summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Bokovoy <ab@samba.org>2012-04-20 12:53:11 +0300
committerSimo Sorce <idra@samba.org>2012-04-23 16:38:43 -0400
commit4291fdcf3910b37d7dc7ed3849847fb162b5569b (patch)
tree686607359b82a667316461178c3b4cf4acd7e5f2
parent5b5b696c1e36dc7f81da24158e0853290084dec8 (diff)
downloadsamba-4291fdcf3910b37d7dc7ed3849847fb162b5569b.tar.gz
samba-4291fdcf3910b37d7dc7ed3849847fb162b5569b.tar.bz2
samba-4291fdcf3910b37d7dc7ed3849847fb162b5569b.zip
waf: move krb5 checks to a separate waf file
With PROCESS_SEPARATE_RULE in wafsamba it is now possible to simplify configuration and checks for MIT/Heimdal Kerberos implementations. 1. Move MIT krb5 checks from source3/wscript to wscript_configure_krb5 2. Make sure they are called same way (--with-mit-krb5-checks) 3. If no configure checks identified MIT krb5 in system (or were disabled), make sure Heimdal build is selected, embedded (default) or system-provided. This makes logic of configuration unchanged for Heimdal builds but adds less hacky way to use MIT krb5 builds. The latter does not work yet as we need to untangle more subsystems from HDB/Heimdal-specific details but lays out a foundation for that. Signed-off-by: Simo Sorce <idra@samba.org>
-rwxr-xr-xsource3/wscript180
-rwxr-xr-xwscript9
-rw-r--r--wscript_build18
-rw-r--r--wscript_build_embedded_heimdal1
-rw-r--r--wscript_build_system_heimdal1
-rw-r--r--wscript_configure_krb5187
6 files changed, 205 insertions, 191 deletions
diff --git a/source3/wscript b/source3/wscript
index ef415d08fd..46aa582748 100755
--- a/source3/wscript
+++ b/source3/wscript
@@ -542,186 +542,6 @@ msg.msg_acctrightslen = sizeof(fd);
conf.SET_TARGET_TYPE('ldap', 'EMPTY')
conf.SET_TARGET_TYPE('lber', 'EMPTY')
- # Check for kerberos
- have_gssapi=False
- if Options.options.with_mit_krb5_checks:
- Logs.info("Looking for kerberos features")
- conf.find_program('krb5-config', var='KRB5_CONFIG')
- if conf.env.KRB5_CONFIG:
- conf.check_cfg(path="krb5-config", args="--cflags --libs",
- package="gssapi", uselib_store="KRB5")
- conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5')
- conf.CHECK_HEADERS('gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h com_err.h', lib='krb5')
-
- if conf.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
- conf.env['WINBIND_KRB5_LOCATOR'] = 'bin/winbind_krb5_locator.so'
-
- conf.CHECK_FUNCS_IN('_et_list', 'com_err')
- conf.CHECK_FUNCS_IN('krb5_encrypt_data', 'k5crypto')
- conf.CHECK_FUNCS_IN('des_set_key','crypto')
- conf.CHECK_FUNCS_IN('copy_Authenticator', 'asn1')
- conf.CHECK_FUNCS_IN('roken_getaddrinfo_hostspec', 'roken')
- if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \
- conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'):
- have_gssapi=True
- conf.CHECK_FUNCS_IN('''
- gss_wrap_iov
- gss_krb5_import_cred
- gss_get_name_attribute
- gss_mech_krb5
- gss_oid_equal
- gss_inquire_sec_context_by_oid
- gsskrb5_extract_authz_data_from_sec_context
- gss_krb5_export_lucid_sec_context
- ''', 'gssapi gssapi_krb5 krb5')
- conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5')
- conf.CHECK_FUNCS('''
-krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
-krb5_set_default_tgs_ktypes krb5_principal2salt
-krb5_c_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey
-krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes
-krb5_get_default_in_tkt_etypes krb5_free_data_contents
-krb5_principal_get_comp_string krb5_free_unparsed_name
-krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init
-krb5_krbhst_get_addrinfo
-krb5_crypto_init krb5_crypto_destroy
-krb5_c_verify_checksum krb5_principal_compare_any_realm
-krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request
-krb5_get_renewed_creds krb5_free_error_contents
-initialize_krb5_error_table krb5_get_init_creds_opt_alloc
-krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error
-krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype
-krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds
-krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm''',
- lib='krb5 k5crypto')
- conf.CHECK_DECLS('''krb5_get_credentials_for_user
- krb5_auth_con_set_req_cksumtype''',
- headers='krb5.h', always=True)
- conf.CHECK_VARIABLE('AP_OPTS_USE_SUBKEY', headers='krb5.h')
- conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h')
- conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h')
- conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h')
- conf.CHECK_VARIABLE('ENCTYPE_AES128_CTS_HMAC_SHA1_96', headers='krb5.h')
- conf.CHECK_VARIABLE('ENCTYPE_AES256_CTS_HMAC_SHA1_96', headers='krb5.h')
- conf.CHECK_DECLS('KRB5_PDU_NONE', reverse=True, headers='krb5.h')
- conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h',
- define='HAVE_KRB5_KEYTAB_ENTRY_KEY')
- conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h',
- define='HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK')
- conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'magic', headers='krb5.h',
- define='HAVE_MAGIC_IN_KRB5_ADDRESS')
- conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h',
- define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS')
- conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h',
- define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ')
-
- conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h')
-
- conf.CHECK_CODE('''
-krb5_context ctx;
-krb5_get_init_creds_opt *opt = NULL;
-krb5_get_init_creds_opt_free(ctx, opt);
-''',
- 'KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT',
- headers='krb5.h', link=False,
- msg="Checking whether krb5_get_init_creds_opt_free takes a context argument")
- conf.CHECK_CODE('''
-const krb5_data *pkdata;
-krb5_context context;
-krb5_principal principal;
-pkdata = krb5_princ_component(context, principal, 0);
-''',
- 'HAVE_KRB5_PRINC_COMPONENT',
- headers='krb5.h', lib='krb5',
- msg="Checking whether krb5_princ_component is available")
-
- conf.CHECK_CODE('''
-int main(void) {
-char buf[256];
-krb5_enctype_to_string(1, buf, 256);
-return 0;
-}''',
- 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG',
- headers='krb5.h', lib='krb5 k5crypto',
- addmain=False, cflags='-Werror',
- msg="Checking whether krb5_enctype_to_string takes size_t argument")
-
- conf.CHECK_CODE('''
-int main(void) {
-krb5_context context = NULL;
-char *str = NULL;
-krb5_enctype_to_string(context, 1, &str);
-if (str) free (str);
-return 0;
-}''',
- 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG',
- headers='krb5.h stdlib.h', lib='krb5',
- addmain=False, cflags='-Werror',
- msg="Checking whether krb5_enctype_to_string takes krb5_context argument")
- conf.CHECK_CODE('''
-int main(void) {
-krb5_context ctx = NULL;
-krb5_principal princ = NULL;
-const char *str = krb5_princ_realm(ctx, princ)->data;
-return 0;
-}''',
- 'HAVE_KRB5_PRINC_REALM',
- headers='krb5.h', lib='krb5',
- addmain=False,
- msg="Checking whether the macro krb5_princ_realm is defined")
- conf.CHECK_CODE('''
-int main(void) {
- krb5_context context;
- krb5_principal principal;
- const char *realm; realm = krb5_principal_get_realm(context, principal);
- return 0;
-}''',
- 'HAVE_KRB5_PRINCIPAL_GET_REALM',
- headers='krb5.h', lib='krb5',
- addmain=False,
- msg="Checking whether krb5_principal_get_realm is defined")
- conf.CHECK_CODE('''
-krb5_enctype enctype;
-enctype = ENCTYPE_ARCFOUR_HMAC_MD5;
-''',
- '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5',
- headers='krb5.h', lib='krb5',
- msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available");
- conf.CHECK_CODE('''
-krb5_keytype keytype;
-keytype = KEYTYPE_ARCFOUR_56;
-''',
- '_HAVE_KEYTYPE_ARCFOUR_56',
