diff options
-rw-r--r-- | source4/auth/kerberos/kerberos.c | 1 | ||||
-rw-r--r-- | source4/auth/kerberos/krb5_init_context.h | 2 | ||||
-rw-r--r-- | source4/configure.ac | 2 | ||||
-rw-r--r-- | source4/heimdal_build/config.m4 | 23 | ||||
-rw-r--r-- | source4/heimdal_build/external.m4 | 54 | ||||
-rw-r--r-- | source4/heimdal_build/internal.m4 | 6 | ||||
-rw-r--r-- | source4/heimdal_build/internal.mk | 1 | ||||
-rw-r--r-- | source4/kdc/kpasswdd.c | 13 | ||||
-rw-r--r-- | source4/lib/crypto/sha256.c | 23 | ||||
-rw-r--r-- | source4/lib/replace/system/kerberos.h | 5 | ||||
-rw-r--r-- | source4/librpc/config.mk | 2 |
11 files changed, 122 insertions, 10 deletions
diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c index b3b0b20f18..2579ab20cc 100644 --- a/source4/auth/kerberos/kerberos.c +++ b/source4/auth/kerberos/kerberos.c @@ -23,7 +23,6 @@ #include "includes.h" #include "system/kerberos.h" -#include "roken.h" #ifdef HAVE_KRB5 diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h index 815e9a639d..162a19a4ab 100644 --- a/source4/auth/kerberos/krb5_init_context.h +++ b/source4/auth/kerberos/krb5_init_context.h @@ -18,7 +18,7 @@ */ struct smb_krb5_context { - struct krb5_context_data *krb5_context; + krb5_context krb5_context; krb5_log_facility *logf; }; diff --git a/source4/configure.ac b/source4/configure.ac index 7f4b4d01f8..29db34eddf 100644 --- a/source4/configure.ac +++ b/source4/configure.ac @@ -13,7 +13,7 @@ AC_DEFINE(CONFIG_H_IS_FROM_SAMBA,1,[Marker for samba's config.h]) m4_include(build/m4/env.m4) m4_include(lib/replace/samba.m4) m4_include(lib/smbreadline/readline.m4) -m4_include(heimdal_build/internal.m4) +m4_include(heimdal_build/config.m4) m4_include(lib/util/fault.m4) m4_include(lib/util/signal.m4) m4_include(lib/util/util.m4) diff --git a/source4/heimdal_build/config.m4 b/source4/heimdal_build/config.m4 new file mode 100644 index 0000000000..99aed8c093 --- /dev/null +++ b/source4/heimdal_build/config.m4 @@ -0,0 +1,23 @@ + +external_heimdal=no +AC_MSG_CHECKING([Whether to use external heimdal libraries]) +AC_ARG_ENABLE(external-heimdal, +[ --enable-external-heimdal Enable external heimdal libraries (experimental,default=no)], +[ external_heimdal=$enableval ], +[ external_heimdal=no ]) +AC_MSG_RESULT($external_heimdal) + +if test x"$external_heimdal" = x"yes"; then + +# external_heimdal_start +m4_include(heimdal_build/external.m4) +# external_heimdal_end + +else + +# internal_heimdal_start +m4_include(heimdal_build/internal.m4) +# internal_heimdal_end + +fi + diff --git a/source4/heimdal_build/external.m4 b/source4/heimdal_build/external.m4 new file mode 100644 index 0000000000..3cd8900a12 --- /dev/null +++ b/source4/heimdal_build/external.m4 @@ -0,0 +1,54 @@ +# This is every experimental +# We should really add configure checks +# to verify the installed heimdal libraries +# are good enough for our usage!!! + +HEIMDAL_KRB5_LIBS="-lkrb5 -lcom_err" +HEIMDAL_KRB5_CFLAGS="" +HEIMDAL_KRB5_CPPFLAGS="" +HEIMDAL_KRB5_LDFLAGS="" +SMB_EXT_LIB(HEIMDAL_KRB5, + [${HEIMDAL_KRB5_LIBS}], + [${HEIMDAL_KRB5_CFLAGS}], + [${HEIMDAL_KRB5_CPPFLAGS}], + [${HEIMDAL_KRB5_LDFLAGS}]) +SMB_ENABLE(HEIMDAL_KRB5) +AC_DEFINE(HAVE_KRB5,1,[Whether kerberos is available]) +HAVE_KRB5=YES +AC_DEFINE(HAVE_COM_ERR,1,[Whether com_err is available]) +HAVE_COM_ERR=YES + +HEIMDAL_GSSAPI_LIBS="-lgssapi" +HEIMDAL_GSSAPI_CFLAGS="" +HEIMDAL_GSSAPI_CPPFLAGS="" +HEIMDAL_GSSAPI_LDFLAGS="" +SMB_EXT_LIB(HEIMDAL_GSSAPI, + [${HEIMDAL_GSSAPI_LIBS}], + [${HEIMDAL_GSSAPI_CFLAGS}], + [${HEIMDAL_GSSAPI_CPPFLAGS}], + [${HEIMDAL_GSSAPI_LDFLAGS}]) +SMB_ENABLE(HEIMDAL_GSSAPI) +AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]) +HAVE_GSSAPI=YES + +HEIMDAL_HDB_LIBS="-lhdb" +HEIMDAL_HDB_CFLAGS="" +HEIMDAL_HDB_CPPFLAGS="" +HEIMDAL_HDB_LDFLAGS="" +SMB_EXT_LIB(HEIMDAL_HDB, + [${HEIMDAL_HDB_LIBS}], + [${HEIMDAL_HDB_CFLAGS}], + [${HEIMDAL_HDB_CPPFLAGS}], + [${HEIMDAL_HDB_LDFLAGS}]) +SMB_ENABLE(HEIMDAL_HDB) + +HEIMDAL_KDC_LIBS="-lkdc" +HEIMDAL_KDC_CFLAGS="" +HEIMDAL_KDC_CPPFLAGS="" +HEIMDAL_KDC_LDFLAGS="" +SMB_EXT_LIB(HEIMDAL_KDC, + [${HEIMDAL_KDC_LIBS}], + [${HEIMDAL_KDC_CFLAGS}], + [${HEIMDAL_KDC_CPPFLAGS}], + [${HEIMDAL_KDC_LDFLAGS}]) +SMB_ENABLE(HEIMDAL_KDC) diff --git a/source4/heimdal_build/internal.m4 b/source4/heimdal_build/internal.m4 index f83fdf7460..9a08022993 100644 --- a/source4/heimdal_build/internal.m4 +++ b/source4/heimdal_build/internal.m4 @@ -236,8 +236,12 @@ AC_MSG_RESULT($LEX_YACC) # of the samba source tree. # if we ever get to using a host kerberos, we might add conditionals here +AC_DEFINE(HAVE_COM_ERR,1,[Whether com_err is available]) +HAVE_COM_ERR=YES AC_DEFINE(HAVE_KRB5,1,[Whether kerberos is available]) HAVE_KRB5=YES +AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]) +HAVE_GSSAPI=YES SMB_ENABLE(KERBEROS_LIB, YES) SMB_ENABLE(asn1_compile, YES) SMB_ENABLE(compile_et, YES) @@ -258,4 +262,6 @@ fi VPATH="$VPATH:\$(HEIMDAL_VPATH)" +AC_DEFINE(SAMBA4_INTERNAL_HEIMDAL,1,[Whether we use in internal heimdal build]) + SMB_INCLUDE_MK(heimdal_build/internal.mk) diff --git a/source4/heimdal_build/internal.mk b/source4/heimdal_build/internal.mk index 3fb97fea4c..8c576bd2c6 100644 --- a/source4/heimdal_build/internal.mk +++ b/source4/heimdal_build/internal.mk @@ -183,6 +183,7 @@ HEIMDAL_GSSAPI_OBJ_FILES = \ CFLAGS = -I$(heimdalbuildsrcdir) -I$(heimdalsrcdir)/lib/krb5 -I$(heimdalsrcdir)/lib/asn1 -I$(heimdalsrcdir)/lib/com_err PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN HEIMDAL_PKINIT_ASN1 HEIMDAL_WIND \ HEIMDAL_KRB5_ASN1 HEIMDAL_GLUE HEIMDAL_HX509 HEIMDAL_HCRYPTO +PUBLIC_DEPENDENCIES = HEIMDAL_COM_ERR # End SUBSYSTEM HEIMDAL_KRB5 ####################### diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 55dadd9a7e..065777fc66 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -38,9 +38,11 @@ #include "param/param.h" #include "kdc/kdc.h" -/* TODO: remove this */ -#include "heimdal/lib/krb5/krb5_locl.h" +/* TODO: remove all SAMBA4_INTERNAL_HEIMDAL stuff from this file */ +#ifdef