summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-03-29 08:24:03 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:11:20 -0500
commit7cabdeb7ec84c7c0b3e9b907e19f4e240b7fc4ca (patch)
tree39fb9a70a787facf6bc48e58dbc821c7e5b2de84
parentd15845eb813a2667dfc857d68dc3bf6b262ff496 (diff)
downloadsamba-7cabdeb7ec84c7c0b3e9b907e19f4e240b7fc4ca.tar.gz
samba-7cabdeb7ec84c7c0b3e9b907e19f4e240b7fc4ca.tar.bz2
samba-7cabdeb7ec84c7c0b3e9b907e19f4e240b7fc4ca.zip
r6113: Move GENSEC and the kerberos code out of libcli/auth, and into
auth/gensec and auth/kerberos. This also pulls the kerberos configure code out of libads (which is otherwise dead), and into auth/kerberos/kerberos.m4 Andrew Bartlett (This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)
-rw-r--r--source4/auth/auth.h6
-rw-r--r--source4/auth/gensec/gensec.c (renamed from source4/libcli/auth/gensec.c)0
-rw-r--r--source4/auth/gensec/gensec.h (renamed from source4/libcli/auth/gensec.h)0
-rw-r--r--source4/auth/gensec/gensec.m4 (renamed from source4/libcli/auth/gensec.m4)2
-rw-r--r--source4/auth/gensec/gensec.mk (renamed from source4/libcli/auth/gensec.mk)33
-rw-r--r--source4/auth/gensec/gensec_gssapi.c (renamed from source4/libcli/auth/gensec_gssapi.c)0
-rw-r--r--source4/auth/gensec/gensec_gsskrb5.c (renamed from source4/libcli/auth/gensec_gsskrb5.c)0
-rw-r--r--source4/auth/gensec/gensec_krb5.c (renamed from source4/libcli/auth/gensec_krb5.c)2
-rw-r--r--source4/auth/gensec/gensec_ntlmssp.c (renamed from source4/libcli/auth/gensec_ntlmssp.c)0
-rw-r--r--source4/auth/gensec/ntlmssp.c (renamed from source4/libcli/auth/ntlmssp.c)0
-rw-r--r--source4/auth/gensec/ntlmssp.h (renamed from source4/libcli/auth/ntlmssp.h)0
-rw-r--r--source4/auth/gensec/ntlmssp_parse.c (renamed from source4/libcli/auth/ntlmssp_parse.c)0
-rw-r--r--source4/auth/gensec/ntlmssp_sign.c (renamed from source4/libcli/auth/ntlmssp_sign.c)0
-rw-r--r--source4/auth/gensec/schannel.c (renamed from source4/libcli/auth/schannel.c)2
-rw-r--r--source4/auth/gensec/schannel.h (renamed from source4/libcli/auth/schannel.h)0
-rw-r--r--source4/auth/gensec/schannel_sign.c (renamed from source4/libcli/auth/schannel_sign.c)5
-rw-r--r--source4/auth/gensec/schannel_state.c (renamed from source4/libcli/auth/schannel_state.c)0
-rw-r--r--source4/auth/gensec/spnego.c (renamed from source4/libcli/auth/spnego.c)0
-rw-r--r--source4/auth/gensec/spnego.h (renamed from source4/libcli/auth/spnego.h)0
-rw-r--r--source4/auth/gensec/spnego_parse.c (renamed from source4/libcli/auth/spnego_parse.c)0
-rw-r--r--source4/auth/kerberos/clikrb5.c (renamed from source4/libcli/auth/clikrb5.c)2
-rw-r--r--source4/auth/kerberos/gssapi_parse.c (renamed from source4/libcli/auth/gssapi_parse.c)2
-rw-r--r--source4/auth/kerberos/kerberos.c (renamed from source4/libcli/auth/kerberos.c)2
-rw-r--r--source4/auth/kerberos/kerberos.h (renamed from source4/libcli/auth/kerberos.h)0
-rw-r--r--source4/auth/kerberos/kerberos.m4491
-rw-r--r--source4/auth/kerberos/kerberos.mk10
-rw-r--r--source4/auth/kerberos/kerberos_verify.c (renamed from source4/libcli/auth/kerberos_verify.c)2
-rw-r--r--source4/build/smb_build/main.pm3
-rw-r--r--source4/configure.in3
-rw-r--r--source4/libads/config.m4490
30 files changed, 531 insertions, 524 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 425410e088..a9f6b8eac5 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -22,10 +22,10 @@
#ifndef _SAMBA_AUTH_H
#define _SAMBA_AUTH_H
-#include "libcli/auth/ntlmssp.h"
+#include "auth/gensec/ntlmssp.h"
#include "libcli/auth/credentials.h"
-#include "libcli/auth/gensec.h"
-#include "libcli/auth/spnego.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/spnego.h"
/* modules can use the following to determine if the interface has changed
* please increment the version number after each interface change
diff --git a/source4/libcli/auth/gensec.c b/source4/auth/gensec/gensec.c
index cc7327187c..cc7327187c 100644
--- a/source4/libcli/auth/gensec.c
+++ b/source4/auth/gensec/gensec.c
diff --git a/source4/libcli/auth/gensec.h b/source4/auth/gensec/gensec.h
index 91c817d48a..91c817d48a 100644
--- a/source4/libcli/auth/gensec.h
+++ b/source4/auth/gensec/gensec.h
diff --git a/source4/libcli/auth/gensec.m4 b/source4/auth/gensec/gensec.m4
index 6ccf45ad7e..1af0a1d9c8 100644
--- a/source4/libcli/auth/gensec.m4
+++ b/source4/auth/gensec/gensec.m4
@@ -3,7 +3,7 @@ SMB_MODULE_DEFAULT(gensec_gssapi, NOT)
SMB_MODULE_DEFAULT(gensec_gsskrb5, NOT)
if test x"$SMB_EXT_LIB_ENABLE_KRB5" = x"YES"; then
- # enable this when krb5 is fully working
+ # krb5 is now disabled at runtime, not build time
SMB_MODULE_DEFAULT(gensec_krb5, STATIC)
SMB_MODULE_DEFAULT(gensec_gssapi, STATIC)
if test x"$samba_cv_GSS_C_DCE_STYLE" = x"yes"; then
diff --git a/source4/libcli/auth/gensec.mk b/source4/auth/gensec/gensec.mk
index b4c612da14..8ed6f7c840 100644
--- a/source4/libcli/auth/gensec.mk
+++ b/source4/auth/gensec/gensec.mk
@@ -2,7 +2,7 @@
# Start SUBSYSTEM GENSEC
[SUBSYSTEM::GENSEC]
INIT_FUNCTION = gensec_init
-INIT_OBJ_FILES = libcli/auth/gensec.o
+INIT_OBJ_FILES = auth/gensec/gensec.o
REQUIRED_SUBSYSTEMS = \
SCHANNELDB
# End SUBSYSTEM GENSEC
@@ -13,13 +13,8 @@ REQUIRED_SUBSYSTEMS = \
[MODULE::gensec_krb5]
SUBSYSTEM = GENSEC
INIT_FUNCTION = gensec_krb5_init
-INIT_OBJ_FILES = libcli/auth/gensec_krb5.o
-ADD_OBJ_FILES = \
- libcli/auth/clikrb5.o \
- libcli/auth/kerberos.o \
- libcli/auth/kerberos_verify.o \
- libcli/auth/gssapi_parse.o
-REQUIRED_SUBSYSTEMS = NDR_KRB5PAC EXT_LIB_KRB5
+INIT_OBJ_FILES = auth/gensec/gensec_krb5.o
+REQUIRED_SUBSYSTEMS = NDR_KRB5PAC KERBEROS EXT_LIB_KRB5
# End MODULE gensec_krb5
################################################
@@ -28,7 +23,7 @@ REQUIRED_SUBSYSTEMS = NDR_KRB5PAC EXT_LIB_KRB5
[MODULE::gensec_gssapi]
SUBSYSTEM = GENSEC
INIT_FUNCTION = gensec_gssapi_init
-INIT_OBJ_FILES = libcli/auth/gensec_gssapi.o
+INIT_OBJ_FILES = auth/gensec/gensec_gssapi.o
REQUIRED_SUBSYSTEMS = EXT_LIB_KRB5