- headers='krb5.h', lib='krb5',
- msg="Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is available");
- if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'):
- conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', '1')
-
- conf.CHECK_CODE('''
-krb5_enctype enctype;
-enctype = ENCTYPE_ARCFOUR_HMAC;
-''',
- 'HAVE_ENCTYPE_ARCFOUR_HMAC',
- headers='krb5.h', lib='krb5',
- msg="Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is available");
-
- conf.CHECK_CODE('''
-krb5_context context;
-krb5_keytab keytab;
-krb5_init_context(&context);
-return krb5_kt_resolve(context, "WRFILE:api", &keytab);
-''',
- 'HAVE_WRFILE_KEYTAB',
- headers='krb5.h', lib='krb5', execute=True,
- msg="Checking whether the WRFILE:-keytab is supported");
-
- # Check for KRB5_DEPRECATED handling
- conf.CHECK_CODE('''#define KRB5_DEPRECATED 1
-#include <krb5.h>''',
- 'HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER', addmain=False,
- link=False,
- msg="Checking for KRB5_DEPRECATED define taking an identifier")
-
if Options.options.with_ads:
use_ads=True
if not conf.CONFIG_SET('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and \
diff --git a/wscript b/wscript
index 15e1ce51bf..337643621c 100755
--- a/wscript
+++ b/wscript
@@ -84,7 +84,14 @@ def configure(conf):
conf.RECURSE('dynconfig')
conf.RECURSE('lib/ldb')
- if not os.getenv('USING_SYSTEM_KRB5'):
+ if Options.options.with_mit_krb5_checks:
+ conf.PROCESS_SEPARATE_RULE('krb5')
+ # Only process heimdal_build for non-MIT KRB5 builds
+ # When MIT KRB5 checks are done as above, conf.env.KRB5_VENDOR will be set
+ # to the lowcased output of 'krb5-config --vendor'.
+ # If it is not set or the output is 'heimdal', we are dealing with
+ # system-provided or embedded Heimdal build
+ if conf.CONFIG_GET('KRB5_VENDOR') in (None, 'heimdal'):
conf.RECURSE('source4/heimdal_build')
conf.RECURSE('source4/lib/tls')
conf.RECURSE('source4/ntvfs/sysdep')
diff --git a/wscript_build b/wscript_build
index ad790ca506..717d8b0a1a 100644
--- a/wscript_build
+++ b/wscript_build
@@ -95,7 +95,6 @@ bld.RECURSE('libcli/smb')
bld.RECURSE('libcli/util')
bld.RECURSE('libcli/cldap')
bld.RECURSE('lib/subunit/c')
-bld.RECURSE('source4/kdc')
bld.RECURSE('lib/smbconf')
bld.RECURSE('lib/async_req')
bld.RECURSE('libcli/security')
@@ -112,17 +111,16 @@ bld.RECURSE('libcli/registry')
bld.RECURSE('source4/lib/policy')
bld.RECURSE('libcli/named_pipe_auth')
-if bld.CONFIG_SET("USING_SYSTEM_KRB5"):
- if bld.CONFIG_SET("HEIMDAL_KRB5_CONFIG") and bld.CONFIG_SET("KRB5_CONFIG"):
- if bld.CONFIG_GET("HEIMDAL_KRB5_CONFIG") != bld.CONFIG_GET("KRB5_CONFIG"):
- # When both HEIMDAL_KRB5_CONFIG and KRB5_CONFIG are set and not equal,
- # it means one is Heimdal-specific (krb5-config.heimdal, for example)
- # and there is system heimdal
- bld.PROCESS_SEPARATE_RULE('system_heimdal')
+if bld.CONFIG_GET('KRB5_VENDOR') in (None, 'heimdal'):
+ if bld.CONFIG_GET("HEIMDAL_KRB5_CONFIG") and bld.CONFIG_GET("USING_SYSTEM_KRB5"):
+ # When both HEIMDAL_KRB5_CONFIG and KRB5_CONFIG are set and not equal,
+ # it means one is Heimdal-specific (krb5-config.heimdal, for example)
+ # and there is system heimdal
+ bld.PROCESS_SEPARATE_RULE('system_heimdal')
else:
- bld.PROCESS_SEPARATE_RULE('system_krb5')
+ bld.PROCESS_SEPARATE_RULE('embedded_heimdal')
else:
- bld.PROCESS_SEPARATE_RULE('embedded_heimdal')
+ bld.PROCESS_SEPARATE_RULE('system_mitkrb5')
bld.RECURSE('libcli/smbreadline')
bld.RECURSE('codepages')
diff --git a/wscript_build_embedded_heimdal b/wscript_build_embedded_heimdal
index 9b829d83c0..fec28bedf6 100644
--- a/wscript_build_embedded_heimdal
+++ b/wscript_build_embedded_heimdal
@@ -1,4 +1,5 @@
import Logs
Logs.info("\tSelected embedded Heimdal build")
+bld.RECURSE('source4/kdc')
bld.RECURSE('source4/heimdal_build')
diff --git a/wscript_build_system_heimdal b/wscript_build_system_heimdal
