diff options
| -rwxr-xr-x | source3/wscript | 180 | ||||
| -rwxr-xr-x | wscript | 9 | ||||
| -rw-r--r-- | wscript_build | 18 | ||||
| -rw-r--r-- | wscript_build_embedded_heimdal | 1 | ||||
| -rw-r--r-- | wscript_build_system_heimdal | 1 | ||||
| -rw-r--r-- | wscript_configure_krb5 | 187 |
6 files changed, 205 insertions, 191 deletions
diff --git a/source3/wscript b/source3/wscript index ef415d08fd..46aa582748 100755 --- a/source3/wscript +++ b/source3/wscript @@ -542,186 +542,6 @@ msg.msg_acctrightslen = sizeof(fd); conf.SET_TARGET_TYPE('ldap', 'EMPTY') conf.SET_TARGET_TYPE('lber', 'EMPTY') - # Check for kerberos - have_gssapi=False - if Options.options.with_mit_krb5_checks: - Logs.info("Looking for kerberos features") - conf.find_program('krb5-config', var='KRB5_CONFIG') - if conf.env.KRB5_CONFIG: - conf.check_cfg(path="krb5-config", args="--cflags --libs", - package="gssapi", uselib_store="KRB5") - conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5') - conf.CHECK_HEADERS('gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h com_err.h', lib='krb5') - - if conf.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'): - conf.env['WINBIND_KRB5_LOCATOR'] = 'bin/winbind_krb5_locator.so' - - conf.CHECK_FUNCS_IN('_et_list', 'com_err') - conf.CHECK_FUNCS_IN('krb5_encrypt_data', 'k5crypto') - conf.CHECK_FUNCS_IN('des_set_key','crypto') - conf.CHECK_FUNCS_IN('copy_Authenticator', 'asn1') - conf.CHECK_FUNCS_IN('roken_getaddrinfo_hostspec', 'roken') - if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \ - conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'): - have_gssapi=True - conf.CHECK_FUNCS_IN(''' - gss_wrap_iov - gss_krb5_import_cred - gss_get_name_attribute - gss_mech_krb5 - gss_oid_equal - gss_inquire_sec_context_by_oid - gsskrb5_extract_authz_data_from_sec_context - gss_krb5_export_lucid_sec_context - ''', 'gssapi gssapi_krb5 krb5') - conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5') - conf.CHECK_FUNCS(''' -krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes -krb5_set_default_tgs_ktypes krb5_principal2salt -krb5_c_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey -krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes -krb5_get_default_in_tkt_etypes krb5_free_data_contents -krb5_principal_get_comp_string krb5_free_unparsed_name -krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init -krb5_krbhst_get_addrinfo -krb5_crypto_init krb5_crypto_destroy -krb5_c_verify_checksum krb5_principal_compare_any_realm -krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request -krb5_get_renewed_creds krb5_free_error_contents -initialize_krb5_error_table krb5_get_init_creds_opt_alloc -krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error -krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype -krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds -krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm''', - lib='krb5 k5crypto') - conf.CHECK_DECLS('''krb5_get_credentials_for_user - krb5_auth_con_set_req_cksumtype''', - headers='krb5.h', always=True) - conf.CHECK_VARIABLE('AP_OPTS_USE_SUBKEY', headers='krb5.h') - conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h') - conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h') - conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h') - conf.CHECK_VARIABLE('ENCTYPE_AES128_CTS_HMAC_SHA1_96', headers='krb5.h') - conf.CHECK_VARIABLE('ENCTYPE_AES256_CTS_HMAC_SHA1_96', headers='krb5.h') - conf.CHECK_DECLS('KRB5_PDU_NONE', reverse=True, headers='krb5.h') - conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h', - define='HAVE_KRB5_KEYTAB_ENTRY_KEY') - conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h', - define='HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK') - conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'magic', headers='krb5.h', - define='HAVE_MAGIC_IN_KRB5_ADDRESS') - conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h', - define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS') - conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h', - define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ') - - conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h') - - conf.CHECK_CODE(''' -krb5_context ctx; -krb5_get_init_creds_opt *opt = NULL; -krb5_get_init_creds_opt_free(ctx, opt); -''', - 'KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', - headers='krb5.h', link=False, - msg="Checking whether krb5_get_init_creds_opt_free