summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/kerberos/kerberos.c1
-rw-r--r--source4/auth/kerberos/krb5_init_context.h2
-rw-r--r--source4/configure.ac2
-rw-r--r--source4/heimdal_build/config.m423
-rw-r--r--source4/heimdal_build/external.m454
-rw-r--r--source4/heimdal_build/internal.m46
-rw-r--r--source4/heimdal_build/internal.mk1
-rw-r--r--source4/kdc/kpasswdd.c13
-rw-r--r--source4/lib/crypto/sha256.c23
-rw-r--r--source4/lib/replace/system/kerberos.h5
-rw-r--r--source4/librpc/config.mk2
11 files changed, 122 insertions, 10 deletions
diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c
index b3b0b20f18..2579ab20cc 100644
--- a/source4/auth/kerberos/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -23,7 +23,6 @@
#include "includes.h"
#include "system/kerberos.h"
-#include "roken.h"
#ifdef HAVE_KRB5
diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h
index 815e9a639d..162a19a4ab 100644
--- a/source4/auth/kerberos/krb5_init_context.h
+++ b/source4/auth/kerberos/krb5_init_context.h
@@ -18,7 +18,7 @@
*/
struct smb_krb5_context {
- struct krb5_context_data *krb5_context;
+ krb5_context krb5_context;
krb5_log_facility *logf;
};
diff --git a/source4/configure.ac b/source4/configure.ac
index 7f4b4d01f8..29db34eddf 100644
--- a/source4/configure.ac
+++ b/source4/configure.ac
@@ -13,7 +13,7 @@ AC_DEFINE(CONFIG_H_IS_FROM_SAMBA,1,[Marker for samba's config.h])
m4_include(build/m4/env.m4)
m4_include(lib/replace/samba.m4)
m4_include(lib/smbreadline/readline.m4)
-m4_include(heimdal_build/internal.m4)
+m4_include(heimdal_build/config.m4)
m4_include(lib/util/fault.m4)
m4_include(lib/util/signal.m4)
m4_include(lib/util/util.m4)
diff --git a/source4/heimdal_build/config.m4 b/source4/heimdal_build/config.m4
new file mode 100644
index 0000000000..99aed8c093
--- /dev/null
+++ b/source4/heimdal_build/config.m4
@@ -0,0 +1,23 @@
+
+external_heimdal=no
+AC_MSG_CHECKING([Whether to use external heimdal libraries])
+AC_ARG_ENABLE(external-heimdal,
+[ --enable-external-heimdal Enable external heimdal libraries (experimental,default=no)],
+[ external_heimdal=$enableval ],
+[ external_heimdal=no ])
+AC_MSG_RESULT($external_heimdal)
+
+if test x"$external_heimdal" = x"yes"; then
+
+# external_heimdal_start
+m4_include(heimdal_build/external.m4)
+# external_heimdal_end
+
+else
+
+# internal_heimdal_start
+m4_include(heimdal_build/internal.m4)
+# internal_heimdal_end
+
+fi
+
diff --git a/source4/heimdal_build/external.m4 b/source4/heimdal_build/external.m4
new file mode 100644
index 0000000000..3cd8900a12
--- /dev/null
+++ b/source4/heimdal_build/external.m4
@@ -0,0 +1,54 @@
+# This is every experimental
+# We should really add configure checks
+# to verify the installed heimdal libraries
+# are good enough for our usage!!!