index 4ea8cd7351..8ec09b4783 100644
--- a/wscript_build_system_heimdal
+++ b/wscript_build_system_heimdal
@@ -1,4 +1,5 @@
import Logs
Logs.info("\tSelected system Heimdal build")
+bld.RECURSE('source4/kdc')
bld.RECURSE('source4/heimdal_build')
diff --git a/wscript_configure_krb5 b/wscript_configure_krb5
new file mode 100644
index 0000000000..2fb1c586fd
--- /dev/null
+++ b/wscript_configure_krb5
@@ -0,0 +1,187 @@
+import Logs, Options
+
+# Check for kerberos
+have_gssapi=False
+
+Logs.info("Looking for kerberos features")
+conf.find_program('krb5-config.heimdal', var='HEIMDAL_KRB5_CONFIG')
+conf.find_program('krb5-config', var='KRB5_CONFIG')
+if conf.env.KRB5_CONFIG:
+ conf.check_cfg(path="krb5-config", args="--cflags --libs",
+ package="gssapi", uselib_store="KRB5")
+ vendor = conf.cmd_and_log("%(path)s --vendor" % dict(path=conf.env.KRB5_CONFIG), dict())
+ conf.env.KRB5_VENDOR = vendor.strip().lower()
+ if conf.env.KRB5_VENDOR != 'heimdal':
+ conf.define('USING_SYSTEM_KRB5', 1)
+ del conf.env.HEIMDAL_KRB5_CONFIG
+
+conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5')
+conf.CHECK_HEADERS('gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h com_err.h', lib='krb5')
+
+if conf.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
+ conf.env['WINBIND_KRB5_LOCATOR'] = 'bin/winbind_krb5_locator.so'
+
+conf.CHECK_FUNCS_IN('_et_list', 'com_err')
+conf.CHECK_FUNCS_IN('krb5_encrypt_data', 'k5crypto')
+conf.CHECK_FUNCS_IN('des_set_key','crypto')
+conf.CHECK_FUNCS_IN('copy_Authenticator', 'asn1')
+conf.CHECK_FUNCS_IN('roken_getaddrinfo_hostspec', 'roken')
+if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \
+ conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'):
+ have_gssapi=True
+conf.CHECK_FUNCS_IN('''
+ gss_wrap_iov
+ gss_krb5_import_cred
+ gss_get_name_attribute
+ gss_mech_krb5
+ gss_oid_equal
+ gss_inquire_sec_context_by_oid
+ gsskrb5_extract_authz_data_from_sec_context
+ gss_krb5_export_lucid_sec_context
+ ''', 'gssapi gssapi_krb5 krb5')
+conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5')
+conf.CHECK_FUNCS('''
+ krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
+ krb5_set_default_tgs_ktypes krb5_principal2salt
+ krb5_c_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey
+ krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes
+ krb5_get_default_in_tkt_etypes krb5_free_data_contents
+ krb5_principal_get_comp_string krb5_free_unparsed_name
+ krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init
+ krb5_krbhst_get_addrinfo
+ krb5_crypto_init krb5_crypto_destroy
+ krb5_c_verify_checksum krb5_principal_compare_any_realm
+ krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request
+ krb5_get_renewed_creds krb5_free_error_contents
+ initialize_krb5_error_table krb5_get_init_creds_opt_alloc
+ krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error
+ krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype
+ krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds
+ krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm''',
+ lib='krb5 k5crypto')
+conf.CHECK_DECLS('''krb5_get_credentials_for_user
+ krb5_auth_con_set_req_cksumtype''',
+ headers='krb5.h', always=True)
+conf.CHECK_VARIABLE('AP_OPTS_USE_SUBKEY', headers='krb5.h')
+conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h')
+conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h')
+conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h')
+conf.CHECK_VARIABLE('ENCTYPE_AES128_CTS_HMAC_SHA1_96', headers='krb5.h')
+conf.CHECK_VARIABLE('ENCTYPE_AES256_CTS_HMAC_SHA1_96', headers='krb5.h')
+conf.CHECK_DECLS('KRB5_PDU_NONE', reverse=True, headers='krb5.h')
+conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h',
+ define='HAVE_KRB5_KEYTAB_ENTRY_KEY')
+conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h',
