git.gag.com Git - debian/amanda/blob - config/amanda/krb4-security.m4

   1 # SYNOPSIS
   2 #
   3 #   AMANDA_KRB4_SECURITY
   4 #
   5 # OVERVIEW
   6 #
   7 #   Handle configuration for KRB4 security, implementing the --with-krb4-security
   8 #   option.  If libraries are found, they are added to the relevant compiler flags.
   9 #
  10 #   Defines KRB4_SECURITY, and sets AM_CONDITIONAL WANT_KRB4_SECURITY,
  11 #   if the user has selected this mechanism.  Also, the following parameters
  12 #   are taken from options and defined:
  13 #
  14 #    - SERVER_HOST_PRINCIPAL
  15 #    - SERVER_HOST_INSTANCE
  16 #    - SERVER_HOST_KEY_FILE
  17 #    - CLIENT_HOST_PRINCIPAL
  18 #    - CLIENT_HOST_INSTANCE
  19 #    - CLIENT_HOST_KEY_FILE
  20 #    - TICKET_LIFETIME
  21 #
  22 AC_DEFUN([AMANDA_KRB4_SECURITY],
  23 [
  24     # Specify --with-krb4-security if Kerberos software is in somewhere
  25     # other than the listed KRB4_SPOTS.  We only compile kerberos support in
  26     # if the right files are there.
  27
  28     : ${KRB4_SPOTS="/usr/kerberos /usr/cygnus /usr /opt/kerberos"}
  29
  30     KRB4_SECURITY="no"
  31     AC_ARG_WITH(krb4-security,
  32         AS_HELP_STRING([--with-krb4-security=DIR],
  33             [Location of Kerberos software @<:@/usr/kerberos /usr/cygnus /usr /opt/kerberos@:>@]),
  34         [
  35             case "$withval" in
  36                 n | no) ;;
  37                 y | ye | yes) KRB4_SECURITY="yes" ;;
  38                 *) KRB4_SPOTS="$KRB4_SECURITY"
  39                    KRB4_SECURITY="yes"
  40                    ;;
  41             esac
  42         ],
  43     )
  44
  45     # check the remaining, subsidiary options
  46
  47     AC_MSG_CHECKING([host principal])
  48     AC_ARG_WITH(server-principal,
  49         AS_HELP_STRING([ --with-server-principal=ARG],
  50             [server host principal ("amanda")]),
  51         [
  52             case "$withval" in
  53                 "" | y | ye | yes | n | no)
  54                     AC_MSG_ERROR([*** You must supply an argument to the --with-server-principal option.])
  55                   ;;
  56                 *) SERVER_HOST_PRINCIPAL="$withval" ;;
  57             esac
  58         ],
  59         [ : ${SERVER_HOST_PRINCIPAL="amanda"} ]
  60     )
  61     AC_MSG_RESULT($SERVER_HOST_PRINCIPAL)
  62
  63     AC_MSG_CHECKING([server host instance])
  64     AC_ARG_WITH(server-instance,
  65         AS_HELP_STRING([ --with-server-instance=ARG],
  66             [server host instance ("amanda")]),
  67         [
  68             case "$withval" in
  69                 "" | y | ye | yes | n | no)
  70                     AC_MSG_ERROR([*** You must supply an argument to the --with-server-instance option.])
  71                   ;;
  72                 *) SERVER_HOST_INSTANCE="$withval" ;;
  73             esac
  74         ],
  75         [ : ${SERVER_HOST_INSTANCE="amanda"} ]
  76     )
  77     AC_MSG_RESULT($SERVER_HOST_INSTANCE)
  78
  79     AC_MSG_CHECKING([server host key file])
  80     AC_ARG_WITH(server-keyfile,
  81         AS_HELP_STRING([ --with-server-keyfile=ARG],
  82             [server host key file ("/.amanda")]),
  83         [
  84             case "$withval" in
  85                 "" | y | ye | yes | n | no)
