diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-01-06 18:32:41 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-01-10 23:23:07 +0100 |
| commit | 7fb82a5a247b95bcd981574d6c0db013c954e026 (patch) | |
| tree | dc32d2f2c7411f32101382113cf314772245e277 | |
| parent | 19deda26d0ee61b5e5b41a09181d156b9159663d (diff) | |
| download | samba-7fb82a5a247b95bcd981574d6c0db013c954e026.tar.gz samba-7fb82a5a247b95bcd981574d6c0db013c954e026.tar.bz2 samba-7fb82a5a247b95bcd981574d6c0db013c954e026.zip | |
krb5: Require gss_get_name_attribute or Heimdal's PAC parsing to build with krb5
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 10 23:23:07 CET 2012 on sn-devel-104
| -rw-r--r-- | source3/configure.in | 10 | ||||
| -rw-r--r-- | source3/wscript | 11 |
2 files changed, 21 insertions, 0 deletions
diff --git a/source3/configure.in b/source3/configure.in index 18c6250361..c0ddc27d0e 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3901,6 +3901,7 @@ if test x"$with_ads_support" != x"no"; then AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_mech_krb5, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_oid_equal, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_inquire_sec_context_by_oid, $KRB5_LIBS) @@ -4516,6 +4517,15 @@ if test x"$with_ads_support" != x"no"; then fi + if test x"$ac_cv_func_ext_gss_get_name_attribute" != x"yes" ; then + if test x"$ac_cv_func_ext_gsskrb5_extract_authz_data_from_sec_context" != x"yes" -o \ + if test x"$ac_cv_func_ext_gss_inquire_sec_context_by_oid" != x"yes" + then + AC_MSG_WARN(need either gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support) + use_ads=no + fi + fi + if test x"$use_ads" = x"yes"; then AC_DEFINE(WITH_ADS,1,[Whether to include Active Directory support]) AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support]) diff --git a/source3/wscript b/source3/wscript index 35f2b79024..3eafc2d78e 100644 --- a/source3/wscript +++ b/source3/wscript @@ -798,6 +798,17 @@ return krb5_kt_resolve(context, "WRFILE:api", &keytab); if not conf.CONFIG_SET('HAVE_KRB5_DECODE_AP_REQ'): Logs.warn("no KRB5_AP_REQ_DECODING_FUNCTION detected") use_ads=False + + # We don't actually use + # gsskrb5_extract_authz_data_from_sec_context, but it is a + # clue that this Heimdal, which does the PAC processing we + # need on the standard gss_inquire_sec_context_by_oid + if not conf.CONFIG_SET('HAVE_GSS_GET_NAME_ATTRIBUTE') and \ + not (conf.CONFIG_SET('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT') and \ + conf.CONFIG_SET('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID')): + Logs.warn("need eiterh gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support") + use_ads=False + if use_ads: conf.DEFINE('WITH_ADS', '1') conf.DEFINE('HAVE_KRB5', '1') |