1*43c1707eStholo/* This program is free software; you can redistribute it and/or modify 2*43c1707eStholo it under the terms of the GNU General Public License as published by 3*43c1707eStholo the Free Software Foundation; either version 2, or (at your option) 4*43c1707eStholo any later version. 5*43c1707eStholo 6*43c1707eStholo This program is distributed in the hope that it will be useful, 7*43c1707eStholo but WITHOUT ANY WARRANTY; without even the implied warranty of 8*43c1707eStholo MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 9*43c1707eStholo GNU General Public License for more details. */ 10*43c1707eStholo 11*43c1707eStholoAC_DEFUN(ACX_WITH_GSSAPI,[ 12*43c1707eStholo# 13*43c1707eStholo# Use --with-gssapi[=DIR] to enable GSSAPI support. 14*43c1707eStholo# 15*43c1707eStholo# defaults to enabled with DIR in default list below 16*43c1707eStholo# 17*43c1707eStholo# Search for /SUNHEA/ and read the comments about this default below. 18*43c1707eStholo# 19*43c1707eStholoAC_ARG_WITH([gssapi], 20*43c1707eStholo [ --with-gssapi=value GSSAPI directory], 21*43c1707eStholo [acx_gssapi_withgssapi=$withval], [acx_gssapi_withgssapi=yes])dnl 22*43c1707eStholo 23*43c1707eStholodnl 24*43c1707eStholodnl FIXME - cache withval and obliterate later cache values when options change 25*43c1707eStholodnl 26*43c1707eStholo# 27*43c1707eStholo# Try to locate a GSSAPI installation if no location was specified, assuming 28*43c1707eStholo# GSSAPI was enabled (the default). 29*43c1707eStholo# 30*43c1707eStholoif test -n "$acx_gssapi_cv_gssapi"; then 31*43c1707eStholo # Granted, this is a slightly ugly way to print this info, but the 32*43c1707eStholo # AC_CHECK_HEADER used in the search for a GSSAPI installation makes using 33*43c1707eStholo # AC_CACHE_CHECK worse 34*43c1707eStholo AC_MSG_CHECKING([for GSSAPI]) 35*43c1707eStholoelse :; fi 36*43c1707eStholoAC_CACHE_VAL([acx_gssapi_cv_gssapi], [ 37*43c1707eStholoif test x$acx_gssapi_withgssapi = xyes; then 38*43c1707eStholo # --with but no location specified 39*43c1707eStholo # assume a gssapi.h or gssapi/gssapi.h locates our install. 40*43c1707eStholo # 41*43c1707eStholo # This isn't always strictly true. For instance Solaris 7's SUNHEA (header) 42*43c1707eStholo # package installs gssapi.h whether or not the necessary libraries are 43*43c1707eStholo # installed. I'm still not sure whether to consider this a bug. The long 44*43c1707eStholo # way around is to not consider GSSPAI installed unless gss_import_name is 45*43c1707eStholo # found, but that brings up a lot of other hassles, like continuing to let 46*43c1707eStholo # gcc & ld generate the error messages when the user uses --with-gssapi=dir 47*43c1707eStholo # as a debugging aid. The short way around is to disable GSSAPI by default, 48*43c1707eStholo # but I think Sun users have been faced with this for awhile and I haven't 49*43c1707eStholo # heard many complaints. 