  86                     AC_MSG_ERROR([*** You must supply an argument to the --with-server-keyfile option.])
  87                   ;;
  88                 *) SERVER_HOST_KEY_FILE="$withval" ;;
  89             esac
  90         ],
  91         [ : ${SERVER_HOST_KEY_FILE="/.amanda"} ]
  92     )
  93     AC_MSG_RESULT($SERVER_HOST_KEY_FILE)
  94
  95     AC_MSG_CHECKING(client host principle)
  96     AC_ARG_WITH(client-principal,
  97         AS_HELP_STRING([ --with-client-principal=ARG],
  98             [client host principle ("rcmd")]),
  99         [
 100             case "$withval" in
 101                 "" | y | ye | yes | n | no)
 102                     AC_MSG_ERROR([*** You must supply an argument to the --with-client-principal option.])
 103                   ;;
 104                 *) CLIENT_HOST_PRINCIPAL="$withval" ;;
 105             esac
 106         ],
 107         [ : ${CLIENT_HOST_PRINCIPAL="rcmd"} ]
 108     )
 109     AC_MSG_RESULT($CLIENT_HOST_PRINCIPAL)
 110
 111     AC_MSG_CHECKING([client host instance])
 112     AC_ARG_WITH(client-instance,
 113         AS_HELP_STRING([ --with-client-instance=ARG],
 114             [client host instance (HOSTNAME_INSTANCE)]),
 115         [
 116             case "$withval" in
 117                 "" | y | ye | yes | n | no)
 118                     AC_MSG_ERROR([*** You must supply an argument to the --with-client-instance option.])
 119                   ;;
 120                 *) CLIENT_HOST_INSTANCE="$withval" ;;
 121             esac
 122         ],
 123         [ : ${CLIENT_HOST_INSTANCE=HOSTNAME_INSTANCE} ]
 124     )
 125     AC_MSG_RESULT($CLIENT_HOST_INSTANCE)
 126
 127     AC_MSG_CHECKING([client host key file])
 128     AC_ARG_WITH(client-keyfile,
 129         AS_HELP_STRING([ --with-client-keyfile=ARG],
 130             [client host key file (KEYFILE)]),
 131         [
 132             case "$withval" in
 133                 "" | y | ye | yes | n | no)
 134                     AC_MSG_ERROR([*** You must supply an argument to the --with-client-keyfile option.])
 135                   ;;
 136                 *) CLIENT_HOST_KEY_FILE="$withval" ;;
 137             esac
 138         ],
 139         [ : ${CLIENT_HOST_KEY_FILE=KEYFILE} ]
 140     )
 141     # Assume it's either KEYFILE (defined in krb.h), or a string filename...
 142     if test "x$CLIENT_HOST_KEY_FILE" != "xKEYFILE"; then
 143       # add quotes
 144       CLIENT_HOST_KEY_FILE="\"$CLIENT_HOST_KEY_FILE\""
 145     fi
 146     AC_MSG_RESULT($CLIENT_HOST_KEY_FILE)
 147
 148     AC_MSG_CHECKING([ticket lifetime])
 149     AC_ARG_WITH(ticket-lifetime,
 150         AS_HELP_STRING([ --ticket-lifetime],
 151             [ticket lifetime (128)]),
 152         [
 153             case "$withval" in
 154             "" | y | ye | yes | n | no)
 155                 AC_MSG_ERROR([*** You must supply an argument to the --with-ticket-lifetime option.])
 156               ;;
 157             *) TICKET_LIFETIME="$withval" ;;
 158             esac
 159         ],
 160         [ : ${TICKET_LIFETIME=128} ]
 161     )
 162     AC_MSG_RESULT($TICKET_LIFETIME)
 163
 164
 165     if test "x${KRB4_SECURITY}" = "xyes"; then
 166         AC_MSG_CHECKING(for Kerberos and Amanda kerberos4 bits)
 167         found="no"
 168         for dir in $KRB4_SPOTS; do
 169             if test \( -f ${dir}/lib/libkrb.a -o -f ${dir}/lib/libkrb.so \) -a \( -f ${dir}/lib/libdes.a -o -f ${dir}/lib/libdes.so \) ; then
 170                 #
 171                 # This is the original Kerberos 4.