# End MODULE gensec_gssapi
################################################
@@ -38,7 +33,7 @@ REQUIRED_SUBSYSTEMS = EXT_LIB_KRB5
[MODULE::gensec_gsskrb5]
SUBSYSTEM = GENSEC
INIT_FUNCTION = gensec_gsskrb5_init
-INIT_OBJ_FILES = libcli/auth/gensec_gsskrb5.o
+INIT_OBJ_FILES = auth/gensec/gensec_gsskrb5.o
REQUIRED_SUBSYSTEMS = EXT_LIB_KRB5
# End MODULE gensec_gsskrb5
################################################
@@ -48,9 +43,9 @@ REQUIRED_SUBSYSTEMS = EXT_LIB_KRB5
[MODULE::gensec_spnego]
SUBSYSTEM = GENSEC
INIT_FUNCTION = gensec_spnego_init
-INIT_OBJ_FILES = libcli/auth/spnego.o
+INIT_OBJ_FILES = auth/gensec/spnego.o
ADD_OBJ_FILES = \
- libcli/auth/spnego_parse.o
+ auth/gensec/spnego_parse.o
# End MODULE gensec_spnego
################################################
@@ -59,11 +54,11 @@ ADD_OBJ_FILES = \
[MODULE::gensec_ntlmssp]
SUBSYSTEM = GENSEC
INIT_FUNCTION = gensec_ntlmssp_init
-INIT_OBJ_FILES = libcli/auth/gensec_ntlmssp.o
+INIT_OBJ_FILES = auth/gensec/gensec_ntlmssp.o
ADD_OBJ_FILES = \
- libcli/auth/ntlmssp.o \
- libcli/auth/ntlmssp_parse.o \
- libcli/auth/ntlmssp_sign.o
+ auth/gensec/ntlmssp.o \
+ auth/gensec/ntlmssp_parse.o \
+ auth/gensec/ntlmssp_sign.o
REQUIRED_SUBSYSTEMS = AUTH
# End MODULE gensec_ntlmssp
################################################
@@ -73,9 +68,9 @@ REQUIRED_SUBSYSTEMS = AUTH
[MODULE::gensec_schannel]
SUBSYSTEM = GENSEC
INIT_FUNCTION = gensec_schannel_init
-INIT_OBJ_FILES = libcli/auth/schannel.o
+INIT_OBJ_FILES = auth/gensec/schannel.o
ADD_OBJ_FILES = \
- libcli/auth/schannel_sign.o
+ auth/gensec/schannel_sign.o
REQUIRED_SUBSYSTEMS = AUTH SCHANNELDB
# End MODULE gensec_ntlmssp
################################################
@@ -84,7 +79,7 @@ REQUIRED_SUBSYSTEMS = AUTH SCHANNELDB
# Start SUBSYSTEM SCHANNELDB
[SUBSYSTEM::SCHANNELDB]
INIT_OBJ_FILES = \
- libcli/auth/schannel_state.o
+ auth/gensec/schannel_state.o
#
# End SUBSYSTEM SCHANNELDB
################################################
diff --git a/source4/libcli/auth/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index c974b93952..c974b93952 100644
--- a/source4/libcli/auth/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
diff --git a/source4/libcli/auth/gensec_gsskrb5.c b/source4/auth/gensec/gensec_gsskrb5.c
index 77e077276b..77e077276b 100644
--- a/source4/libcli/auth/gensec_gsskrb5.c
+++ b/source4/auth/gensec/gensec_gsskrb5.c
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 453485d816..bad143f3c8 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -27,7 +27,7 @@
#include "includes.h"
#include "system/kerberos.h"
#include "system/time.h"
-#include "libcli/auth/kerberos.h"
+#include "auth/kerberos/kerberos.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "auth/auth.h"
diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/auth/gensec/gensec_ntlmssp.c
index 5955904886..5955904886 100644
--- a/source4/libcli/auth/gensec_ntlmssp.c
+++ b/source4/auth/gensec/gensec_ntlmssp.c
diff --git a/source4/libcli/auth/ntlmssp.c b/source4/auth/gensec/ntlmssp.c
index 37374d9d39..37374d9d39 100644
--- a/source4/libcli/auth/ntlmssp.c
+++ b/source4/auth/gensec/ntlmssp.c
diff --git a/source4/libcli/auth/ntlmssp.h b/source4/auth/gensec/ntlmssp.h
index e17c133c8b..e17c133c8b 100644
--- a/source4/libcli/auth/ntlmssp.h
+++ b/source4/auth/gensec/ntlmssp.h
diff --git a/source4/libcli/auth/ntlmssp_parse.c b/source4/auth/gensec/ntlmssp_parse.c
index 42546cb130..42546cb130 100644
--- a/source4/libcli/auth/ntlmssp_parse.c
+++ b/source4/auth/gensec/ntlmssp_parse.c
diff --git a/source4/libcli/auth/ntlmssp_sign.c b/source4/auth/gensec/ntlmssp_sign.c
index 347a85da77..347a85da77 100644
--- a/source4/libcli/auth/ntlmssp_sign.c
+++ b/source4/auth/gensec/ntlmssp_sign.c
diff --git a/source4/libcli/auth/schannel.c b/source4/auth/gensec/schannel.c
index 3dbf10580b..0657de27d9 100644
--- a/source4/libcli/auth/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -24,7 +24,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_schannel.h"
#include "auth/auth.h"
-#include "libcli/auth/schannel.h"
+#include "auth/gensec/schannel.h"
static size_t schannel_sig_size(struct gensec_security *gensec_security)
{
diff --git a/source4/libcli/auth/schannel.h b/source4/auth/gensec/schannel.h
index c109387c7c..c109387c7c 100644
--- a/source4/libcli/auth/schannel.h
+++ b/source4/auth/gensec/schannel.h
diff --git a/source4/libcli/auth/schannel_sign.c b/source4/auth/gensec/schannel_sign.c
index 3b493bd0d3..493b26f6c0 100644
--- a/source4/libcli/auth/schannel_sign.c
+++ b/source4/auth/gensec/schannel_sign.c
@@ -23,9 +23,8 @@
#include "includes.h"
#include "lib/crypto/crypto.h"
-#include "libcli/auth/schannel.h"
-#include "libcli/auth/gensec.h"
-#include "libcli/auth/credentials.h"
+#include "auth/auth.h"
+#include "auth/gensec/schannel.h"
#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
diff --git a/source4/libcli/auth/schannel_state.c b/source4/auth/gensec/schannel_state.c
index b2d632a1f0..b2d632a1f0 100644
--- a/source4/libcli/auth/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
diff --git a/source4/libcli/auth/spnego.c b/source4/auth/gensec/spnego.c
index f5a091cd78..f5a091cd78 100644
--- a/source4/libcli/auth/spnego.c
+++ b/source4/auth/gensec/spnego.c
diff --git a/source4/libcli/auth/spnego.h b/source4/auth/gensec/spnego.h
index 1064370146..1064370146 100644
--- a/source4/libcli/auth/spnego.h
+++ b/source4/auth/gensec/spnego.h
diff --git a/source4/libcli/auth/spnego_parse.c b/source4/auth/gensec/spnego_parse.c
index e48c32f0da..e48c32f0da 100644
--- a/source4/libcli/auth/spnego_parse.c
+++ b/source4/auth/gensec/spnego_parse.c
diff --git a/source4/libcli/auth/clikrb5.c b/source4/auth/kerberos/clikrb5.c
index b7bd710304..ec8f60fbb3 100644
--- a/source4/libcli/auth/clikrb5.c
+++ b/source4/auth/kerberos/clikrb5.c
@@ -23,7 +23,7 @@
#include "system/network.h"
#include "system/kerberos.h"
#include "system/time.h"
-#include "libcli/auth/kerberos.h"
+#include "auth/kerberos/kerberos.h"
