--- /dev/null
+# SYNOPSIS
+#
+# AMANDA_KRB4_SECURITY
+#
+# OVERVIEW
+#
+# Handle configuration for KRB4 security, implementing the --with-krb4-security
+# option. If libraries are found, they are added to the relevant compiler flags.
+#
+# Defines KRB4_SECURITY, and sets AM_CONDITIONAL WANT_KRB4_SECURITY,
+# if the user has selected this mechanism. Also, the following parameters
+# are taken from options and defined:
+#
+# - SERVER_HOST_PRINCIPAL
+# - SERVER_HOST_INSTANCE
+# - SERVER_HOST_KEY_FILE
+# - CLIENT_HOST_PRINCIPAL
+# - CLIENT_HOST_INSTANCE
+# - CLIENT_HOST_KEY_FILE
+# - TICKET_LIFETIME
+#
+AC_DEFUN([AMANDA_KRB4_SECURITY],
+[
+ # Specify --with-krb4-security if Kerberos software is in somewhere
+ # other than the listed KRB4_SPOTS. We only compile kerberos support in
+ # if the right files are there.
+
+ : ${KRB4_SPOTS="/usr/kerberos /usr/cygnus /usr /opt/kerberos"}
+
+ KRB4_SECURITY="no"
+ AC_ARG_WITH(krb4-security,
+ AS_HELP_STRING([--with-krb4-security=DIR],
+ [Location of Kerberos software @<:@/usr/kerberos /usr/cygnus /usr /opt/kerberos@:>@]),
+ [
+ case "$withval" in
+ n | no) ;;
+ y | ye | yes) KRB4_SECURITY="yes" ;;
+ *) KRB4_SPOTS="$KRB4_SECURITY"
+ KRB4_SECURITY="yes"
+ ;;
+ esac
+ ],
+ )
+
+ # check the remaining, subsidiary options
+
+ AC_MSG_CHECKING([host principal])
+ AC_ARG_WITH(server-principal,
+ AS_HELP_STRING([ --with-server-principal=ARG],
+ [server host principal ("amanda")]),
+ [
+ case "$withval" in
+ "" | y | ye | yes | n | no)
+ AC_MSG_ERROR([*** You must supply an argument to the --with-server-principal option.])
+ ;;
+ *) SERVER_HOST_PRINCIPAL="$withval" ;;
+ esac
+ ],
+ [ : ${SERVER_HOST_PRINCIPAL="amanda"} ]
+ )
+ AC_MSG_RESULT($SERVER_HOST_PRINCIPAL)
+
+ AC_MSG_CHECKING([server host instance])
+ AC_ARG_WITH(server-instance,
+ AS_HELP_STRING([ --with-server-instance=ARG],
+ [server host instance ("amanda")]),
+ [
+ case "$withval" in
+ "" | y | ye | yes | n | no)
+ AC_MSG_ERROR([*** You must supply an argument to the --with-server-instance option.])
+ ;;
+ *) SERVER_HOST_INSTANCE="$withval" ;;
+ esac
+ ],
+ [ : ${SERVER_HOST_INSTANCE="amanda"} ]
+ )
+ AC_MSG_RESULT($SERVER_HOST_INSTANCE)
+
+ AC_MSG_CHECKING([server host key file])
+ AC_ARG_WITH(server-keyfile,
+ AS_HELP_STRING([ --with-server-keyfile=ARG],
+ [server host key file ("/.amanda")]),
+ [
+ case "$withval" in
+ "" | y | ye | yes | n | no)
+ AC_MSG_ERROR([*** You must supply an argument to the --with-server-keyfile option.])
+ ;;
+ *) SERVER_HOST_KEY_FILE="$withval" ;;
+ esac
+ ],
+ [ : ${SERVER_HOST_KEY_FILE="/.amanda"} ]
+ )
+ AC_MSG_RESULT($SERVER_HOST_KEY_FILE)
+
+ AC_MSG_CHECKING(client host principle)
+ AC_ARG_WITH(client-principal,
+ AS_HELP_STRING([ --with-client-principal=ARG],
+ [client host principle ("rcmd")]),
+ [
+ case "$withval" in
+ "" | y | ye | yes | n | no)
+ AC_MSG_ERROR([*** You must supply an argument to the --with-client-principal option.])
+ ;;
+ *) CLIENT_HOST_PRINCIPAL="$withval" ;;
+ esac
+ ],
+ [ : ${CLIENT_HOST_PRINCIPAL="rcmd"} ]
+ )
+ AC_MSG_RESULT($CLIENT_HOST_PRINCIPAL)
+
+ AC_MSG_CHECKING([client host instance])
+ AC_ARG_WITH(client-instance,
+ AS_HELP_STRING([ --with-client-instance=ARG],
+ [client host instance (HOSTNAME_INSTANCE)]),
+ [
+ case "$withval" in
+ "" | y | ye | yes | n | no)
+ AC_MSG_ERROR([*** You must supply an argument to the --with-client-instance option.])
+ ;;
+ *) CLIENT_HOST_INSTANCE="$withval" ;;
+ esac
+ ],
+ [ : ${CLIENT_HOST_INSTANCE=HOSTNAME_INSTANCE} ]
+ )
+ AC_MSG_RESULT($CLIENT_HOST_INSTANCE)
+
+ AC_MSG_CHECKING([client host key file])
+ AC_ARG_WITH(client-keyfile,
+ AS_HELP_STRING([ --with-client-keyfile=ARG],
+ [client host key file (KEYFILE)]),
+ [
+ case "$withval" in
+ "" | y | ye | yes | n | no)
+ AC_MSG_ERROR([*** You must supply an argument to the --with-client-keyfile option.])
