]
)
+# Check whether the user wants GSI (Globus) support
+gsi_path="no"
+AC_ARG_WITH(gsi,
+ [ --with-gsi=PATH Enable GSI/Globus authentication support],
+ [
+ gsi_path="$withval"
+ ]
+)
+
+AC_ARG_WITH(globus,
+ [ --with-globus=PATH Enable GSI/Globus authentication support],
+ [
+ gsi_path="$withval"
+ ]
+)
+
+# Check whether the user has a Globus flavor type
+globus_flavor_type="no"
+AC_ARG_WITH(globus-flavor,
+ [ --with-globus-flavor=TYPE Describe Globus flavor type (ex: gcc32dbg, etc.)],
+ [
+ globus_flavor_type="$withval"
+ ]
+)
+
+if test "x$gsi_path" != "xno" ; then
+ # Globus GSSAPI configuration
+ AC_DEFINE(GSSAPI)
+ AC_DEFINE(GSI)
+
+ # Find GLOBUS/GSI installation Directory
+ AC_MSG_CHECKING(for Globus/GSI installation directory)
+
+ globus_install_dir=$gsi_path
+
+ if test "x$globus_install_dir" = "xyes" ; then
+ AC_MSG_ERROR(Cannot find Globus/GSI installation directory -- a path must be specified!)
+ fi
+ AC_MSG_RESULT($globus_install_dir)
+
+ # Find GLOBUS/GSI development directory
+ AC_MSG_CHECKING(for Globus/GSI development directory)
+
+ # Looks like a flat directory structure from configure/make
+ # and not globus-install or gsi-install
+ globus_dev_dir=$globus_install_dir
+ AC_MSG_RESULT($globus_dev_dir)
+
+ # Find GLOBUS/GSI flavor Directory
+ AC_MSG_CHECKING(for Globus flavor type)
+
+ if test "x$globus_flavor_type" = "xno" ; then
+ GSI_LIBS="-lglobus_gss_assist -lglobus_gss -lglobus_gaa"
+ GSI_LDFLAGS="-L${globus_dev_dir}/lib"
+ GSI_CFLAGS="-I${globus_dev_dir}/include"
+ AC_MSG_RESULT(none)
+ elif test "x$globus_flavor_type" = "xyes" ; then
+ AC_MSG_ERROR(No Globus flavor type specified)
+ else
+ globus_incl_dir="${globus_dev_dir}/include/${globus_flavor_type}"
+
+ if test ! -d "$globus_incl_dir" ; then
+ AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${globus_incl_dir})
+ fi
+
+ AC_MSG_RESULT($globus_flavor_type)
+
+ globus_lib_dir="${globus_dev_dir}/lib"
+
+ GSI_LIBS="-lglobus_gss_assist_${globus_flavor_type} -lglobus_gssapi_gsi_${globus_flavor_type}"
+ GSI_LDFLAGS="-L${globus_lib_dir}"
+ GSI_CFLAGS="-I${globus_incl_dir}"
+ fi
+
+ LIBS="$LIBS $GSI_LIBS"
+ LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
+ CFLAGS="$CFLAGS $GSI_CFLAGS"
+
+ #
+ # some systems don't compile in the path to the shared lib with the
+ # rest of the objects. to compensate, we set $LD_LIBRARY_PATH
+ # accordingly.
+ #
+
+ AC_MSG_CHECKING(whether to compensate linking with LD_LIBRARY_PATH)
+ AC_MSG_RESULT()
+
+ if test "x${LD_LIBRARY_PATH}" != "x" ; then
+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:"
+ fi
+ export LD_LIBRARY_PATH="$LD_LIBRARY_PATH${globus_lib_dir}"
+# End Globus/GSI section
+fi
+
# Check whether user wants S/Key support
SKEY_MSG="no"
AC_ARG_WITH(skey,
saved_LIBS="$LIBS"
saved_LDFLAGS="$LDFLAGS"
saved_CPPFLAGS="$CPPFLAGS"
+if test "x$globus_flavor_type" != "xno" ; then
+LIBS="$saved_LIBS -lglobus_ssl_utils_${globus_flavor_type} -lssl_${globus_flavor_type} -lcrypto_${globus_flavor_type}"
+LDFLAGS="$saved_LDFLAGS"
+CPPFLAGS="$saved_CPPFLAGS"
+else
if test "x$prefix" != "xNONE" ; then
tryssldir="$tryssldir $prefix"
fi
fi
fi
fi
+if test "x$gsi_path" == "xno" ; then
LIBS="$saved_LIBS -lcrypto"
+else
+LIBS="$saved_LIBS -lssl -lcrypto"
+fi
+fi # globus_flavor_type
# Now test RSA support
saved_LIBS="$LIBS"
]
)
-# Check whether user wants Kerberos support
+# Check whether user wants Kerberos 5 support
+AC_ARG_WITH(kerberos5,
+ [ --with-kerberos5=PATH Enable Kerberos 5 support],
+ [
+ if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xyes" ; then
+ KRB5ROOT="/usr/local"
+ else
+ KRB5ROOT=${withval}
+ fi
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
+ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+ AC_DEFINE(KRB5)
+ AC_MSG_CHECKING(whether we are using Heimdal)
+ AC_TRY_COMPILE([ #include <krb5.h> ],
+ [ char *tmp = heimdal_version; ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(HEIMDAL)
+ K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+ ],
+ [ AC_MSG_RESULT(no)
+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+ ]
+ )
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${KRB5ROOT}/lib"
+ fi
+ AC_CHECK_LIB(resolv, dn_expand, , )
+
+ AC_CHECK_LIB(gssapi,gss_init_sec_context,
+ [ AC_DEFINE(GSSAPI)
+ K5LIBS="-lgssapi $K5LIBS" ],
+ [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
+ [ AC_DEFINE(GSSAPI)
+ K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
+ $K5LIBS)
+ ],
+ $K5LIBS)
+
+ AC_CHECK_HEADER(gssapi.h, ,
+ [ unset ac_cv_header_gssapi_h
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ AC_CHECK_HEADERS(gssapi.h, ,
+ AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
+ )
+ ]
+ )
+
+ oldCPP="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ AC_CHECK_HEADER(gssapi_krb5.h, ,
+ [ CPPFLAGS="$oldCPP" ])
+
+ KRB5=yes
+ fi
+ ]
+)
+# Check whether user wants Kerberos 4 support
KRB4_MSG="no"
AC_ARG_WITH(kerberos4,
[ --with-kerberos4=PATH Enable Kerberos 4 support],
fi
]
)
-LIBS="$LIBS $KLIBS"
+LIBS="$LIBS $KLIBS $K5LIBS"
# Looking for programs, paths and files
AC_ARG_WITH(rsh,
[ case "$enableval" in
no)
AC_MSG_RESULT(no)
- SSHMODE=0711
+ SSHMODE=0755
+ # SSHMODE=0711
+ # ^- this is the old mode setting. is there a good reason for this? as a regular
+ # user, i can't load libraries with 711 perms when i'm not the owner
;;
*) AC_MSG_RESULT(yes)
- SSHMODE=4711
+ SSHMODE=4755
+ # SSHMODE=4711
+ # ^- this is the old mode setting. is there a good reason for this? as a regular
+ # user, i can't load libraries with 4711 perms when i'm not the owner
;;
esac ],
AC_MSG_RESULT(yes)
andersk / gssapi-openssh.git / commitdiff
