diff options
| author | Stefan Metzmacher <metze@samba.org> | 2012-01-24 13:48:33 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-01-25 08:44:33 +0100 |
| commit | c74a522db14a71df6c0393b5aa5f382cc8205b5b (patch) | |
| tree | 55f526faacb85b6cf4d42c2ab3eb82997b3f53a8 | |
| parent | da8e8e5fa5574eab635b9b7b7bb4ccd898889e85 (diff) | |
| download | samba-c74a522db14a71df6c0393b5aa5f382cc8205b5b.tar.gz samba-c74a522db14a71df6c0393b5aa5f382cc8205b5b.tar.bz2 samba-c74a522db14a71df6c0393b5aa5f382cc8205b5b.zip | |
s3:build: require gss_krb5_export_lucid_sec_context() for ads support
This is needed to detect krb5 with aes for GENSEC_FEATURE_NEW_SPNEGO
at runtime.
metze
| -rw-r--r-- | source3/configure.in | 6 | ||||
| -rw-r--r-- | source3/wscript | 16 | ||||
| -rw-r--r-- | source4/heimdal_build/wscript_configure | 1 |
3 files changed, 21 insertions, 2 deletions
diff --git a/source3/configure.in b/source3/configure.in index 1e09e48286..d309b982f6 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3905,6 +3905,7 @@ if test x"$with_ads_support" != x"no"; then AC_CHECK_FUNC_EXT(gss_oid_equal, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_inquire_sec_context_by_oid, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_wrap_iov, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(gss_krb5_export_lucid_sec_context, $KRB5_LIBS) # This is for FreeBSD (and possibly others). gss_mech_krb5 is a # #define to GSS_KRB5_MECHANISM, which is defined in -lgssapi_krb5 @@ -4526,6 +4527,11 @@ if test x"$with_ads_support" != x"no"; then fi fi + if test x"$ac_cv_func_ext_gss_krb5_export_lucid_sec_context" != x"yes" ; then + AC_MSG_WARN(need gss_krb5_export_lucid_sec_context for SPNEGO and gss_wrap support) + use_ads=no + fi + if test x"$use_ads" = x"yes"; then AC_DEFINE(WITH_ADS,1,[Whether to include Active Directory support]) AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support]) diff --git a/source3/wscript b/source3/wscript index 1a5a5c4b23..912997ff4d 100644 --- a/source3/wscript +++ b/source3/wscript @@ -570,8 +570,16 @@ msg.msg_acctrightslen = sizeof(fd); if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \ conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'): have_gssapi=True - conf.CHECK_FUNCS_IN('''gss_wrap_iov gss_krb5_import_cred gss_get_name_attribute gss_mech_krb5 gss_oid_equal -gss_inquire_sec_context_by_oid gsskrb5_extract_authz_data_from_sec_context''', 'gssapi gssapi_krb5 krb5') + conf.CHECK_FUNCS_IN(''' + gss_wrap_iov + gss_krb5_import_cred + gss_get_name_attribute + gss_mech_krb5 + gss_oid_equal + gss_inquire_sec_context_by_oid + gsskrb5_extract_authz_data_from_sec_context + gss_krb5_export_lucid_sec_context + ''', 'gssapi gssapi_krb5 krb5') conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5') conf.CHECK_FUNCS(''' krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes @@ -811,6 +819,10 @@ return krb5_kt_resolve(context, "WRFILE:api", &keytab); Logs.warn("need eiterh gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support") use_ads=False + if not conf.CONFIG_SET('HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT'): + Logs.warn("need gss_krb5_export_lucid_sec_context for SPNEGO and gss_wrap support") + use_ads=False + if use_ads: conf.DEFINE('WITH_ADS', '1') conf.DEFINE('HAVE_KRB5', '1') diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure index 8a34fddccd..9f9aa9f44e 100644 --- a/source4/heimdal_build/wscript_configure +++ b/source4/heimdal_build/wscript_configure @@ -87,6 +87,7 @@ conf.define('HAVE_GSS_OID_EQUAL', 1) conf.define('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID', 1) conf.define('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT', 1) conf.define('HAVE_GSSKRB5_GET_SUBKEY', 1) +conf.define('HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT', 1) conf.define('HAVE_LIBGSSAPI', 1) conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1) conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1) |