50*43c1707eStholo acx_gssapi_save_CPPFLAGS=$CPPFLAGS 51*43c1707eStholo for acx_gssapi_cv_gssapi in yes /usr/kerberos /usr/cygnus/kerbnet no; do 52*43c1707eStholo if test x$acx_gssapi_cv_gssapi = xno; then 53*43c1707eStholo break 54*43c1707eStholo fi 55*43c1707eStholo if test x$acx_gssapi_cv_gssapi = xyes; then 56*43c1707eStholo AC_CHECKING([for GSSAPI]) 57*43c1707eStholo else 58*43c1707eStholo CPPFLAGS="$acx_gssapi_save_CPPFLAGS -I$acx_gssapi_cv_gssapi/include" 59*43c1707eStholo AC_CHECKING([for GSSAPI in $acx_gssapi_cv_gssapi]) 60*43c1707eStholo fi 61*43c1707eStholo unset ac_cv_header_gssapi_h 62*43c1707eStholo unset ac_cv_header_gssapi_gssapi_h 63*43c1707eStholo AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 64*43c1707eStholo if test "$ac_cv_header_gssapi_h" = "yes" || 65*43c1707eStholo test "$ac_cv_header_gssapi_gssapi_h" = "yes"; then 66*43c1707eStholo break 67*43c1707eStholo fi 68*43c1707eStholo done 69*43c1707eStholo CPPFLAGS=$acx_gssapi_save_CPPFLAGS 70*43c1707eStholoelse 71*43c1707eStholo acx_gssapi_cv_gssapi=$acx_gssapi_withgssapi 72*43c1707eStholofi 73*43c1707eStholoAC_MSG_CHECKING([for GSSAPI]) 74*43c1707eStholo])dnl 75*43c1707eStholoAC_MSG_RESULT([$acx_gssapi_cv_gssapi]) 76*43c1707eStholo 77*43c1707eStholo# 78*43c1707eStholo# Set up GSSAPI includes for later use. We don't bother to check for 79*43c1707eStholo# $acx_gssapi_cv_gssapi=no here since that will be caught later. 80*43c1707eStholo# 81*43c1707eStholoif test x$acx_gssapi_cv_gssapi = yes; then 82*43c1707eStholo # no special includes necessary 83*43c1707eStholo GSSAPI_INCLUDES="" 84*43c1707eStholoelse 85*43c1707eStholo # GSSAPI at $acx_gssapi_cv_gssapi (could be 'no') 86*43c1707eStholo GSSAPI_INCLUDES=" -I$acx_gssapi_cv_gssapi/include" 87*43c1707eStholofi 88*43c1707eStholo 89*43c1707eStholo# 90*43c1707eStholo# Get the rest of the information CVS needs to compile with GSSAPI support 91*43c1707eStholo# 92*43c1707eStholoif test x$acx_gssapi_cv_gssapi != xno; then 93*43c1707eStholo # define HAVE_GSSAPI and set up the includes 94*43c1707eStholo AC_DEFINE([HAVE_GSSAPI],, [Define if you have GSSAPI with Kerberos version 5 available.]) 95*43c1707eStholo includeopt=$includeopt$GSSAPI_INCLUDES 96*43c1707eStholo 97*43c1707eStholo # locate any other headers 98*43c1707eStholo acx_gssapi_save_CPPFLAGS=$CPPFLAGS 99*43c1707eStholo CPPFLAGS=$CPPFLAGS$GSSAPI_INCLUDES 100*43c1707eStholo dnl We don't use HAVE_KRB5_H anywhere, but including it here might make it 101*43c1707eStholo dnl easier to spot errors by reading configure output 102*43c1707eStholo AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h gssapi/gssapi_generic.h krb5.h]) 103*43c1707eStholo # And look through them for GSS_C_NT_HOSTBASED_SERVICE or its alternatives 104*43c1707eStholo AC_CACHE_CHECK([for GSS_C_NT_HOSTBASED_SERVICE], [acx_gssapi_cv_gss_c_nt_hostbased_service], 105*43c1707eStholo [acx_gssapi_cv_gss_c_nt_hostbased_service=no 106*43c1707eStholo if test "$ac_cv_header_gssapi_h" = "yes"; then 107*43c1707eStholo AC_EGREP_HEADER([GSS_C_NT_HOSTBASED_SERVICE], [gssapi.h], 108*43c1707eStholo [acx_gssapi_cv_gss_c_nt_hostbased_service=yes], 109*43c1707eStholo AC_EGREP_HEADER([gss_nt_service_name], [gssapi.h], 110*43c1707eStholo [acx_gssapi_cv_gss_c_nt_hostbased_service=gss_nt_service_name])) 111*43c1707eStholo fi 112*43c1707eStholo if test $acx_gssapi_cv_gss_c_nt_hostbased_service = no && 113*43c1707eStholo test "$ac_cv_header_gssapi_gssapi_h" = "yes"; then 114*43c1707eStholo AC_EGREP_HEADER([GSS_C_NT_HOSTBASED_SERVICE], [gssapi/gssapi.h], 115*43c1707eStholo [acx_gssapi_cv_gss_c_nt_hostbased_service], 116*43c1707eStholo AC_EGREP_HEADER([gss_nt_service_name], [gssapi/gssapi.h], 117*43c1707eStholo [acx_gssapi_cv_gss_c_nt_hostbased_service=gss_nt_service_name])) 118*43c1707eStholo fi 119*43c1707eStholo if test $acx_gssapi_cv_gss_c_nt_hostbased_service = no && 120*43c1707eStholo test "$ac_cv_header_gssapi_gssapi_generic_h" = "yes"; then 121*43c1707eStholo AC_EGREP_HEADER([GSS_C_NT_HOSTBASED_SERVICE], [gssapi/gssapi_generic.h], 122*43c1707eStholo [acx_gssapi_cv_gss_c_nt_hostbased_service], 123*43c1707eStholo AC_EGREP_HEADER([gss_nt_service_name], [gssapi/gssapi_generic.h], 124*43c1707eStholo [acx_gssapi_cv_gss_c_nt_hostbased_service=gss_nt_service_name])) 125*43c1707eStholo fi]) 126*43c1707eStholo if test $acx_gssapi_cv_gss_c_nt_hostbased_service != yes && 127*43c1707eStholo test $acx_gssapi_cv_gss_c_nt_hostbased_service != no; then 128*43c1707eStholo # don't define for yes since that means it already means something and 129*43c1707eStholo # don't define for no since we'd rather the compiler catch the error 130*43c1707eStholo AC_DEFINE_UNQUOTED([GSS_C_NT_HOSTBASED_SERVICE], [$acx_gssapi_cv_gss_c_nt_hostbased_service], 131*43c1707eStholo[Define to an alternative value if GSS_C_NT_HOSTBASED_SERVICE isn't defined 132*43c1707eStholoin the gssapi.h header file. MIT Kerberos 1.2.1 requires this. Only relevant 133*43c1707eStholowhen using GSSAPI.]) 134*43c1707eStholo fi 135*43c1707eStholo CPPFLAGS=$acx_gssapi_save_CPPFLAGS 136*43c1707eStholo 137*43c1707eStholo # Expect the libs to be installed parallel to the headers 138*43c1707eStholo # 139*43c1707eStholo # We could try once with and once without, but I'm not sure it's worth the 140*43c1707eStholo # trouble. 141*43c1707eStholo if test x$acx_gssapi_cv_gssapi != xyes; then 142*43c1707eStholo if test -z "$LIBS"; then 143*43c1707eStholo LIBS="-L$acx_gssapi_cv_gssapi/lib" 144*43c1707eStholo else 145*43c1707eStholo LIBS="-L$acx_gssapi_cv_gssapi/lib $LIBS" 146*43c1707eStholo fi 147*43c1707eStholo else :; fi 148*43c1707eStholo 149*43c1707eStholo dnl What happens if we want to enable, say, krb5 and some other GSSAPI 150*43c1707eStholo dnl authentication method at the same time? 151*43c1707eStholo # 152*43c1707eStholo # Some of the order below is particular due to library dependencies 153*43c1707eStholo # 154*43c1707eStholo 155*43c1707eStholo # 156*43c1707eStholo # des Heimdal K 0.3d, but Heimdal seems to be set up such 157*43c1707eStholo # that it could have been installed from elsewhere. 