summaryrefslogtreecommitdiff
path: root/source4/auth/gensec/config.mk
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22404: more dependencies which should be privateStefan Metzmacher1-8/+6
metze (This used to be commit e0e35965d1eaab182941d17da744b70c4234ca52)
2007-10-10r22397: hopefully fix the build on some aix hosts in the build-farmStefan Metzmacher1-1/+1
we need to make sure -Iheimdal/lib/gssapi comes before -I/usr/local/include metze (This used to be commit a6ba465fa8b0a4a0835593526d3f2670736c2c8e)
2007-10-10r19676: Fix some more dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 8768bec81f57131a0c9754e8121b345c0be4a5d0)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-4/+5
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19507: Merge my DSO fixes branch. Building Samba's libraries as shared ↵Jelmer Vernooij1-2/+2
libraries works again now, by specifying --enable-dso to configure. (This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
2007-10-10r18155: Add my work in progress, a module to link with Cyrus-SASL, for aAndrew Bartlett1-0/+10
DIGEST-MD5 implemenation in particular. However, I can't make this work: Cyrus-SASL isn't loading the mech... Andrew Bartlett (This used to be commit 0b193d28c896c9d212a536da7d87634543d971a5)
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett1-0/+11
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r15363: Fix dependencies for shared libraryJelmer Vernooij1-2/+3
(This used to be commit f2ca71f1229f4c20296895116c09bacbd6a53b55)
2007-10-10r15304: Fix smbd build, more updates on getting --enable-dso to build againJelmer Vernooij1-1/+1
(This used to be commit 3ef9326386ba1c210166302cbcf02d2ed3f19944)
2007-10-10r15298: Fix the build using a few hacks in the build system.Jelmer Vernooij1-1/+1
Recursive dependencies are now forbidden (the build system will bail out if there are any). I've split up auth_sam.c into auth_sam.c and sam.c. Andrew, please rename sam.c / move its contents to whatever/wherever you think suits best. (This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-4/+4
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14572: Give libraries saner names, remove some .pc files, make some thingsJelmer Vernooij1-1/+1
subsystems in case a library doesn't make sense. (This used to be commit ed382873fd01457a53e0a1e1f5ba6753dfbc0646)
2007-10-10r14497: Fix build with shared librariesJelmer Vernooij1-2/+2
(This used to be commit c74fc55831ca24819ae7f5e0920d0351e2b46a08)
2007-10-10r14492: Fix shared libs - set SO_VERSION to 0 everywhere for now.Jelmer Vernooij1-1/+1
(This used to be commit 4682bc5ce047d81586447b9df82c91ed1fe677cf)
2007-10-10r14484: Install more headersJelmer Vernooij1-2/+2
(This used to be commit 430c6516d383bfd7f27287394bf8eef9f174b3e6)
2007-10-10r14327: Replace MAJOR_VERSION/MINOR_VERSION/RELEASE_VERSION with two parameters:Jelmer Vernooij1-3/+2
- VERSION: should contain the current version. Will be made part of the filename. - SO_VERSION: should contain the latest version that this on is compatible to. Will be used for setting the soname of the shared library. Fix sonames and use them on platforms that support them Remove symlinking code. ldconfig will take care of creating the symlinks now that we set the soname. (This used to be commit 7871b07e21c85c63d0ecac4c31b98dc112d18af5)
2007-10-10r14065: build gensec_schannel always static as libnet needs functions from itStefan Metzmacher1-0/+1
metze (This used to be commit 91a3a0b795ebe73d29b69bb40ae9e67b40f90212)
2007-10-10r13960: Generate makefile rules for installing/removing shared modules.Jelmer Vernooij1-10/+10
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
2007-10-10r13938: Around round of splitupsJelmer Vernooij1-0/+1
(This used to be commit 2d655f05285a86bb1bbb882e4dd843def15c9dfa)
2007-10-10r13903: Don't generate prototypes for modules and binaries in include/proto.h byJelmer Vernooij1-0/+2