 172                 #
 173                 AC_MSG_RESULT(found in $dir)
 174                 found="yes"
 175
 176                 #
 177                 # This handles BSD/OS.
 178                 #
 179                 if test -d $dir/include/kerberosIV ; then
 180                     AMANDA_ADD_CPPFLAGS([-I$dir/include/kerberosIV])
 181                 else
 182                     AMANDA_ADD_CPPFLAGS([-I$dir/include])
 183                 fi
 184                 AMANDA_ADD_LDFLAGS([-L$dir/lib])
 185                 AMANDA_ADD_LIBS([-lkrb -ldes])
 186                 if test -f ${dir}/lib/libcom_err.a; then
 187                     AMANDA_ADD_LIBS([-lcom_err])
 188                 fi
 189                 break
 190             elif test \( -f ${dir}/lib/libkrb4.a -o -f ${dir}/lib/libkrb4.so \) &&
 191                  test \( -f ${dir}/lib/libcrypto.a -o -f ${dir}/lib/libcrypto.so \) &&
 192                  test \( -f ${dir}/lib/libdes425.a -o -f ${dir}/lib/libdes425.so \) ; then
 193                 #
 194                 # This is Kerberos 5 with Kerberos 4 back-support.
 195                 #
 196                 AC_MSG_RESULT(found in $dir)
 197                 found="yes"
 198                 AMANDA_ADD_CPPFLAGS([-I$dir/include -I$dir/include/kerberosIV])
 199                 AMANDA_ADD_LDFLAGS([-L$dir/lib])
 200                 if test \( -f ${dir}/lib/libkrb5.a -o -f ${dir}/lib/libkrb5.so \) &&
 201                    test \( -f ${dir}/lib/libcom_err.a -o -f ${dir}/lib/libcom_err.so \) ; then
 202                     AMANDA_ADD_LIBS([-lkrb4 -lkrb5 -lcrypto -ldes425 -lcom_err])
 203                 else
 204                     AMANDA_ADD_LIBS([-lkrb4 -lcrypto -ldes425])
 205                 fi
 206                 break
 207             fi
 208         done
 209
 210         if test "x$found" = "xno" ; then
 211             AC_MSG_RESULT(no libraries found)
 212             AMANDA_MSG_WARN([No Kerberos IV libraries were found on your system; disabling krb4-security])
 213             KRB4_SECURITY="no"
 214         else
 215             AC_DEFINE(KRB4_SECURITY, 1,
 216                 [Enable Kerberos IV security.])
 217             AC_DEFINE_UNQUOTED(SERVER_HOST_PRINCIPAL,"$SERVER_HOST_PRINCIPAL",
 218                     [The Kerberos server principal. ])
 219             AC_DEFINE_UNQUOTED(SERVER_HOST_INSTANCE,"$SERVER_HOST_INSTANCE",
 220                     [The Kerberos server instance. ])
 221             AC_DEFINE_UNQUOTED(SERVER_HOST_KEY_FILE,"$SERVER_HOST_KEY_FILE",
 222                     [The Kerberos server key file. ])
 223             AC_DEFINE_UNQUOTED(CLIENT_HOST_PRINCIPAL,"$CLIENT_HOST_PRINCIPAL",
 224                     [The Kerberos client host principal. ])
 225             AC_DEFINE_UNQUOTED(CLIENT_HOST_INSTANCE,$CLIENT_HOST_INSTANCE,
 226                     [The Kerberos client host instance. ])
 227             AC_DEFINE_UNQUOTED(CLIENT_HOST_KEY_FILE,$CLIENT_HOST_KEY_FILE,
 228                     [The Kerberos client host key file. ])
 229             AC_DEFINE_UNQUOTED(TICKET_LIFETIME,$TICKET_LIFETIME,
 230                     [The Kerberos ticket lifetime. ])
 231         fi
 232     fi
 233     AM_CONDITIONAL(WANT_KRB4_SECURITY, test x"$KRB4_SECURITY" = x"yes")
 234 ])