158*43c1707eStholo # 159*43c1707eStholo AC_SEARCH_LIBS([des_set_odd_parity], [des]) 160*43c1707eStholo 161*43c1707eStholo # 162*43c1707eStholo # com_err Heimdal K 0.3d 163*43c1707eStholo # 164*43c1707eStholo # com_err MIT K5 v1.2.2-beta1 165*43c1707eStholo # 166*43c1707eStholo AC_SEARCH_LIBS([com_err], [com_err]) 167*43c1707eStholo 168*43c1707eStholo # 169*43c1707eStholo # asn1 Heimdal K 0.3d -lcom_err 170*43c1707eStholo # 171*43c1707eStholo AC_SEARCH_LIBS([initialize_asn1_error_table_r], [asn1]) 172*43c1707eStholo 173*43c1707eStholo # 174*43c1707eStholo # resolv required, but not installed by Heimdal K 0.3d 175*43c1707eStholo # 176*43c1707eStholo # resolv MIT K5 1.2.2-beta1 177*43c1707eStholo # Linux 2.2.17 178*43c1707eStholo # 179*43c1707eStholo AC_SEARCH_LIBS([__dn_expand], [resolv]) 180*43c1707eStholo 181*43c1707eStholo # 182*43c1707eStholo # roken Heimdal K 0.3d -lresolv 183*43c1707eStholo # 184*43c1707eStholo AC_SEARCH_LIBS([roken_gethostbyaddr], [roken]) 185*43c1707eStholo 186*43c1707eStholo # 187*43c1707eStholo # k5crypto MIT K5 v1.2.2-beta1 188*43c1707eStholo # 189*43c1707eStholo AC_SEARCH_LIBS([valid_enctype], [k5crypto]) 190*43c1707eStholo 191*43c1707eStholo # 192*43c1707eStholo # gen ? ? ? Needed on Irix 5.3 with some 193*43c1707eStholo # Irix 5.3 version of Kerberos. I'm not 194*43c1707eStholo # sure which since Irix didn't 195*43c1707eStholo # get any testing this time 196*43c1707eStholo # around. Original comment: 197*43c1707eStholo # 198*43c1707eStholo # This is necessary on Irix 5.3, in order to link against libkrb5 -- 199*43c1707eStholo # there, an_to_ln.o refers to things defined only in -lgen. 200*43c1707eStholo # 201*43c1707eStholo AC_SEARCH_LIBS([compile], [gen]) 202*43c1707eStholo 203*43c1707eStholo # 204*43c1707eStholo # krb5 ? ? ? -lgen -l??? 205*43c1707eStholo # Irix 5.3 206*43c1707eStholo # 207*43c1707eStholo # krb5 MIT K5 v1.1.1 208*43c1707eStholo # 209*43c1707eStholo # krb5 MIT K5 v1.2.2-beta1 -lcrypto -lcom_err 210*43c1707eStholo # Linux 2.2.17 211*43c1707eStholo # 212*43c1707eStholo # krb5 MIT K5 v1.2.2-beta1 -lcrypto -lcom_err -lresolv 213*43c1707eStholo # 214*43c1707eStholo # krb5 Heimdal K 0.3d -lasn1 -lroken -ldes 215*43c1707eStholo # 216*43c1707eStholo AC_SEARCH_LIBS([krb5_free_context], [krb5]) 217*43c1707eStholo 218*43c1707eStholo # 219*43c1707eStholo # gssapi_krb5 Only lib needed with MIT K5 v1.2.1, so find it first in 220*43c1707eStholo # order to prefer MIT Kerberos. If both MIT & Heimdal 221*43c1707eStholo # Kerberos are installed and in the path, this will leave 222*43c1707eStholo # some of the libraries above in LIBS unnecessarily, but 223*43c1707eStholo # noone would ever do that, right? 224*43c1707eStholo # 225*43c1707eStholo # gssapi_krb5 MIT K5 v1.2.2-beta1 -lkrb5 226*43c1707eStholo # 227*43c1707eStholo # gssapi Heimdal K 0.3d -lkrb5 228*43c1707eStholo # 229*43c1707eStholo AC_SEARCH_LIBS([gss_import_name], [gssapi_krb5 gssapi]) 230*43c1707eStholofi 231*43c1707eStholo])dnl 232