SAMBA4_INTERNAL_HEIMDAL +#include "heimdal/lib/hcrypto/aes.h" #include "heimdal/lib/krb5/krb5-private.h" +#endif /* hold information about one kdc socket */ struct kpasswd_socket { @@ -285,6 +287,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc, reply); } if (chpw.targname && chpw.targrealm) { +#ifdef SAMBA4_INTERNAL_HEIMDAL if (_krb5_principalname2krb5_principal(kdc->smb_krb5_context->krb5_context, &principal, *chpw.targname, *chpw.targrealm) != 0) { @@ -295,6 +298,12 @@ static bool kpasswd_process_request(struct kdc_server *kdc, reply); } +#else /* SAMBA4_INTERNAL_HEIMDAL */ + return kpasswdd_make_error_reply(kdc, mem_ctx, + KRB5_KPASSWD_BAD_VERSION, + "Operation Not Implemented", + reply); +#endif /* SAMBA4_INTERNAL_HEIMDAL */ } else { free_ChangePasswdDataMS(&chpw); return kpasswdd_change_password(kdc, mem_ctx, session_info, diff --git a/source4/lib/crypto/sha256.c b/source4/lib/crypto/sha256.c index 70fe7a3099..a2def25814 100644 --- a/source4/lib/crypto/sha256.c +++ b/source4/lib/crypto/sha256.c @@ -39,7 +39,6 @@ */ #include "includes.h" -#include "heimdal/lib/hcrypto/hash.h" #include "sha256.h" #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) @@ -148,6 +147,26 @@ calc (SHA256_CTX *m, uint32_t *in) */ #if !defined(WORDS_BIGENDIAN) || defined(_CRAY) +/* Vector Crays doesn't have a good 32-bit type, or more precisely, + int32_t as defined by <bind/bitypes.h> isn't 32 bits, and we don't + want to depend in being able to redefine this type. To cope with + this we have to clamp the result in some places to [0,2^32); no + need to do this on other machines. Did I say this was a mess? + */ + +#ifdef _CRAY +#define CRAYFIX(X) ((X) & 0xffffffff) +#else +#define CRAYFIX(X) (X) +#endif + +static inline uint32_t +cshift (uint32_t x, unsigned int n) +{ + x = CRAYFIX(x); + return CRAYFIX((x << n) | (x >> (32 - n))); +} + static inline uint32_t swap_uint32_t (uint32_t t) { @@ -179,7 +198,7 @@ SHA256_Update (SHA256_CTX *m, const void *v, size_t len) ++m->sz[1]; offset = (old_sz / 8) % 64; while(len > 0){ - size_t l = min(len, 64 - offset); + size_t l = MIN(len, 64 - offset); memcpy(m->save + offset, p, l); offset += l; p += l; diff --git a/source4/lib/replace/system/kerberos.h b/source4/lib/replace/system/kerberos.h index 78aa7b943f..2981024bee 100644 --- a/source4/lib/replace/system/kerberos.h +++ b/source4/lib/replace/system/kerberos.h @@ -129,8 +129,9 @@ /* Whether krb5_princ_realm returns krb5_realm or krb5_data */ #define KRB5_PRINC_REALM_RETURNS_REALM 1 -#include "heimdal/lib/krb5/krb5.h" -#include "heimdal/lib/com_err/com_err.h" +#include <krb5.h> +#include <com_err.h> + #endif #endif diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index 1200f4ed1b..d87683dd6f 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -360,7 +360,7 @@ $(librpcsrcdir)/idl-deps: clean:: rm -f $(librpcsrcdir)/idl-deps -include $(librpcsrcdir)/idl-deps +-include $(librpcsrcdir)/idl-deps $(gen_ndrsrcdir)/tables.c: $(IDL_NDR_PARSE_H_FILES) @echo Generating $@ |