#ifdef HAVE_KRB5
diff --git a/source4/libcli/auth/gssapi_parse.c b/source4/auth/kerberos/gssapi_parse.c
index 89929c8c6d..2c2c4e17e5 100644
--- a/source4/libcli/auth/gssapi_parse.c
+++ b/source4/auth/kerberos/gssapi_parse.c
@@ -25,7 +25,7 @@
#include "includes.h"
#include "asn_1.h"
#include "system/kerberos.h"
-#include "libcli/auth/gensec.h"
+#include "auth/gensec/gensec.h"
/*
generate a krb5 GSS-API wrapper packet given a ticket
diff --git a/source4/libcli/auth/kerberos.c b/source4/auth/kerberos/kerberos.c
index 89b4108280..98b530e7cf 100644
--- a/source4/libcli/auth/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -25,7 +25,7 @@
#include "includes.h"
#include "system/kerberos.h"
#include "system/time.h"
-#include "libcli/auth/kerberos.h"
+#include "auth/kerberos/kerberos.h"
#include "secrets.h"
#include "pstring.h"
#include "ads.h"
diff --git a/source4/libcli/auth/kerberos.h b/source4/auth/kerberos/kerberos.h
index 4daf0ea07a..4daf0ea07a 100644
--- a/source4/libcli/auth/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
diff --git a/source4/auth/kerberos/kerberos.m4 b/source4/auth/kerberos/kerberos.m4
new file mode 100644
index 0000000000..f18386a91a
--- /dev/null
+++ b/source4/auth/kerberos/kerberos.m4
@@ -0,0 +1,491 @@
+#################################################
+# KRB5 support
+KRB5_CFLAGS=""
+KRB5_CPPFLAGS=""
+KRB5_LDFLAGS=""
+KRB5_LIBS=""
+with_krb5_support=auto
+krb5_withval=auto
+AC_MSG_CHECKING([for KRB5 support])
+
+# Do no harm to the values of CFLAGS and LIBS while testing for
+# Kerberos support.
+AC_ARG_WITH(krb5,
+[ --with-krb5=base-dir Locate Kerberos 5 support (default=auto)],
+ [ case "$withval" in
+ no)
+ with_krb5_support=no
+ AC_MSG_RESULT(no)
+ krb5_withval=no
+ ;;
+ yes)
+ with_krb5_support=yes
+ AC_MSG_RESULT(yes)
+ krb5_withval=yes
+ ;;
+ auto)
+ with_krb5_support=auto
+ AC_MSG_RESULT(auto)
+ krb5_withval=auto
+ ;;
+ *)
+ with_krb5_support=yes
+ AC_MSG_RESULT(yes)
+ krb5_withval=$withval
+ KRB5CONFIG="$krb5_withval/bin/krb5-config"
+ ;;
+ esac ],
+ AC_MSG_RESULT($with_krb5_support)
+)
+
+if test x$with_krb5_support != x"no"; then
+ FOUND_KRB5=no
+ FOUND_KRB5_VIA_CONFIG=no
+
+ #################################################
+ # check for krb5-config from recent MIT and Heimdal kerberos 5
+ AC_MSG_CHECKING(for working specified location for krb5-config)
+ if test x$KRB5CONFIG != "x"; then
+ if test -x "$KRB5CONFIG"; then
+ ac_save_CFLAGS=$CFLAGS
+ CFLAGS="";export CFLAGS
+ ac_save_LDFLAGS=$LDFLAGS
+ LDFLAGS="";export LDFLAGS
+ KRB5_LIBS="`$KRB5CONFIG --libs gssapi`"
+ KRB5_CFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
+ KRB5_CPPFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
+ CFLAGS=$ac_save_CFLAGS;export CFLAGS
+ LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS
+ FOUND_KRB5=yes
+ FOUND_KRB5_VIA_CONFIG=yes
+ AC_MSG_RESULT(yes. Found $KRB5CONFIG)
+ else
+ AC_MSG_RESULT(no. Fallback to specified directory)
+ fi
+ else
+ AC_MSG_RESULT(no. Fallback to finding krb5-config in path)
+ #################################################
+ # check for krb5-config from recent MIT and Heimdal kerberos 5
+ AC_PATH_PROG(KRB5CONFIG, krb5-config)
+ AC_MSG_CHECKING(for working krb5-config in path)
+ if test -x "$KRB5CONFIG"; then
+ ac_save_CFLAGS=$CFLAGS
+ CFLAGS="";export CFLAGS
+ ac_save_LDFLAGS=$LDFLAGS
+ LDFLAGS="";export LDFLAGS
+ KRB5_LIBS="`$KRB5CONFIG --libs gssapi`"
+ KRB5_CFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
+ KRB5_CPPFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
+ CFLAGS=$ac_save_CFLAGS;export CFLAGS
+ LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS
+ FOUND_KRB5=yes
+ FOUND_KRB5_VIA_CONFIG=yes
+ AC_MSG_RESULT(yes. Found $KRB5CONFIG)
+ else
+ AC_MSG_RESULT(no. Fallback to previous krb5 detection strategy)
+ fi
+ fi
+
+ if test x$FOUND_KRB5 != x"yes"; then
+ #################################################
+ # check for location of Kerberos 5 install
+ AC_MSG_CHECKING(for kerberos 5 install path)
+ case "$krb5_withval" in
+ no)
+ AC_MSG_RESULT(no krb5-path given)
+ ;;
+ yes)
+ AC_MSG_RESULT(/usr)
+ FOUND_KRB5=yes
+ ;;
+ *)
+ AC_MSG_RESULT($krb5_withval)
+ KRB5_CFLAGS="-I$krb5_withval/include"
+ KRB5_CPPFLAGS="-I$krb5_withval/include"
+ KRB5_LDFLAGS="-L$krb5_withval/lib"
+ FOUND_KRB5=yes
+ ;;
+ esac
+ fi
+
+ if test x$FOUND_KRB5 != x"yes"; then
+ #################################################
+ # see if this box has the SuSE location for the heimdal krb implementation
+ AC_MSG_CHECKING(for /usr/include/heimdal)
+ if test -d /usr/include/heimdal; then
+ if test -f /usr/lib/heimdal/lib/libkrb5.a; then
+ KRB5_CFLAGS="-I/usr/include/heimdal"
+ KRB5_CPPFLAGS="-I/usr/include/heimdal"
+ KRB5_LDFLAGS="-L/usr/lib/heimdal/lib"
+ AC_MSG_RESULT(yes)
+ else
+ KRB5_CFLAGS="-I/usr/include/heimdal"
+ KRB5_CPPFLAGS="-I/usr/include/heimdal"
+ AC_MSG_RESULT(yes)
+ fi
+ else
+ AC_MSG_RESULT(no)
+ fi
+ fi
+
+ if test x$FOUND_KRB5 != x"yes"; then
+ #################################################
+ # see if this box has the RedHat location for kerberos
+ AC_MSG_CHECKING(for /usr/kerberos)
+ if test -d /usr/kerberos -a -f /usr/kerberos/lib/libkrb5.a; then
+ KRB5_LDFLAGS="-L/usr/kerberos/lib"
+ KRB5_CFLAGS="-I/usr/kerberos/include"
+ KRB5_CPPFLAGS="-I/usr/kerberos/include"
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_RESULT(no)
+ fi
+ fi
+
+ ac_save_CFLAGS=$CFLAGS
+ ac_save_CPPFLAGS=$CPPFLAGS
+ ac_save_LDFLAGS=$LDFLAGS
+
+ #MIT needs this, to let us see 'internal' parts of the headers we use
+ KRB5_CFLAGS="${KRB5_CFLAGS} -DKRB5_PRIVATE -DKRB5_DEPRECATED"
+
+ #Heimdal needs this
+ #TODO: we need to parse KRB5_LIBS for -L path
+ # and set -Wl,-rpath -Wl,path
+
+ CFLAGS="$CFLAGS $KRB5_CFLAGS"
+ CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
+ LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
+
+ KRB5_LIBS="$KRB5_LDFLAGS $KRB5_LIBS"
+
+ # now check for krb5.h. Some systems have the libraries without the headers!
+ # note that this check is done here to allow for different kerberos
+ # include paths
+ AC_CHECK_HEADERS(krb5.h)
+
+ if test x"$ac_cv_header_krb5_h" = x"no"; then
+ # Give a warning if KRB5 support was not explicitly requested,
+ # i.e with_krb5_support = auto, otherwise die with an error.
+ if test x"$with_krb5_support" = x"yes"; then
+ AC_MSG_ERROR([KRB5 cannot be supported without krb5.h])
+ else
+ AC_MSG_WARN([KRB5 cannot be supported without krb5.h])
+ fi
+ # Turn off AD support and restore CFLAGS and LIBS variables
+ with_krb5_support="no"
+ fi
+
+ CFLAGS=$ac_save_CFLAGS
+ CPPFLAGS=$ac_save_CPPFLAGS
+ LDFLAGS=$ac_save_LDFLAGS
+fi
+
+# Now we have determined whether we really want KRB5 support
+
+if test x"$with_krb5_support" != x"no"; then
+ ac_save_CFLAGS=$CFLAGS
+ ac_save_CPPFLAGS=$CPPFLAGS
+ ac_save_LDFLAGS=$LDFLAGS
+ ac_save_LIBS=$LIBS
+
+ CFLAGS="$CFLAGS $KRB5_CFLAGS"
+ CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
+ LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
+
+ # now check for gssapi headers. This is also done here to allow for
+ # different kerberos include paths
+ AC_CHECK_HEADERS(gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h com_err.h)
+
+ ##################################################################
+ # we might need the k5crypto and com_err libraries on some systems
+ AC_CHECK_LIB_EXT(com_err, KRB5_LIBS, _et_list)
+ AC_CHECK_LIB_EXT(k5crypto, KRB5_LIBS, krb5_encrypt_data)
+
+ # Heimdal checks.
+ # But only if we didn't have a krb5-config to tell us this already
+ if test x"$FOUND_KRB5_VIA_CONFIG" != x"yes"; then
+ AC_CHECK_LIB_EXT(crypto, KRB5_LIBS, des_set_key)
+ AC_CHECK_LIB_EXT(asn1, KRB5_LIBS, copy_Authenticator)
+ AC_CHECK_LIB_EXT(roken, KRB5_LIBS, roken_getaddrinfo_hostspec)
+ fi
+
+ # Heimdal checks. On static Heimdal gssapi must be linked before krb5.
+ AC_CHECK_LIB_EXT(gssapi, KRB5_LIBS, gss_display_status,[],[],
+ AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
+
+ ########################################################
+ # now see if we can find the krb5 libs in standard paths
+ # or as specified above
+ AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_mk_req_extended)
+ AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_kt_compare)
+
+ ########################################################
+ # now see if we can find the gssapi libs in standard paths
+ if test x"$ac_cv_lib_ext_gssapi_gss_display_status" != x"yes"; then
+ AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[],
+ AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
+ fi
+
+ AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_set_default_in_tkt_etypes, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_set_default_tgs_ktypes, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_principal2salt, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_use_enctype, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_string_to_key, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_pw_salt, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_free_ktypes, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_principal_get_comp_string, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_verify_checksum, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_c_verify_checksum, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_ticket_get_authorization_data_type, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_c_enctype_compare, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_enctypes_compatible_keys, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_error_string, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_free_error_string, $KRB5_LIBS)
+
+ LIBS="$LIBS $KRB5_LIBS"
+
+ AC_CACHE_CHECK([for krb5_encrypt_block type],
+ samba_cv_HAVE_KRB5_ENCRYPT_BLOCK,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_encrypt_block block;],
+ samba_cv_HAVE_KRB5_ENCRYPT_BLOCK=yes,
+ samba_cv_HAVE_KRB5_ENCRYPT_BLOCK=no)])
+
+ if test x"$samba_cv_HAVE_KRB5_ENCRYPT_BLOCK" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_ENCRYPT_BLOCK,1,
+ [Whether the type krb5_encrypt_block exists])
+ fi
+
+ AC_CACHE_CHECK([for addrtype in krb5_address],
+ samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_address kaddr; kaddr.addrtype = ADDRTYPE_INET;],
+ samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=yes,
+ samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=no)])
+ if test x"$samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS" = x"yes"; then
+ AC_DEFINE(HAVE_ADDRTYPE_IN_KRB5_ADDRESS,1,
+ [Whether the krb5_address struct has a addrtype property])
+ fi
+
+ AC_CACHE_CHECK([for addr_type in krb5_address],
+ samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_address kaddr; kaddr.addr_type = KRB5_ADDRESS_INET;],
+ samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=yes,
+ samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=no)])
+ if test x"$samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS" = x"yes"; then
+ AC_DEFINE(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,1,
+ [Whether the krb5_address struct has a addr_type property])
+ fi
+
+ AC_CACHE_CHECK([for enc_part2 in krb5_ticket],
+ samba_cv_HAVE_KRB5_TKT_ENC_PART2,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_ticket tkt; tkt.enc_part2->authorization_data[0]->contents = NULL;],
+ samba_cv_HAVE_KRB5_TKT_ENC_PART2=yes,
+ samba_cv_HAVE_KRB5_TKT_ENC_PART2=no)])
+ if test x"$samba_cv_HAVE_KRB5_TKT_ENC_PART2" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_TKT_ENC_PART2,1,
+ [Whether the krb5_ticket struct has a enc_part2 property])
+ fi
+
+ AC_CACHE_CHECK([for keyblock in krb5_creds],
+ samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_creds creds; krb5_keyblock kb; creds.keyblock = kb;],
+ samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS=yes,
+ samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS=no)])
+
+ if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_KEYBLOCK_IN_CREDS,1,
+ [Whether the krb5_creds struct has a keyblock property])
+ fi
+
+ AC_CACHE_CHECK([for session in krb5_creds],
+ samba_cv_HAVE_KRB5_SESSION_IN_CREDS,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_creds creds; krb5_keyblock kb; creds.session = kb;],
+ samba_cv_HAVE_KRB5_SESSION_IN_CREDS=yes,
+ samba_cv_HAVE_KRB5_SESSION_IN_CREDS=no)])
+
+ if test x"$samba_cv_HAVE_KRB5_SESSION_IN_CREDS" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_SESSION_IN_CREDS,1,