+ ;;
+ *) CLIENT_HOST_KEY_FILE="$withval" ;;
+ esac
+ ],
+ [ : ${CLIENT_HOST_KEY_FILE=KEYFILE} ]
+ )
+ # Assume it's either KEYFILE (defined in krb.h), or a string filename...
+ if test "x$CLIENT_HOST_KEY_FILE" != "xKEYFILE"; then
+ # add quotes
+ CLIENT_HOST_KEY_FILE="\"$CLIENT_HOST_KEY_FILE\""
+ fi
+ AC_MSG_RESULT($CLIENT_HOST_KEY_FILE)
+
+ AC_MSG_CHECKING([ticket lifetime])
+ AC_ARG_WITH(ticket-lifetime,
+ AS_HELP_STRING([ --ticket-lifetime],
+ [ticket lifetime (128)]),
+ [
+ case "$withval" in
+ "" | y | ye | yes | n | no)
+ AC_MSG_ERROR([*** You must supply an argument to the --with-ticket-lifetime option.])
+ ;;
+ *) TICKET_LIFETIME="$withval" ;;
+ esac
+ ],
+ [ : ${TICKET_LIFETIME=128} ]
+ )
+ AC_MSG_RESULT($TICKET_LIFETIME)
+
+
+ if test "x${KRB4_SECURITY}" = "xyes"; then
+ AC_MSG_CHECKING(for Kerberos and Amanda kerberos4 bits)
+ found="no"
+ for dir in $KRB4_SPOTS; do
+ if test \( -f ${dir}/lib/libkrb.a -o -f ${dir}/lib/libkrb.so \) -a \( -f ${dir}/lib/libdes.a -o -f ${dir}/lib/libdes.so \) ; then
+ #
+ # This is the original Kerberos 4.
+ #
+ AC_MSG_RESULT(found in $dir)
+ found="yes"
+
+ #
+ # This handles BSD/OS.
+ #
+ if test -d $dir/include/kerberosIV ; then
+ AMANDA_ADD_CPPFLAGS([-I$dir/include/kerberosIV])
+ else
+ AMANDA_ADD_CPPFLAGS([-I$dir/include])
+ fi
+ AMANDA_ADD_LDFLAGS([-L$dir/lib])
+ AMANDA_ADD_LIBS([-lkrb -ldes])
+ if test -f ${dir}/lib/libcom_err.a; then
+ AMANDA_ADD_LIBS([-lcom_err])
+ fi
+ break
+ elif test \( -f ${dir}/lib/libkrb4.a -o -f ${dir}/lib/libkrb4.so \) &&
+ test \( -f ${dir}/lib/libcrypto.a -o -f ${dir}/lib/libcrypto.so \) &&
+ test \( -f ${dir}/lib/libdes425.a -o -f ${dir}/lib/libdes425.so \) ; then
+ #
+ # This is Kerberos 5 with Kerberos 4 back-support.
+ #
+ AC_MSG_RESULT(found in $dir)
+ found="yes"
+ AMANDA_ADD_CPPFLAGS([-I$dir/include -I$dir/include/kerberosIV])
+ AMANDA_ADD_LDFLAGS([-L$dir/lib])
+ if test \( -f ${dir}/lib/libkrb5.a -o -f ${dir}/lib/libkrb5.so \) &&
+ test \( -f ${dir}/lib/libcom_err.a -o -f ${dir}/lib/libcom_err.so \) ; then
+ AMANDA_ADD_LIBS([-lkrb4 -lkrb5 -lcrypto -ldes425 -lcom_err])
+ else
+ AMANDA_ADD_LIBS([-lkrb4 -lcrypto -ldes425])
+ fi
+ break
+ fi
+ done
+
+ if test "x$found" = "xno" ; then
+ AC_MSG_RESULT(no libraries found)
+ AMANDA_MSG_WARN([No Kerberos IV libraries were found on your system; disabling krb4-security])
+ KRB4_SECURITY="no"
+ else
+ AC_DEFINE(KRB4_SECURITY, 1,
+ [Enable Kerberos IV security.])
+ AC_DEFINE_UNQUOTED(SERVER_HOST_PRINCIPAL,"$SERVER_HOST_PRINCIPAL",
+ [The Kerberos server principal. ])
+ AC_DEFINE_UNQUOTED(SERVER_HOST_INSTANCE,"$SERVER_HOST_INSTANCE",
+ [The Kerberos server instance. ])
+ AC_DEFINE_UNQUOTED(SERVER_HOST_KEY_FILE,"$SERVER_HOST_KEY_FILE",
+ [The Kerberos server key file. ])
+ AC_DEFINE_UNQUOTED(CLIENT_HOST_PRINCIPAL,"$CLIENT_HOST_PRINCIPAL",
+ [The Kerberos client host principal. ])
+ AC_DEFINE_UNQUOTED(CLIENT_HOST_INSTANCE,$CLIENT_HOST_INSTANCE,
+ [The Kerberos client host instance. ])
+ AC_DEFINE_UNQUOTED(CLIENT_HOST_KEY_FILE,$CLIENT_HOST_KEY_FILE,
+ [The Kerberos client host key file. ])
+ AC_DEFINE_UNQUOTED(TICKET_LIFETIME,$TICKET_LIFETIME,
+ [The Kerberos ticket lifetime. ])
+ fi
+ fi
+ AM_CONDITIONAL(WANT_KRB4_SECURITY, test x"$KRB4_SECURITY" = x"yes")
+])