssapi Heimdal K 0.3d -lkrb5 # AC_SEARCH_LIBS([gss_import_name], [gssapi_krb5 gssapi]) fi ])dnl