+ [Whether the krb5_creds struct has a session property])
+ fi
+
+ AC_CACHE_CHECK([for keyvalue in krb5_keyblock],
+ samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_keyblock key; key.keyvalue.data = NULL;],
+ samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=yes,
+ samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=no)])
+ if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1,
+ [Whether the krb5_keyblock struct has a keyvalue property])
+ fi
+
+ AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5],
+ samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC_MD5;],
+ samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=yes,
+ samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=no)])
+ AC_CACHE_CHECK([for KEYTYPE_ARCFOUR_56],
+ samba_cv_HAVE_KEYTYPE_ARCFOUR_56,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_keytype keytype; keytype = KEYTYPE_ARCFOUR_56;],
+ samba_cv_HAVE_KEYTYPE_ARCFOUR_56=yes,
+ samba_cv_HAVE_KEYTYPE_ARCFOUR_56=no)])
+ # Heimdals with KEYTYPE_ARCFOUR but not KEYTYPE_ARCFOUR_56 are broken
+ # w.r.t. arcfour and windows, so we must not enable it here
+ if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5" = x"yes" -a\
+ x"$samba_cv_HAVE_KEYTYPE_ARCFOUR_56" = x"yes"; then
+ AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1,
+ [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available])
+ fi
+
+ AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY],
+ samba_cv_HAVE_AP_OPTS_USE_SUBKEY,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_flags ap_options; ap_options = AP_OPTS_USE_SUBKEY;],
+ samba_cv_HAVE_AP_OPTS_USE_SUBKEY=yes,
+ samba_cv_HAVE_AP_OPTS_USE_SUBKEY=no)])
+ if test x"$samba_cv_HAVE_AP_OPTS_USE_SUBKEY" = x"yes"; then
+ AC_DEFINE(HAVE_AP_OPTS_USE_SUBKEY,1,
+ [Whether the AP_OPTS_USE_SUBKEY ap option is available])
+ fi
+
+ AC_CACHE_CHECK([for KV5M_KEYTAB],
+ samba_cv_HAVE_KV5M_KEYTAB,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_keytab_entry entry; entry.magic = KV5M_KEYTAB;],
+ samba_cv_HAVE_KV5M_KEYTAB=yes,
+ samba_cv_HAVE_KV5M_KEYTAB=no)])
+ if test x"$samba_cv_HAVE_KV5M_KEYTAB" = x"yes"; then
+ AC_DEFINE(HAVE_KV5M_KEYTAB,1,
+ [Whether the KV5M_KEYTAB option is available])
+ fi
+
+ AC_CACHE_CHECK([for the krb5_princ_component macro],
+ samba_cv_HAVE_KRB5_PRINC_COMPONENT,[
+ AC_TRY_LINK([#include <krb5.h>],
+ [const krb5_data *pkdata; krb5_context context; krb5_principal principal;
+ pkdata = krb5_princ_component(context, principal, 0);],
+ samba_cv_HAVE_KRB5_PRINC_COMPONENT=yes,
+ samba_cv_HAVE_KRB5_PRINC_COMPONENT=no)])
+ if test x"$samba_cv_HAVE_KRB5_PRINC_COMPONENT" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_PRINC_COMPONENT,1,
+ [Whether krb5_princ_component is available])
+ fi
+
+ AC_CACHE_CHECK([for key in krb5_keytab_entry],
+ samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_keytab_entry entry; krb5_keyblock e; entry.key = e;],
+ samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=yes,
+ samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=no)])
+ if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEY,1,
+ [Whether krb5_keytab_entry has key member])
+ fi
+
+ AC_CACHE_CHECK([for keyblock in krb5_keytab_entry],
+ samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_keytab_entry entry; entry.keyblock.keytype = 0;],
+ samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=yes,
+ samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=no)])
+ if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,1,
+ [Whether krb5_keytab_entry has keyblock member])
+ fi
+
+ AC_CACHE_CHECK([for WRFILE: keytab support],
+ samba_cv_HAVE_WRFILE_KEYTAB,[
+ AC_TRY_RUN([
+ #include<krb5.h>
+ main()
+ {
+ krb5_context context;
+ krb5_keytab keytab;
+ krb5_init_context(&context);
+ return krb5_kt_resolve(context, "WRFILE:api", &keytab);
+ }],
+ samba_cv_HAVE_WRFILE_KEYTAB=yes,
+ samba_cv_HAVE_WRFILE_KEYTAB=no)])
+ if test x"$samba_cv_HAVE_WRFILE_KEYTAB" = x"yes"; then
+ AC_DEFINE(HAVE_WRFILE_KEYTAB,1,
+ [Whether the WRFILE:-keytab is supported])
+ fi
+
+ AC_CACHE_CHECK([for krb5_princ_realm returns krb5_realm or krb5_data],
+ samba_cv_KRB5_PRINC_REALM_RETURNS_REALM,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_context context;krb5_principal principal;krb5_realm realm;
+ realm = *krb5_princ_realm(context, principal);],
+ samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=yes,
+ samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=no)])
+ if test x"$samba_cv_KRB5_PRINC_REALM_RETURNS_REALM" = x"yes"; then
+ AC_DEFINE(KRB5_PRINC_REALM_RETURNS_REALM,1,
+ [Whether krb5_princ_realm returns krb5_realm or krb5_data])
+ fi
+
+ # TODO: check all gssapi headers for this
+ AC_CACHE_CHECK([for GSS_C_DCE_STYLE in gssapi.h],
+ samba_cv_GSS_C_DCE_STYLE,[
+ AC_TRY_COMPILE([#include <gssapi.h>],
+ [int flags = GSS_C_DCE_STYLE;],
+ samba_cv_GSS_C_DCE_STYLE=yes,
+ samba_cv_GSS_C_DCE_STYLE=no)])
+
+ if test x"$ac_cv_lib_ext_krb5_krb5_mk_req_extended" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support])
+ AC_MSG_CHECKING(whether KRB5 support is used)
+ SMB_EXT_LIB_ENABLE(KRB5,YES)
+ AC_MSG_RESULT(yes)
+ echo "KRB5_CFLAGS: ${KRB5_CFLAGS}"
+ echo "KRB5_CPPFLAGS: ${KRB5_CPPFLAGS}"
+ echo "KRB5_LDFLAGS: ${KRB5_LDFLAGS}"
+ echo "KRB5_LIBS: ${KRB5_LIBS}"
+ else
+ if test x"$with_krb5_support" = x"yes"; then
+ AC_MSG_ERROR(a working krb5 library is needed for KRB5 support)
+ else
+ AC_MSG_WARN(a working krb5 library is needed for KRB5 support)
+ fi
+ KRB5_CFLAGS=""
+ KRB5_CPPFLAGS=""
+ KRB5_LDFLAGS=""
+ KRB5_LIBS=""
+ with_krb5_support=no
+ fi
+
+ CFLAGS=$ac_save_CFLAGS
+ CPPFLAGS=$ac_save_CPPFLAGS
+ LDFLAGS=$ac_save_LDFLAGS
+ LIBS="$ac_save_LIBS"
+
+ # as a nasty hack add the krb5 stuff to the global vars,
+ # at some point this should not be needed anymore when the build system
+ # can handle that alone
+ CFLAGS="$CFLAGS $KRB5_CFLAGS"
+ CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
+ LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
+fi
+
+SMB_EXT_LIB(KRB5,[${KRB5_LIBS}],[${KRB5_CFLAGS}],[${KRB5_CPPFLAGS}],[${KRB5_LDFLAGS}])
+
diff --git a/source4/auth/kerberos/kerberos.mk b/source4/auth/kerberos/kerberos.mk
new file mode 100644
index 0000000000..a43e6bb517
--- /dev/null
+++ b/source4/auth/kerberos/kerberos.mk
@@ -0,0 +1,10 @@
+#################################
+# Start SUBSYSTEM KERBEROS
+[SUBSYSTEM::KERBEROS]
+INIT_OBJ_FILES = auth/kerberos/kerberos.o
+ADD_OBJ_FILES = \
+ auth/kerberos/clikrb5.o \