takes a context argument") - conf.CHECK_CODE(''' -const krb5_data *pkdata; -krb5_context context; -krb5_principal principal; -pkdata = krb5_princ_component(context, principal, 0); -''', - 'HAVE_KRB5_PRINC_COMPONENT', - headers='krb5.h', lib='krb5', - msg="Checking whether krb5_princ_component is available") - - conf.CHECK_CODE(''' -int main(void) { -char buf[256]; -krb5_enctype_to_string(1, buf, 256); -return 0; -}''', - 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG', - headers='krb5.h', lib='krb5 k5crypto', - addmain=False, cflags='-Werror', - msg="Checking whether krb5_enctype_to_string takes size_t argument") - - conf.CHECK_CODE(''' -int main(void) { -krb5_context context = NULL; -char *str = NULL; -krb5_enctype_to_string(context, 1, &str); -if (str) free (str); -return 0; -}''', - 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', - headers='krb5.h stdlib.h', lib='krb5', - addmain=False, cflags='-Werror', - msg="Checking whether krb5_enctype_to_string takes krb5_context argument") - conf.CHECK_CODE(''' -int main(void) { -krb5_context ctx = NULL; -krb5_principal princ = NULL; -const char *str = krb5_princ_realm(ctx, princ)->data; -return 0; -}''', - 'HAVE_KRB5_PRINC_REALM', - headers='krb5.h', lib='krb5', - addmain=False, - msg="Checking whether the macro krb5_princ_realm is defined") - conf.CHECK_CODE(''' -int main(void) { - krb5_context context; - krb5_principal principal; - const char *realm; realm = krb5_principal_get_realm(context, principal); - return 0; -}''', - 'HAVE_KRB5_PRINCIPAL_GET_REALM', - headers='krb5.h', lib='krb5', - addmain=False, - msg="Checking whether krb5_principal_get_realm is defined") - conf.CHECK_CODE(''' -krb5_enctype enctype; -enctype = ENCTYPE_ARCFOUR_HMAC_MD5; -''', - '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', - headers='krb5.h', lib='krb5', - msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available"); - conf.CHECK_CODE(''' -krb5_keytype keytype; -keytype = KEYTYPE_ARCFOUR_56; -''', - '_HAVE_KEYTYPE_ARCFOUR_56', - headers='krb5.h', lib='krb5', - msg="Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is available"); - if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'): - conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', '1') - - conf.CHECK_CODE(''' -krb5_enctype enctype; -enctype = ENCTYPE_ARCFOUR_HMAC; -''', - 'HAVE_ENCTYPE_ARCFOUR_HMAC', - headers='krb5.h', lib='krb5', - msg="Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is available"); - - conf.CHECK_CODE(''' -krb5_context context; -krb5_keytab keytab; -krb5_init_context(&context); -return krb5_kt_resolve(context, "WRFILE:api", &keytab); -''', - 'HAVE_WRFILE_KEYTAB', - headers='krb5.h', lib='krb5', execute=True, - msg="Checking whether the WRFILE:-keytab is supported"); - - # Check for KRB5_DEPRECATED handling - conf.CHECK_CODE('''#define KRB5_DEPRECATED 1 -#include <krb5.h>''', - 'HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER', addmain=False, - link=False, - msg="Checking for KRB5_DEPRECATED define taking an identifier") - if Options.options.with_ads: use_ads=True if not conf.CONFIG_SET('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and \ @@ -84,7 +84,14 @@ def configure(conf): conf.RECURSE('dynconfig') conf.RECURSE('lib/ldb') - if not os.getenv('USING_SYSTEM_KRB5'): + if Options.options.with_mit_krb5_checks: + conf.PROCESS_SEPARATE_RULE('krb5') + # Only process heimdal_build for non-MIT KRB5 builds + # When MIT KRB5 checks are done as above, conf.env.KRB5_VENDOR will be set + # to the lowcased output of 'krb5-config --vendor'. + # If it is not set or the output is 'heimdal', we are dealing with + # system-provided or embedded Heimdal build + if conf.CONFIG_GET('KRB5_VENDOR') in (None, 'heimdal'): conf.RECURSE('source4/heimdal_build') conf.RECURSE('source4/lib/tls') conf.RECURSE('source4/ntvfs/sysdep') diff --git a/wscript_build b/wscript_build index ad790ca506..717d8b0a1a 100644 --- a/wscript_build +++ b/wscript_build @@ -95,7 +95,6 @@ bld.RECURSE('libcli/smb') bld.RECURSE('libcli/util') bld.RECURSE('libcli/cldap') bld.RECURSE('lib/subunit/c') -bld.RECURSE('source4/kdc') bld.RECURSE('lib/smbconf') bld.RECURSE('lib/async_req') bld.RECURSE('libcli/security') @@ -112,17 +111,16 @@ bld.RECURSE('libcli/registry') bld.RECURSE('source4/lib/policy') bld.RECURSE('libcli/named_pipe_auth') -if bld.CONFIG_SET("USING_SYSTEM_KRB5"): - if bld.CONFIG_SET("HEIMDAL_KRB5_CONFIG") and bld.CONFIG_SET("KRB5_CONFIG"): - if