+
+HEIMDAL_KRB5_LIBS="-lkrb5 -lcom_err"
+HEIMDAL_KRB5_CFLAGS=""
+HEIMDAL_KRB5_CPPFLAGS=""
+HEIMDAL_KRB5_LDFLAGS=""
+SMB_EXT_LIB(HEIMDAL_KRB5,
+ [${HEIMDAL_KRB5_LIBS}],
+ [${HEIMDAL_KRB5_CFLAGS}],
+ [${HEIMDAL_KRB5_CPPFLAGS}],
+ [${HEIMDAL_KRB5_LDFLAGS}])
+SMB_ENABLE(HEIMDAL_KRB5)
+AC_DEFINE(HAVE_KRB5,1,[Whether kerberos is available])
+HAVE_KRB5=YES
+AC_DEFINE(HAVE_COM_ERR,1,[Whether com_err is available])
+HAVE_COM_ERR=YES
+
+HEIMDAL_GSSAPI_LIBS="-lgssapi"
+HEIMDAL_GSSAPI_CFLAGS=""
+HEIMDAL_GSSAPI_CPPFLAGS=""
+HEIMDAL_GSSAPI_LDFLAGS=""
+SMB_EXT_LIB(HEIMDAL_GSSAPI,
+ [${HEIMDAL_GSSAPI_LIBS}],
+ [${HEIMDAL_GSSAPI_CFLAGS}],
+ [${HEIMDAL_GSSAPI_CPPFLAGS}],
+ [${HEIMDAL_GSSAPI_LDFLAGS}])
+SMB_ENABLE(HEIMDAL_GSSAPI)
+AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])
+HAVE_GSSAPI=YES
+
+HEIMDAL_HDB_LIBS="-lhdb"
+HEIMDAL_HDB_CFLAGS=""
+HEIMDAL_HDB_CPPFLAGS=""
+HEIMDAL_HDB_LDFLAGS=""
+SMB_EXT_LIB(HEIMDAL_HDB,
+ [${HEIMDAL_HDB_LIBS}],
+ [${HEIMDAL_HDB_CFLAGS}],
+ [${HEIMDAL_HDB_CPPFLAGS}],
+ [${HEIMDAL_HDB_LDFLAGS}])
+SMB_ENABLE(HEIMDAL_HDB)
+
+HEIMDAL_KDC_LIBS="-lkdc"
+HEIMDAL_KDC_CFLAGS=""
+HEIMDAL_KDC_CPPFLAGS=""
+HEIMDAL_KDC_LDFLAGS=""
+SMB_EXT_LIB(HEIMDAL_KDC,
+ [${HEIMDAL_KDC_LIBS}],
+ [${HEIMDAL_KDC_CFLAGS}],
+ [${HEIMDAL_KDC_CPPFLAGS}],
+ [${HEIMDAL_KDC_LDFLAGS}])
+SMB_ENABLE(HEIMDAL_KDC)
diff --git a/source4/heimdal_build/internal.m4 b/source4/heimdal_build/internal.m4
index f83fdf7460..9a08022993 100644
--- a/source4/heimdal_build/internal.m4
+++ b/source4/heimdal_build/internal.m4
@@ -236,8 +236,12 @@ AC_MSG_RESULT($LEX_YACC)
# of the samba source tree.
# if we ever get to using a host kerberos, we might add conditionals here
+AC_DEFINE(HAVE_COM_ERR,1,[Whether com_err is available])
+HAVE_COM_ERR=YES
AC_DEFINE(HAVE_KRB5,1,[Whether kerberos is available])
HAVE_KRB5=YES
+AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])
+HAVE_GSSAPI=YES
SMB_ENABLE(KERBEROS_LIB, YES)
SMB_ENABLE(asn1_compile, YES)
SMB_ENABLE(compile_et, YES)
@@ -258,4 +262,6 @@ fi
VPATH="$VPATH:\$(HEIMDAL_VPATH)"
+AC_DEFINE(SAMBA4_INTERNAL_HEIMDAL,1,[Whether we use in internal heimdal build])
+
SMB_INCLUDE_MK(heimdal_build/internal.mk)
diff --git a/source4/heimdal_build/internal.mk b/source4/heimdal_build/internal.mk
index 3fb97fea4c..8c576bd2c6 100644
--- a/source4/heimdal_build/internal.mk
+++ b/source4/heimdal_build/internal.mk
@@ -183,6 +183,7 @@ HEIMDAL_GSSAPI_OBJ_FILES = \
CFLAGS = -I$(heimdalbuildsrcdir) -I$(heimdalsrcdir)/lib/krb5 -I$(heimdalsrcdir)/lib/asn1 -I$(heimdalsrcdir)/lib/com_err
PRIVATE_DEPENDENCIES = HEIMDAL_ROKEN HEIMDAL_PKINIT_ASN1 HEIMDAL_WIND \
HEIMDAL_KRB5_ASN1 HEIMDAL_GLUE HEIMDAL_HX509 HEIMDAL_HCRYPTO
+PUBLIC_DEPENDENCIES = HEIMDAL_COM_ERR
# End SUBSYSTEM HEIMDAL_KRB5
#######################
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 55dadd9a7e..065777fc66 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -38,9 +38,11 @@
#include "param/param.h"
#include "kdc/kdc.h"
-/* TODO: remove this */
-#include "heimdal/lib/krb5/krb5_locl.h"
+/* TODO: remove all SAMBA4_INTERNAL_HEIMDAL stuff from this file */