+ auth/kerberos/kerberos_verify.o \
+ auth/kerberos/gssapi_parse.o
+# End SUBSYSTEM KERBEROS
+#################################
diff --git a/source4/libcli/auth/kerberos_verify.c b/source4/auth/kerberos/kerberos_verify.c
index a1dfe1056e..3188e603cd 100644
--- a/source4/libcli/auth/kerberos_verify.c
+++ b/source4/auth/kerberos/kerberos_verify.c
@@ -25,7 +25,7 @@
#include "includes.h"
#include "system/kerberos.h"
-#include "libcli/auth/kerberos.h"
+#include "auth/kerberos/kerberos.h"
#include "asn_1.h"
#include "lib/ldb/include/ldb.h"
#include "secrets.h"
diff --git a/source4/build/smb_build/main.pm b/source4/build/smb_build/main.pm
index 381c548ac1..1dee5be910 100644
--- a/source4/build/smb_build/main.pm
+++ b/source4/build/smb_build/main.pm
@@ -44,7 +44,8 @@ sub smb_build_main($)
"ldap_server/config.mk",
"winbind/config.mk",
"nbt_server/config.mk",
- "libcli/auth/gensec.mk",
+ "auth/gensec/gensec.mk",
+ "auth/kerberos/kerberos.mk",
"libcli/auth/config.mk",
"libcli/ldap/config.mk",
"libcli/config.mk",
diff --git a/source4/configure.in b/source4/configure.in
index 366f038030..4b49591589 100644
--- a/source4/configure.in
+++ b/source4/configure.in
@@ -20,7 +20,8 @@ SMB_INCLUDE_M4(lib/ldb/config.m4)
SMB_INCLUDE_M4(lib/events/config.m4)
SMB_INCLUDE_M4(lib/cmdline/config.m4)
SMB_INCLUDE_M4(param/config.m4)
-SMB_INCLUDE_M4(libcli/auth/gensec.m4)
+SMB_INCLUDE_M4(auth/kerberos/kerberos.m4)
+SMB_INCLUDE_M4(auth/gensec/gensec.m4)
SMB_INCLUDE_M4(libcli/config.m4)
SMB_INCLUDE_M4(librpc/config.m4)
SMB_INCLUDE_M4(smbd/process_model.m4)
diff --git a/source4/libads/config.m4 b/source4/libads/config.m4
index 8c27dba49e..a9e3fb5678 100644
--- a/source4/libads/config.m4
+++ b/source4/libads/config.m4
@@ -86,494 +86,4 @@ if test x"$with_ldap_support" != x"no"; then
LIBS=$ac_save_LIBS
fi
-#################################################
-# KRB5 support
-KRB5_CFLAGS=""
-KRB5_CPPFLAGS=""
-KRB5_LDFLAGS=""
-KRB5_LIBS=""
-with_krb5_support=auto
-krb5_withval=auto
-AC_MSG_CHECKING([for KRB5 support])
-
-# Do no harm to the values of CFLAGS and LIBS while testing for
-# Kerberos support.
-AC_ARG_WITH(krb5,
-[ --with-krb5=base-dir Locate Kerberos 5 support (default=auto)],
- [ case "$withval" in
- no)
- with_krb5_support=no
- AC_MSG_RESULT(no)
- krb5_withval=no
- ;;
- yes)
- with_krb5_support=yes
- AC_MSG_RESULT(yes)
- krb5_withval=yes
- ;;
- auto)
- with_krb5_support=auto
- AC_MSG_RESULT(auto)
- krb5_withval=auto
- ;;
- *)
- with_krb5_support=yes
- AC_MSG_RESULT(yes)
- krb5_withval=$withval
- KRB5CONFIG="$krb5_withval/bin/krb5-config"
- ;;
- esac ],
- AC_MSG_RESULT($with_krb5_support)
-)
-
-if test x$with_krb5_support != x"no"; then
- FOUND_KRB5=no
- FOUND_KRB5_VIA_CONFIG=no
-
- #################################################
- # check for krb5-config from recent MIT and Heimdal kerberos 5
- AC_MSG_CHECKING(for working specified location for krb5-config)
- if test x$KRB5CONFIG != "x"; then
- if test -x "$KRB5CONFIG"; then
- ac_save_CFLAGS=$CFLAGS
- CFLAGS="";export CFLAGS
- ac_save_LDFLAGS=$LDFLAGS
- LDFLAGS="";export LDFLAGS
- KRB5_LIBS="`$KRB5CONFIG --libs gssapi`"
- KRB5_CFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
- KRB5_CPPFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
- CFLAGS=$ac_save_CFLAGS;export CFLAGS
- LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS
- FOUND_KRB5=yes
- FOUND_KRB5_VIA_CONFIG=yes
- AC_MSG_RESULT(yes. Found $KRB5CONFIG)
- else
- AC_MSG_RESULT(no. Fallback to specified directory)
- fi
- else
- AC_MSG_RESULT(no. Fallback to finding krb5-config in path)
- #################################################
- # check for krb5-config from recent MIT and Heimdal kerberos 5
- AC_PATH_PROG(KRB5CONFIG, krb5-config)
- AC_MSG_CHECKING(for working krb5-config in path)
- if test -x "$KRB5CONFIG"; then
- ac_save_CFLAGS=$CFLAGS
- CFLAGS="";export CFLAGS
- ac_save_LDFLAGS=$LDFLAGS
- LDFLAGS="";export LDFLAGS
- KRB5_LIBS="`$KRB5CONFIG --libs gssapi`"
- KRB5_CFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
- KRB5_CPPFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
- CFLAGS=$ac_save_CFLAGS;export CFLAGS
- LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS
- FOUND_KRB5=yes
- FOUND_KRB5_VIA_CONFIG=yes
- AC_MSG_RESULT(yes. Found $KRB5CONFIG)
- else
- AC_MSG_RESULT(no. Fallback to previous krb5 detection strategy)
- fi
- fi
-
- if test x$FOUND_KRB5 != x"yes"; then
- #################################################
- # check for location of Kerberos 5 install
- AC_MSG_CHECKING(for kerberos 5 install path)
- case "$krb5_withval" in
- no)
- AC_MSG_RESULT(no krb5-path given)
- ;;
- yes)
- AC_MSG_RESULT(/usr)
- FOUND_KRB5=yes
- ;;
- *)
- AC_MSG_RESULT($krb5_withval)
- KRB5_CFLAGS="-I$krb5_withval/include"
- KRB5_CPPFLAGS="-I$krb5_withval/include"
- KRB5_LDFLAGS="-L$krb5_withval/lib"
- FOUND_KRB5=yes
- ;;
- esac
- fi
-
- if test x$FOUND_KRB5 != x"yes"; then
- #################################################
- # see if this box has the SuSE location for the heimdal krb implementation
- AC_MSG_CHECKING(for /usr/include/heimdal)
- if test -d /usr/include/heimdal; then
- if test -f /usr/lib/heimdal/lib/libkrb5.a; then
- KRB5_CFLAGS="-I/usr/include/heimdal"
- KRB5_CPPFLAGS="-I/usr/include/heimdal"
- KRB5_LDFLAGS="-L/usr/lib/heimdal/lib"
- AC_MSG_RESULT(yes)
- else
- KRB5_CFLAGS="-I/usr/include/heimdal"
- KRB5_CPPFLAGS="-I/usr/include/heimdal"
- AC_MSG_RESULT(yes)
- fi
- else
- AC_MSG_RESULT(no)
- fi
- fi
-
- if test x$FOUND_KRB5 != x"yes"; then
- #################################################
- # see if this box has the RedHat location for kerberos
- AC_MSG_CHECKING(for /usr/kerberos)
- if test -d /usr/kerberos -a -f /usr/kerberos/lib/libkrb5.a; then
- KRB5_LDFLAGS="-L/usr/kerberos/lib"
- KRB5_CFLAGS="-I/usr/kerberos/include"
- KRB5_CPPFLAGS="-I/usr/kerberos/include"
- AC_MSG_RESULT(yes)
- else
- AC_MSG_RESULT(no)
- fi
- fi
-
- ac_save_CFLAGS=$CFLAGS
- ac_save_CPPFLAGS=$CPPFLAGS
- ac_save_LDFLAGS=$LDFLAGS
-
- #MIT needs this, to let us see 'internal' parts of the headers we use
- KRB5_CFLAGS="${KRB5_CFLAGS} -DKRB5_PRIVATE -DKRB5_DEPRECATED"
-
- #Heimdal needs this
- #TODO: we need to parse KRB5_LIBS for -L path
- # and set -Wl,-rpath -Wl,path
-
- CFLAGS="$CFLAGS $KRB5_CFLAGS"
- CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
- LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
-
- KRB5_LIBS="$KRB5_LDFLAGS $KRB5_LIBS"
-
- # now check for krb5.h. Some systems have the libraries without the headers!