bld.CONFIG_GET("HEIMDAL_KRB5_CONFIG") != bld.CONFIG_GET("KRB5_CONFIG"): - # When both HEIMDAL_KRB5_CONFIG and KRB5_CONFIG are set and not equal, - # it means one is Heimdal-specific (krb5-config.heimdal, for example) - # and there is system heimdal - bld.PROCESS_SEPARATE_RULE('system_heimdal') +if bld.CONFIG_GET('KRB5_VENDOR') in (None, 'heimdal'): + if bld.CONFIG_GET("HEIMDAL_KRB5_CONFIG") and bld.CONFIG_GET("USING_SYSTEM_KRB5"): + # When both HEIMDAL_KRB5_CONFIG and KRB5_CONFIG are set and not equal, + # it means one is Heimdal-specific (krb5-config.heimdal, for example) + # and there is system heimdal + bld.PROCESS_SEPARATE_RULE('system_heimdal') else: - bld.PROCESS_SEPARATE_RULE('system_krb5') + bld.PROCESS_SEPARATE_RULE('embedded_heimdal') else: - bld.PROCESS_SEPARATE_RULE('embedded_heimdal') + bld.PROCESS_SEPARATE_RULE('system_mitkrb5') bld.RECURSE('libcli/smbreadline') bld.RECURSE('codepages') diff --git a/wscript_build_embedded_heimdal b/wscript_build_embedded_heimdal index 9b829d83c0..fec28bedf6 100644 --- a/wscript_build_embedded_heimdal +++ b/wscript_build_embedded_heimdal @@ -1,4 +1,5 @@ import Logs Logs.info("\tSelected embedded Heimdal build") +bld.RECURSE('source4/kdc') bld.RECURSE('source4/heimdal_build') diff --git a/wscript_build_system_heimdal b/wscript_build_system_heimdal index 4ea8cd7351..8ec09b4783 100644 --- a/wscript_build_system_heimdal +++ b/wscript_build_system_heimdal @@ -1,4 +1,5 @@ import Logs Logs.info("\tSelected system Heimdal build") +bld.RECURSE('source4/kdc') bld.RECURSE('source4/heimdal_build') diff --git a/wscript_configure_krb5 b/wscript_configure_krb5 new file mode 100644 index 0000000000..2fb1c586fd --- /dev/null +++ b/wscript_configure_krb5 @@ -0,0 +1,187 @@ +import Logs, Options + +# Check for kerberos +have_gssapi=False + +Logs.info("Looking for kerberos features") +conf.find_program('krb5-config.heimdal', var='HEIMDAL_KRB5_CONFIG') +conf.find_program('krb5-config', var='KRB5_CONFIG') +if conf.env.KRB5_CONFIG: + conf.check_cfg(path="krb5-config", args="--cflags --libs", + package="gssapi", uselib_store="KRB5") + vendor = conf.cmd_and_log("%(path)s --vendor" % dict(path=conf.env.KRB5_CONFIG), dict()) + conf.env.KRB5_VENDOR = vendor.strip().lower() + if conf.env.KRB5_VENDOR != 'heimdal': + conf.define('USING_SYSTEM_KRB5', 1) + del conf.env.HEIMDAL_KRB5_CONFIG + +conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5') +conf.CHECK_HEADERS('gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h com_err.h', lib='krb5') + +if conf.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'): + conf.env['WINBIND_KRB5_LOCATOR'] = 'bin/winbind_krb5_locator.so' + +conf.CHECK_FUNCS_IN('_et_list', 'com_err') +conf.CHECK_FUNCS_IN('krb5_encrypt_data', 'k5crypto') +conf.CHECK_FUNCS_IN('des_set_key','crypto') +conf.CHECK_FUNCS_IN('copy_Authenticator', 'asn1') +conf.CHECK_FUNCS_IN('roken_getaddrinfo_hostspec', 'roken') +if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \ + conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'): + have_gssapi=True +conf.CHECK_FUNCS_IN(''' + gss_wrap_iov + gss_krb5_import_cred + gss_get_name_attribute + gss_mech_krb5 + gss_oid_equal + gss_inquire_sec_context_by_oid + gsskrb5_extract_authz_data_from_sec_context + gss_krb5_export_lucid_sec_context + ''', 'gssapi gssapi_krb5 krb5') +conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5') +conf.CHECK_FUNCS(''' + krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes + krb5_set_default_tgs_ktypes krb5_principal2salt + krb5_c_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey + krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes + krb5_get_default_in_tkt_etypes krb5_free_data_contents + krb5_principal_get_comp_string krb5_free_unparsed_name + krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init + krb5_krbhst_get_addrinfo + krb5_crypto_init krb5_crypto_destroy + krb5_c_verify_checksum krb5_principal_compare_any_realm + krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request + krb5_get_renewed_creds krb5_free_error_contents + initialize_krb5_error_table krb5_get_init_creds_opt_alloc + krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error + krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype + krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds + krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm''', + lib='krb5 k5crypto') +conf.CHECK_DECLS('''krb5_get_credentials_for_user + krb5_auth_con_set_req_cksumtype''', + headers='krb5.h', always=True) +conf.CHECK_VARIABLE('AP_OPTS_USE_SUBKEY', headers='krb5.h') +conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h') +conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h') +conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h') +conf.CHECK_VARIABLE('ENCTYPE_AES128_CTS_HMAC_SHA1_96', headers='krb5.h') +conf.CHECK_VARIABLE('ENCTYPE_AES256_CTS_HMAC_SHA1_96', headers='krb5.h') +conf.CHECK_DECLS('KRB5_PDU_NONE', reverse=True, headers='krb5.h') +conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h', + define='HAVE_KRB5_KEYTAB_ENTRY_KEY') +conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h', + define='HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK') +conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'magic', headers='krb5.h', + define='HAVE_MAGIC_IN_KRB5_ADDRESS') +conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h', + define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS') +conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h', + define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ') + +conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h') + +conf.CHECK_CODE(''' + krb5_context ctx; + krb5_get_init_creds_opt *opt = NULL; + krb5_get_init_creds_opt_free(ctx, opt); + ''', + 'KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', + headers='krb5.h', link=False, + msg="Checking whether krb5_get_init_creds_opt_free takes a context argument") +conf.CHECK_CODE(''' + const krb5_data *pkdata; + krb5_context context; + krb5_principal principal; + pkdata = krb5_princ_component(context, principal, 0); + ''', + 'HAVE_KRB5_PRINC_COMPONENT', + headers='krb5.h', lib='krb5', + msg="Checking whether krb5_princ_component is available") + +conf.CHECK_CODE(''' + int main(void) { + char buf[256]; + krb5_enctype_to_string(1, buf, 256); + return 0; + }''', + 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG', + headers='krb5.h', lib='krb5 k5crypto', + addmain=False, cflags='-Werror', + msg="Checking whether krb5_enctype_to_string takes size_t argument") + +conf.CHECK_CODE(''' + int main(void) { + krb5_context context = NULL; + char *str = NULL; + krb5_enctype_to_string(context, 1, &str); + if (str) free (str); + return 0; + }''', + 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', + headers='krb5.h stdlib.h', lib='krb5', + addmain=False, cflags='-Werror', + msg="Checking whether krb5_enctype_to_string takes krb5_context argument") +conf.CHECK_CODE(''' + int main(void) { + krb5_context ctx = NULL; + krb5_principal princ = NULL; + const char *str = krb5_princ_realm(ctx, princ)->data; + return 0; + }''', + 'HAVE_KRB5_PRINC_REALM', + headers='krb5.h', lib='krb5', + addmain=False, + msg="Checking whether the macro krb5_princ_realm is defined") +conf.CHECK_CODE(''' + int main(void) { + krb5_context context; + krb5_principal principal; + const char *realm; realm = krb5_principal_get_realm(context, principal); + return 0; + }''', + 'HAVE_KRB5_PRINCIPAL_GET_REALM', + headers='krb5.h', lib='krb5', + addmain=False, + msg="Checking whether krb5_principal_get_realm is defined") +conf.CHECK_CODE(''' + krb5_enctype enctype; + enctype = ENCTYPE_ARCFOUR_HMAC_MD5; + ''', + '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', + headers='krb5.h', lib='krb5', + msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available"); +conf.CHECK_CODE(''' + krb5_keytype keytype; + keytype = KEYTYPE_ARCFOUR_56; + ''', + '_HAVE_KEYTYPE_ARCFOUR_56', + headers='krb5.h', lib='krb5', + msg="Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is available"); +if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'): + conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', '1') + +conf.CHECK_CODE(''' + krb5_enctype enctype; + enctype = ENCTYPE_ARCFOUR_HMAC; + ''', + 'HAVE_ENCTYPE_ARCFOUR_HMAC', + headers='krb5.h', lib='krb5', + msg="Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is available"); + +conf.CHECK_CODE(''' + krb5_context context; + krb5_keytab keytab; + krb5_init_context(&context); + return krb5_kt_resolve(context, "WRFILE:api", &keytab); + ''', + 'HAVE_WRFILE_KEYTAB', + headers='krb5.h', lib='krb5', execute=True, + msg="Checking whether the WRFILE:-keytab is supported"); +# Check for KRB5_DEPRECATED handling +conf.CHECK_CODE('''#define KRB5_DEPRECATED 1 + #include <krb5.h>''', + 'HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER', addmain=False, + link=False, + msg="Checking for KRB5_DEPRECATED define taking an identifier") |