+ define='HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK')
+conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'magic', headers='krb5.h',
+ define='HAVE_MAGIC_IN_KRB5_ADDRESS')
+conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h',
+ define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS')
+conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h',
+ define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ')
+
+conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h')
+
+conf.CHECK_CODE('''
+ krb5_context ctx;
+ krb5_get_init_creds_opt *opt = NULL;
+ krb5_get_init_creds_opt_free(ctx, opt);
+ ''',
+ 'KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT',
+ headers='krb5.h', link=False,
+ msg="Checking whether krb5_get_init_creds_opt_free takes a context argument")
+conf.CHECK_CODE('''
+ const krb5_data *pkdata;
+ krb5_context context;
+ krb5_principal principal;
+ pkdata = krb5_princ_component(context, principal, 0);
+ ''',
+ 'HAVE_KRB5_PRINC_COMPONENT',
+ headers='krb5.h', lib='krb5',
+ msg="Checking whether krb5_princ_component is available")
+
+conf.CHECK_CODE('''
+ int main(void) {
+ char buf[256];
+ krb5_enctype_to_string(1, buf, 256);
+ return 0;
+ }''',
+ 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG',
+ headers='krb5.h', lib='krb5 k5crypto',
+ addmain=False, cflags='-Werror',
+ msg="Checking whether krb5_enctype_to_string takes size_t argument")
+
+conf.CHECK_CODE('''
+ int main(void) {
+ krb5_context context = NULL;
+ char *str = NULL;
+ krb5_enctype_to_string(context, 1, &str);
+ if (str) free (str);
+ return 0;
+ }''',
+ 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG',
+ headers='krb5.h stdlib.h', lib='krb5',
+ addmain=False, cflags='-Werror',
+ msg="Checking whether krb5_enctype_to_string takes krb5_context argument")
+conf.CHECK_CODE('''
+ int main(void) {
+ krb5_context ctx = NULL;
+ krb5_principal princ = NULL;
+ const char *str = krb5_princ_realm(ctx, princ)->data;
+ return 0;
+ }''',
+ 'HAVE_KRB5_PRINC_REALM',
+ headers='krb5.h', lib='krb5',
+ addmain=False,
+ msg="Checking whether the macro krb5_princ_realm is defined")
+conf.CHECK_CODE('''
+ int main(void) {
+ krb5_context context;
+ krb5_principal principal;
+ const char *realm; realm = krb5_principal_get_realm(context, principal);
+ return 0;
+ }''',
+ 'HAVE_KRB5_PRINCIPAL_GET_REALM',
+ headers='krb5.h', lib='krb5',
+ addmain=False,
+ msg="Checking whether krb5_principal_get_realm is defined")
+conf.CHECK_CODE('''
+ krb5_enctype enctype;
+ enctype = ENCTYPE_ARCFOUR_HMAC_MD5;
+ ''',
+ '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5',
+ headers='krb5.h', lib='krb5',
+ msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available");
+conf.CHECK_CODE('''
+ krb5_keytype keytype;
+ keytype = KEYTYPE_ARCFOUR_56;
+ ''',
+ '_HAVE_KEYTYPE_ARCFOUR_56',
+ headers='krb5.h', lib='krb5',
+ msg="Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is available");
+if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'):
+ conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', '1')
+
+conf.CHECK_CODE('''
+ krb5_enctype enctype;
+ enctype = ENCTYPE_ARCFOUR_HMAC;
+ ''',
+ 'HAVE_ENCTYPE_ARCFOUR_HMAC',
+ headers='krb5.h', lib='krb5',
+ msg="Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is available");
+
+conf.CHECK_CODE('''
+ krb5_context context;
+ krb5_keytab keytab;
+ krb5_init_context(&context);
+ return krb5_kt_resolve(context, "WRFILE:api", &keytab);
+ ''',
+ 'HAVE_WRFILE_KEYTAB',
+ headers='krb5.h', lib='krb5', execute=True,
+ msg="Checking whether the WRFILE:-keytab is supported");
+# Check for KRB5_DEPRECATED handling
+conf.CHECK_CODE('''#define KRB5_DEPRECATED 1
+ #include <krb5.h>''',
+ 'HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER', addmain=False,
+ link=False,
+ msg="Checking for KRB5_DEPRECATED define taking an identifier")