- # note that this check is done here to allow for different kerberos
- # include paths
- AC_CHECK_HEADERS(krb5.h)
-
- if test x"$ac_cv_header_krb5_h" = x"no"; then
- # Give a warning if KRB5 support was not explicitly requested,
- # i.e with_krb5_support = auto, otherwise die with an error.
- if test x"$with_krb5_support" = x"yes"; then
- AC_MSG_ERROR([KRB5 cannot be supported without krb5.h])
- else
- AC_MSG_WARN([KRB5 cannot be supported without krb5.h])
- fi
- # Turn off AD support and restore CFLAGS and LIBS variables
- with_krb5_support="no"
- fi
-
- CFLAGS=$ac_save_CFLAGS
- CPPFLAGS=$ac_save_CPPFLAGS
- LDFLAGS=$ac_save_LDFLAGS
-fi
-
-# Now we have determined whether we really want KRB5 support
-
-if test x"$with_krb5_support" != x"no"; then
- ac_save_CFLAGS=$CFLAGS
- ac_save_CPPFLAGS=$CPPFLAGS
- ac_save_LDFLAGS=$LDFLAGS
- ac_save_LIBS=$LIBS
-
- CFLAGS="$CFLAGS $KRB5_CFLAGS"
- CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
- LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
-
- # now check for gssapi headers. This is also done here to allow for
- # different kerberos include paths
- AC_CHECK_HEADERS(gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h com_err.h)
-
- ##################################################################
- # we might need the k5crypto and com_err libraries on some systems
- AC_CHECK_LIB_EXT(com_err, KRB5_LIBS, _et_list)
- AC_CHECK_LIB_EXT(k5crypto, KRB5_LIBS, krb5_encrypt_data)
-
- # Heimdal checks.
- # But only if we didn't have a krb5-config to tell us this already
- if test x"$FOUND_KRB5_VIA_CONFIG" != x"yes"; then
- AC_CHECK_LIB_EXT(crypto, KRB5_LIBS, des_set_key)
- AC_CHECK_LIB_EXT(asn1, KRB5_LIBS, copy_Authenticator)
- AC_CHECK_LIB_EXT(roken, KRB5_LIBS, roken_getaddrinfo_hostspec)
- fi
-
- # Heimdal checks. On static Heimdal gssapi must be linked before krb5.
- AC_CHECK_LIB_EXT(gssapi, KRB5_LIBS, gss_display_status,[],[],
- AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
-
- ########################################################
- # now see if we can find the krb5 libs in standard paths
- # or as specified above
- AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_mk_req_extended)
- AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_kt_compare)
-
- ########################################################
- # now see if we can find the gssapi libs in standard paths
- if test x"$ac_cv_lib_ext_gssapi_gss_display_status" != x"yes"; then
- AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[],
- AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
- fi
-
- AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_set_default_in_tkt_etypes, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_set_default_tgs_ktypes, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_principal2salt, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_use_enctype, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_string_to_key, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_get_pw_salt, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_free_ktypes, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_principal_get_comp_string, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_verify_checksum, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_c_verify_checksum, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_ticket_get_authorization_data_type, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_c_enctype_compare, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_enctypes_compatible_keys, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_get_error_string, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_free_error_string, $KRB5_LIBS)
-
- LIBS="$LIBS $KRB5_LIBS"
-
- AC_CACHE_CHECK([for krb5_encrypt_block type],
- samba_cv_HAVE_KRB5_ENCRYPT_BLOCK,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_encrypt_block block;],
- samba_cv_HAVE_KRB5_ENCRYPT_BLOCK=yes,
- samba_cv_HAVE_KRB5_ENCRYPT_BLOCK=no)])
-
- if test x"$samba_cv_HAVE_KRB5_ENCRYPT_BLOCK" = x"yes"; then
- AC_DEFINE(HAVE_KRB5_ENCRYPT_BLOCK,1,
- [Whether the type krb5_encrypt_block exists])
- fi
-
- AC_CACHE_CHECK([for addrtype in krb5_address],
- samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_address kaddr; kaddr.addrtype = ADDRTYPE_INET;],
- samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=yes,
- samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=no)])
- if test x"$samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS" = x"yes"; then
- AC_DEFINE(HAVE_ADDRTYPE_IN_KRB5_ADDRESS,1,
- [Whether the krb5_address struct has a addrtype property])
- fi
-
- AC_CACHE_CHECK([for addr_type in krb5_address],
- samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_address kaddr; kaddr.addr_type = KRB5_ADDRESS_INET;],
- samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=yes,
- samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=no)])
- if test x"$samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS" = x"yes"; then
- AC_DEFINE(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,1,
- [Whether the krb5_address struct has a addr_type property])
- fi
-
- AC_CACHE_CHECK([for enc_part2 in krb5_ticket],
- samba_cv_HAVE_KRB5_TKT_ENC_PART2,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_ticket tkt; tkt.enc_part2->authorization_data[0]->contents = NULL;],
- samba_cv_HAVE_KRB5_TKT_ENC_PART2=yes,
- samba_cv_HAVE_KRB5_TKT_ENC_PART2=no)])
- if test x"$samba_cv_HAVE_KRB5_TKT_ENC_PART2" = x"yes"; then
- AC_DEFINE(HAVE_KRB5_TKT_ENC_PART2,1,
- [Whether the krb5_ticket struct has a enc_part2 property])
- fi
-
- AC_CACHE_CHECK([for keyblock in krb5_creds],
- samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_creds creds; krb5_keyblock kb; creds.keyblock = kb;],
- samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS=yes,
- samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS=no)])
-
- if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS" = x"yes"; then
- AC_DEFINE(HAVE_KRB5_KEYBLOCK_IN_CREDS,1,
- [Whether the krb5_creds struct has a keyblock property])
- fi
-
- AC_CACHE_CHECK([for session in krb5_creds],
- samba_cv_HAVE_KRB5_SESSION_IN_CREDS,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_creds creds; krb5_keyblock kb; creds.session = kb;],
- samba_cv_HAVE_KRB5_SESSION_IN_CREDS=yes,
- samba_cv_HAVE_KRB5_SESSION_IN_CREDS=no)])
-
- if test x"$samba_cv_HAVE_KRB5_SESSION_IN_CREDS" = x"yes"; then
