diff options
| author | fergus.henderson <fergushenderson@users.noreply.github.com> | 2009-07-23 02:16:18 +0000 |
|---|---|---|
| committer | fergus.henderson <fergushenderson@users.noreply.github.com> | 2009-07-23 02:16:18 +0000 |
| commit | 8a5f0e583a3593803c41ef0719d78e79c38cbcec (patch) | |
| tree | f7f781c1b4a4e47775b6b692b7b4e148fa79ea8d /configure.ac | |
| parent | 12f786698f9be16fc9d0b76373665c87ab5df5ac (diff) | |
| download | distcc-git-8a5f0e583a3593803c41ef0719d78e79c38cbcec.tar.gz | |
Apply patch from Ian.Baker@cern.ch:
Optional GSS-API Functionality.
This patch implements mutual authentication, out of sequence and
replay detection using the GSS-API. The changes implemented are
optional and are turned off by default.
This option is specified to the client through an environment variable
as is the name of the server principal to authenticate. Currently
the server principal can be left unspecified and a default based on
the host keytab will be used.
This option is specified to the daemon through a command line option,
with the name of the principal whose credentials the daemon should
use specified as an environment variable. A simple handshake is
exchanged between the client and server in order to prevent
unecessary delays and protocol derailments when mixing authenticating
and non-authenticating clients and servers.
Revised based on review comments.
GSS-API authentication is now implemented as a per host option.
Revised further by me (Fergus Henderson) to fix a spelling error
and to rename the per host option from ",gssapi" to ",auth".
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 757dbe3..fab20b4 100644 --- a/configure.ac +++ b/configure.ac @@ -491,6 +491,32 @@ if test x"$with_avahi" != xno; then AC_SUBST(ZEROCONF_DISTCCD_OBJS) fi +AUTH_COMMON_OBJS="" +AUTH_DISTCC_OBJS="" +AUTH_DISTCCD_OBJS="" + +#check for GSS-API +AC_ARG_WITH([auth], + [AS_HELP_STRING([--with-auth], + [provide mutual authentication services via the GSS-API])]) + +if test x"$with_auth" = xyes; then + AC_SEARCH_LIBS([gss_init_sec_context], + [gssapi gssapi_krb5], + AC_DEFINE(HAVE_GSSAPI, 1, [Define if the GSS_API is available]) + AUTH_COMMON_OBJS="src/auth_common.o" + AUTH_DISTCC_OBJS="src/auth_distcc.o" + AUTH_DISTCCD_OBJS="src/auth_distccd.o", + AC_MSG_FAILURE([--with-auth was given but no GSS-API library found]) + AUTH_COMMON_OBJS="" + AUTH_DISTCC_OBJS="" + AUTH_DISTCCD_OBJS="") +fi + +AC_SUBST(AUTH_COMMON_OBJS) +AC_SUBST(AUTH_DISTCC_OBJS) +AC_SUBST(AUTH_DISTCCD_OBJS) + ACX_PTHREAD LIBS="$PTHREAD_LIBS $LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" |