default. (This used to be commit c80a8f1102caf744b66c13bebde38fba74983dc4)
2007-10-10r12670: Make a couple of dependencies stricterJelmer Vernooij1-1/+1
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force specific modules to always be included (This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
2007-10-10r12621: INIT_FUNCTION no longer has to be set on librariesJelmer Vernooij1-1/+0
(This used to be commit 7ff1ecdc6fa9e360dedf9737da6ce1941ad5033e)
2007-10-10r12592: Remove some useless dependenciesJelmer Vernooij1-2/+2
(This used to be commit ca8db1a0cd77682ac2c6dc4718f5d753a4fcc4db)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+1
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-10/+8
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r12254: Add some (hopefully correct) descriptions for libraries that are ↵Jelmer Vernooij1-0/+1
installed. Install pkg-config files. (This used to be commit a86abe84e2cae7c6188c094a92c6b62aace02fdf)
2007-10-10r11382: Require number of required M4 macrosJelmer Vernooij1-0/+1
Make MODULE handling a bit more like BINARY, LIBRARY and SUBSYSTEM Add some more PUBLIC_HEADERS (This used to be commit 875eb8f4cc658e6aebab070029fd499a726ad520)
2007-10-10r11377: Add support for building LIBRARY elements as shared libraries:Jelmer Vernooij1-1/+4
- Adds -rpath bin/ so you don't have to install Samba in order to use compiled binaries. - Writes out pkg-config files when building shared libs - Supports automatic fallback to MERGEDOBJ (which is the default) or OBJ_LIST (if ld -r is not supported) Building with shared libs reduces the size of the Samba binaries from 197 Mb to 60 Mb (including libraries) on my system (GCC4, with debugging). To build with shared libraries support enabled, run: LIBRARY_OUTPUT_TYPE=SHARED_LIBRARY ./config.status init functions don't get called correctly yet when using shared libs, so you won't be able to actually run anything with success :-) Once init functions are done, I'll look at support for loading shared modules once again. Based on a patch by Peter Novodvorsky (nidd on IRC). (This used to be commit 0b54405685674a2b19a28d77aae5b1136b5a4728)
2007-10-10r11244: Relative path names in .mk filesJelmer Vernooij1-8/+8
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
2007-10-10r7993: Further work on the Krb5 PAC.Andrew Bartlett1-2/+2
We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
2007-10-10r7352: the internal heimdal build change. This changes quite a few things:Andrew Tridgell1-3/+2
- if you want kerberos now, you need to unpack a lorikeet heimdal tree in source/heimdal/. If source/heimdal/ does not exist at configure time then all kerberos features are disabled. You cannot use an external kerberos library for now. That may change later. - moved lib/replace/ config stuff to lib/replace/ and create a lib/replace/replace.h. That allows the heimdal build to use our portability layer, and prevenets duplicate definitions of functions like strlcat() - if you do enable heimdal, then you will need to do 'make HEIMDAL_EXTERNAL' before you build Samba. That should be fixed once I explain the problem to jelmer (the problem is the inability to set a depend without also dragging in the object list of the dependency. We need this for building the heimdal asn1 compiler and et compiler. - disabled all of the m4 checks for external kerberos libraries. I left them in place in auth/kerberos/, but disabled it in configure.in some of the heimdal_build/ code is still very rough, for example I don't correctly detect the correct awk, flex, bison replacements for heimdal_build/build_external.sh. I expect to fix that stuff up over the next few days. (This used to be commit d4648249b2c7fc8b5e7c0fc8d8f92ae043b5691f)
2007-10-10r6810: Rename auth/{ntlmssp,gensec,kerberos} mk and m4 files to be calledTim Potter1-0/+63
config.mk and config.m4 to be consistent with the rest of Samba. (This used to be commit f377c71e4f0d60684326906dfb65e4581294ec34)