- AC_DEFINE(HAVE_KRB5_SESSION_IN_CREDS,1,
- [Whether the krb5_creds struct has a session property])
- fi
-
- AC_CACHE_CHECK([for keyvalue in krb5_keyblock],
- samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_keyblock key; key.keyvalue.data = NULL;],
- samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=yes,
- samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=no)])
- if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE" = x"yes"; then
- AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1,
- [Whether the krb5_keyblock struct has a keyvalue property])
- fi
-
- AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5],
- samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC_MD5;],
- samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=yes,
- samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=no)])
- AC_CACHE_CHECK([for KEYTYPE_ARCFOUR_56],
- samba_cv_HAVE_KEYTYPE_ARCFOUR_56,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_keytype keytype; keytype = KEYTYPE_ARCFOUR_56;],
- samba_cv_HAVE_KEYTYPE_ARCFOUR_56=yes,
- samba_cv_HAVE_KEYTYPE_ARCFOUR_56=no)])
- # Heimdals with KEYTYPE_ARCFOUR but not KEYTYPE_ARCFOUR_56 are broken
- # w.r.t. arcfour and windows, so we must not enable it here
- if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5" = x"yes" -a\
- x"$samba_cv_HAVE_KEYTYPE_ARCFOUR_56" = x"yes"; then
- AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1,
- [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available])
- fi
-
- AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY],
- samba_cv_HAVE_AP_OPTS_USE_SUBKEY,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_flags ap_options; ap_options = AP_OPTS_USE_SUBKEY;],
- samba_cv_HAVE_AP_OPTS_USE_SUBKEY=yes,
- samba_cv_HAVE_AP_OPTS_USE_SUBKEY=no)])
- if test x"$samba_cv_HAVE_AP_OPTS_USE_SUBKEY" = x"yes"; then
- AC_DEFINE(HAVE_AP_OPTS_USE_SUBKEY,1,
- [Whether the AP_OPTS_USE_SUBKEY ap option is available])
- fi
-
- AC_CACHE_CHECK([for KV5M_KEYTAB],
- samba_cv_HAVE_KV5M_KEYTAB,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_keytab_entry entry; entry.magic = KV5M_KEYTAB;],
- samba_cv_HAVE_KV5M_KEYTAB=yes,
- samba_cv_HAVE_KV5M_KEYTAB=no)])
- if test x"$samba_cv_HAVE_KV5M_KEYTAB" = x"yes"; then
- AC_DEFINE(HAVE_KV5M_KEYTAB,1,
- [Whether the KV5M_KEYTAB option is available])
- fi
-
- AC_CACHE_CHECK([for the krb5_princ_component macro],
- samba_cv_HAVE_KRB5_PRINC_COMPONENT,[
- AC_TRY_LINK([#include <krb5.h>],
- [const krb5_data *pkdata; krb5_context context; krb5_principal principal;
- pkdata = krb5_princ_component(context, principal, 0);],
- samba_cv_HAVE_KRB5_PRINC_COMPONENT=yes,
- samba_cv_HAVE_KRB5_PRINC_COMPONENT=no)])
- if test x"$samba_cv_HAVE_KRB5_PRINC_COMPONENT" = x"yes"; then
- AC_DEFINE(HAVE_KRB5_PRINC_COMPONENT,1,
- [Whether krb5_princ_component is available])
- fi
-
- AC_CACHE_CHECK([for key in krb5_keytab_entry],
- samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_keytab_entry entry; krb5_keyblock e; entry.key = e;],
- samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=yes,
- samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=no)])
- if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY" = x"yes"; then
- AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEY,1,
- [Whether krb5_keytab_entry has key member])
- fi
-
- AC_CACHE_CHECK([for keyblock in krb5_keytab_entry],
- samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_keytab_entry entry; entry.keyblock.keytype = 0;],
- samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=yes,
- samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=no)])
- if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK" = x"yes"; then
- AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,1,
- [Whether krb5_keytab_entry has keyblock member])
- fi
-
- AC_CACHE_CHECK([for WRFILE: keytab support],
- samba_cv_HAVE_WRFILE_KEYTAB,[
- AC_TRY_RUN([
- #include<krb5.h>
- main()
- {
- krb5_context context;
- krb5_keytab keytab;
- krb5_init_context(&context);
- return krb5_kt_resolve(context, "WRFILE:api", &keytab);
- }],
- samba_cv_HAVE_WRFILE_KEYTAB=yes,
- samba_cv_HAVE_WRFILE_KEYTAB=no)])
- if test x"$samba_cv_HAVE_WRFILE_KEYTAB" = x"yes"; then
- AC_DEFINE(HAVE_WRFILE_KEYTAB,1,
- [Whether the WRFILE:-keytab is supported])
- fi
-
- AC_CACHE_CHECK([for krb5_princ_realm returns krb5_realm or krb5_data],
- samba_cv_KRB5_PRINC_REALM_RETURNS_REALM,[
- AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_context context;krb5_principal principal;krb5_realm realm;
- realm = *krb5_princ_realm(context, principal);],
- samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=yes,
- samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=no)])
- if test x"$samba_cv_KRB5_PRINC_REALM_RETURNS_REALM" = x"yes"; then
- AC_DEFINE(KRB5_PRINC_REALM_RETURNS_REALM,1,
- [Whether krb5_princ_realm returns krb5_realm or krb5_data])
- fi
-
- # TODO: check all gssapi headers for this
- AC_CACHE_CHECK([for GSS_C_DCE_STYLE in gssapi.h],
- samba_cv_GSS_C_DCE_STYLE,[
- AC_TRY_COMPILE([#include <gssapi.h>],
- [int flags = GSS_C_DCE_STYLE;],
- samba_cv_GSS_C_DCE_STYLE=yes,
- samba_cv_GSS_C_DCE_STYLE=no)])
-
- if test x"$ac_cv_lib_ext_krb5_krb5_mk_req_extended" = x"yes"; then
- AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support])
- AC_MSG_CHECKING(whether KRB5 support is used)
- SMB_EXT_LIB_ENABLE(KRB5,YES)
- AC_MSG_RESULT(yes)
- echo "KRB5_CFLAGS: ${KRB5_CFLAGS}"
- echo "KRB5_CPPFLAGS: ${KRB5_CPPFLAGS}"
- echo "KRB5_LDFLAGS: ${KRB5_LDFLAGS}"
- echo "KRB5_LIBS: ${KRB5_LIBS}"
- else
- if test x"$with_krb5_support" = x"yes"; then
- AC_MSG_ERROR(a working krb5 library is needed for KRB5 support)
- else
- AC_MSG_WARN(a working krb5 library is needed for KRB5 support)
- fi
- KRB5_CFLAGS=""
- KRB5_CPPFLAGS=""
- KRB5_LDFLAGS=""
- KRB5_LIBS=""
- with_krb5_support=no
- fi
-
- CFLAGS=$ac_save_CFLAGS
- CPPFLAGS=$ac_save_CPPFLAGS
- LDFLAGS=$ac_save_LDFLAGS
- LIBS="$ac_save_LIBS"
-
- # as a nasty hack add the krb5 stuff to the global vars,
- # at some point this should not be needed anymore when the build system
- # can handle that alone
- CFLAGS="$CFLAGS $KRB5_CFLAGS"
- CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
- LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
-fi
-
SMB_EXT_LIB(LDAP,[${LDAP_LIBS}],[${LDAP_CFLAGS}],[${LDAP_CPPFLAGS}],[${LDAP_LDFLAGS}])
-SMB_EXT_LIB(KRB5,[${KRB5_LIBS}],[${KRB5_CFLAGS}],[${KRB5_CPPFLAGS}],[${KRB5_LDFLAGS}])