+#ifdef SAMBA4_INTERNAL_HEIMDAL
+#include "heimdal/lib/hcrypto/aes.h"
#include "heimdal/lib/krb5/krb5-private.h"
+#endif
/* hold information about one kdc socket */
struct kpasswd_socket {
@@ -285,6 +287,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
reply);
}
if (chpw.targname && chpw.targrealm) {
+#ifdef SAMBA4_INTERNAL_HEIMDAL
if (_krb5_principalname2krb5_principal(kdc->smb_krb5_context->krb5_context,
&principal, *chpw.targname,
*chpw.targrealm) != 0) {
@@ -295,6 +298,12 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
reply);
}
+#else /* SAMBA4_INTERNAL_HEIMDAL */
+ return kpasswdd_make_error_reply(kdc, mem_ctx,
+ KRB5_KPASSWD_BAD_VERSION,
+ "Operation Not Implemented",
+ reply);
+#endif /* SAMBA4_INTERNAL_HEIMDAL */
} else {
free_ChangePasswdDataMS(&chpw);
return kpasswdd_change_password(kdc, mem_ctx, session_info,
diff --git a/source4/lib/crypto/sha256.c b/source4/lib/crypto/sha256.c
index 70fe7a3099..a2def25814 100644
--- a/source4/lib/crypto/sha256.c
+++ b/source4/lib/crypto/sha256.c
@@ -39,7 +39,6 @@
*/
#include "includes.h"
-#include "heimdal/lib/hcrypto/hash.h"
#include "sha256.h"
#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
@@ -148,6 +147,26 @@ calc (SHA256_CTX *m, uint32_t *in)
*/
#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+/* Vector Crays doesn't have a good 32-bit type, or more precisely,
+ int32_t as defined by <bind/bitypes.h> isn't 32 bits, and we don't
+ want to depend in being able to redefine this type. To cope with
+ this we have to clamp the result in some places to [0,2^32); no
+ need to do this on other machines. Did I say this was a mess?
+ */
+
+#ifdef _CRAY
+#define CRAYFIX(X) ((X) & 0xffffffff)
+#else
+#define CRAYFIX(X) (X)
+#endif
+
+static inline uint32_t
+cshift (uint32_t x, unsigned int n)
+{
+ x = CRAYFIX(x);
+ return CRAYFIX((x << n) | (x >> (32 - n)));
+}
+
static inline uint32_t
swap_uint32_t (uint32_t t)
{
@@ -179,7 +198,7 @@ SHA256_Update (SHA256_CTX *m, const void *v, size_t len)
++m->sz[1];
offset = (old_sz / 8) % 64;
while(len > 0){
- size_t l = min(len, 64 - offset);
+ size_t l = MIN(len, 64 - offset);
memcpy(m->save + offset, p, l);
offset += l;
p += l;
diff --git a/source4/lib/replace/system/kerberos.h b/source4/lib/replace/system/kerberos.h
index 78aa7b943f..2981024bee 100644
--- a/source4/lib/replace/system/kerberos.h
+++ b/source4/lib/replace/system/kerberos.h
@@ -129,8 +129,9 @@
/* Whether krb5_princ_realm returns krb5_realm or krb5_data */
#define KRB5_PRINC_REALM_RETURNS_REALM 1
-#include "heimdal/lib/krb5/krb5.h"
-#include "heimdal/lib/com_err/com_err.h"
+#include <krb5.h>
+#include <com_err.h>
+
#endif
#endif
diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index 1200f4ed1b..d87683dd6f 100644
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -360,7 +360,7 @@ $(librpcsrcdir)/idl-deps:
clean::
rm -f $(librpcsrcdir)/idl-deps
-include $(librpcsrcdir)/idl-deps
+-include $(librpcsrcdir)/idl-deps
$(gen_ndrsrcdir)/tables.c: $(IDL_NDR_PARSE_H_FILES)
@echo Generating $@