diff options
| -rw-r--r-- | auth/kerberos/gssapi_pac.c | 24 | ||||
| -rw-r--r-- | lib/replace/system/kerberos.h | 4 | ||||
| -rw-r--r-- | source3/configure.in | 26 | ||||
| -rw-r--r-- | source3/wscript | 2 |
4 files changed, 49 insertions, 7 deletions
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c index d89a649ff2..e115cfe85c 100644 --- a/auth/kerberos/gssapi_pac.c +++ b/auth/kerberos/gssapi_pac.c @@ -23,6 +23,30 @@ #include "libcli/auth/krb5_wrap.h" +#if 0 +/* FIXME - need proper configure/waf test + * to determine if gss_mech_krb5 and friends + * exist. JRA. + */ +/* + * These are not exported by Solaris -lkrb5 + * Maybe move to libreplace somewhere? + */ +static const gss_OID_desc krb5_gss_oid_array[] = { + /* this is the official, rfc-specified OID */ + { 9, "\052\206\110\206\367\022\001\002\002" }, + /* this is the pre-RFC mech OID */ + { 5, "\053\005\001\005\002" }, + /* this is the unofficial, incorrect mech OID emitted by MS */ + { 9, "\052\206\110\202\367\022\001\002\002" }, + { 0, 0 } +}; + +const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+0; +const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+1; +const gss_OID_desc * const gss_mech_krb5_wrong = krb5_gss_oid_array+2; +#endif + /* The Heimdal OID for getting the PAC */ #define EXTRACT_PAC_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 8 /* EXTRACTION OID AUTHZ ID */ diff --git a/lib/replace/system/kerberos.h b/lib/replace/system/kerberos.h index 6d8c59f9b5..ec3eff17c7 100644 --- a/lib/replace/system/kerberos.h +++ b/lib/replace/system/kerberos.h @@ -37,7 +37,9 @@ #include <com_err.h> #endif -#if HAVE_GSSAPI_GSSAPI_H +#if HAVE_GSSAPI_GSSAPI_EXT_H +#include <gssapi/gssapi_ext.h> +#elif HAVE_GSSAPI_GSSAPI_H #include <gssapi/gssapi.h> #elif HAVE_GSSAPI_GSSAPI_GENERIC_H #include <gssapi/gssapi_generic.h> diff --git a/source3/configure.in b/source3/configure.in index f9263f6e82..11dbc2872e 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3579,16 +3579,16 @@ else # Check to see whether there is enough LDAP functionality to be able # to build AD support. -# HPUX only has ldap_init; ok, we take care of this in smbldap.c +# HPUX and Solaris only has ldap_init; ok, we take care of this in smbldap.c case "$host_os" in - *hpux*) + *hpux* | *solaris*) AC_CHECK_FUNC_EXT(ldap_init,$LDAP_LIBS) if test x"$ac_cv_func_ext_ldap_init" != x"yes"; then if test x"$with_ads_support" = x"yes"; then - AC_MSG_ERROR(Active Directory support on HPUX requires ldap_init) + AC_MSG_ERROR(Active Directory support on HPUX or Solaris requires ldap_init) elif test x"$with_ads_support" = x"auto"; then - AC_MSG_WARN(Disabling Active Directory support (requires ldap_init on HPUX)) + AC_MSG_WARN(Disabling Active Directory support (requires ldap_init on HPUX or Solaris)) with_ads_support=no fi fi @@ -3638,7 +3638,6 @@ if test x"$with_ads_support" != x"no"; then ;; yes) AC_MSG_RESULT(/usr) - FOUND_KRB5=yes ;; *) AC_MSG_RESULT($withval) @@ -3727,6 +3726,21 @@ if test x"$with_ads_support" != x"no"; then fi fi + if test x$FOUND_KRB5 = x"no"; then + ################################################# + # see if this box has Solaris MIT kerberos implementation + AC_MSG_CHECKING(for Solaris MIT kerberos) + if test -x "$KRB5CONFIG" && $KRB5CONFIG --version | grep -s Solaris | grep -s MIT > /dev/null ; then + FOUND_KRB5=yes + KRB5_LIBS="-lgss -lkrb5" + KRB5_CFLAGS="`$KRB5CONFIG --cflags`" + KRB5_CPPFLAGS="`$KRB5CONFIG --cflags`" + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) + fi + fi + ac_save_CFLAGS=$CFLAGS ac_save_CPPFLAGS=$CPPFLAGS ac_save_LDFLAGS=$LDFLAGS @@ -3816,6 +3830,7 @@ if test x"$with_ads_support" != x"no"; then # now see if we can find the gssapi libs in standard paths if test x"$have_gssapi" != x"yes"; then AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[],have_gssapi=yes) + AC_CHECK_LIB_EXT(gss, KRB5_LIBS,gss_display_status,[],[],have_gssapi=yes) AC_CHECK_FUNC_EXT(gss_wrap_iov, $KRB5_LIBS) fi @@ -3870,6 +3885,7 @@ if test x"$with_ads_support" != x"no"; then AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(gss_mech_krb5, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_oid_equal, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_inquire_sec_context_by_oid, $KRB5_LIBS) diff --git a/source3/wscript b/source3/wscript index 55b62d1c7e..583e97af0f 100644 --- a/source3/wscript +++ b/source3/wscript @@ -632,7 +632,7 @@ msg.msg_acctrightslen = sizeof(fd); if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \ conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'): have_gssapi=True - conf.CHECK_FUNCS_IN('gss_wrap_iov gss_krb5_import_cred gss_get_name_attribute gss_oid_equal gss_inquire_sec_context_by_oid', 'gssapi gssapi_krb5 krb5') + conf.CHECK_FUNCS_IN('gss_wrap_iov gss_krb5_import_cred gss_get_name_attribute gss_mech_krb5 gss_oid_equal gss_inquire_sec_context_by_oid', 'gssapi gssapi_krb5 krb5') conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5') conf.CHECK_FUNCS(''' krb5_set_real_time krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes |