From 2f75b53e8058f80dd7e5cba61e55271f40a8a338 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Fri, 17 Dec 2010 21:51:21 +0100
Subject: heimdal_build: Add version-script for heimdal_base, hx509 and
 hcrypto. Convert hbase and hcrypto to libraries.

---
 source4/heimdal/lib/hx509/version-script.map | 244 +++++++++++++++++++++++++++
 source4/heimdal_build/wscript_build          |  81 ++++-----
 2 files changed, 285 insertions(+), 40 deletions(-)
 create mode 100644 source4/heimdal/lib/hx509/version-script.map

diff --git a/source4/heimdal/lib/hx509/version-script.map b/source4/heimdal/lib/hx509/version-script.map
new file mode 100644
index 0000000000..c0666d81c9
--- /dev/null
+++ b/source4/heimdal/lib/hx509/version-script.map
@@ -0,0 +1,244 @@
+# $Id$
+
+HEIMDAL_X509_1.2 {
+	global:
+		_hx509_cert_assign_key;
+		_hx509_cert_private_key;
+		_hx509_certs_keys_free;
+		_hx509_certs_keys_get;
+		_hx509_expr_eval;
+		_hx509_expr_free;
+		_hx509_expr_parse;
+		_hx509_generate_private_key;
+		_hx509_generate_private_key_bits;
+		_hx509_generate_private_key_free;
+		_hx509_generate_private_key_init;
+		_hx509_generate_private_key_is_ca;
+		_hx509_map_file_os;
+		_hx509_name_from_Name;
+		_hx509_private_key2SPKI;
+		_hx509_private_key_free;
+		_hx509_private_key_ref;
+		_hx509_request_add_dns_name;
+		_hx509_request_add_email;
+		_hx509_request_free;
+		_hx509_request_get_SubjectPublicKeyInfo;
+		_hx509_request_get_name;
+		_hx509_request_init;
+		_hx509_request_parse;
+		_hx509_request_print;
+		_hx509_request_set_SubjectPublicKeyInfo;
+		_hx509_request_set_email;
+		_hx509_request_set_name;
+		_hx509_request_to_pkcs10;
+		_hx509_request_to_pkcs10;
+		_hx509_unmap_file_os;
+		_hx509_write_file;
+		hx509_bitstring_print;
+		hx509_ca_sign;
+		hx509_ca_sign_self;
+		hx509_ca_tbs_add_crl_dp_uri;
+		hx509_ca_tbs_add_eku;
+		hx509_ca_tbs_add_san_hostname;
+		hx509_ca_tbs_add_san_jid;
+		hx509_ca_tbs_add_san_ms_upn;
+		hx509_ca_tbs_add_san_otherName;
+		hx509_ca_tbs_add_san_pkinit;
+		hx509_ca_tbs_add_san_rfc822name;
+		hx509_ca_tbs_free;
+		hx509_ca_tbs_init;
+		hx509_ca_tbs_set_ca;
+		hx509_ca_tbs_set_domaincontroller;
+		hx509_ca_tbs_set_notAfter;
+		hx509_ca_tbs_set_notAfter_lifetime;
+		hx509_ca_tbs_set_notBefore;
+		hx509_ca_tbs_set_proxy;
+		hx509_ca_tbs_set_serialnumber;
+		hx509_ca_tbs_set_spki;
+		hx509_ca_tbs_set_subject;
+		hx509_ca_tbs_set_template;
+		hx509_ca_tbs_set_unique;
+		hx509_ca_tbs_subject_expand;
+		hx509_ca_tbs_template_units;
+		hx509_cert;
+		hx509_cert_attribute;
+		hx509_cert_binary;
+		hx509_cert_check_eku;
+		hx509_cert_cmp;
+		hx509_cert_find_subjectAltName_otherName;
+		hx509_cert_free;
+		hx509_cert_get_SPKI;
+		hx509_cert_get_SPKI_AlgorithmIdentifier;
+		hx509_cert_get_attribute;
+		hx509_cert_get_base_subject;
+		hx509_cert_get_friendly_name;
+		hx509_cert_get_issuer;
+		hx509_cert_get_notAfter;
+		hx509_cert_get_notBefore;
+		hx509_cert_get_serialnumber;
+		hx509_cert_get_subject;
+		hx509_cert_get_issuer_unique_id;
+		hx509_cert_get_subject_unique_id;
+		hx509_cert_init;
+		hx509_cert_init_data;
+		hx509_cert_keyusage_print;
+		hx509_cert_ref;
+		hx509_cert_set_friendly_name;
+		hx509_certs_add;
+		hx509_certs_append;
+		hx509_certs_end_seq;
+		hx509_certs_ref;
+		hx509_certs_filter;
+		hx509_certs_find;
+		hx509_certs_free;
+		hx509_certs_info;
+		hx509_certs_init;
+		hx509_certs_iter;
+		hx509_certs_iter_f;
+		hx509_certs_merge;
+		hx509_certs_next_cert;
+		hx509_certs_start_seq;
+		hx509_certs_store;
+		hx509_ci_print_names;
+		hx509_clear_error_string;
+		hx509_cms_create_signed;
+		hx509_cms_create_signed_1;
+		hx509_cms_decrypt_encrypted;
+		hx509_cms_envelope_1;
+		hx509_cms_unenvelope;
+		hx509_cms_unwrap_ContentInfo;
+		hx509_cms_verify_signed;
+		hx509_cms_wrap_ContentInfo;
+		hx509_context_free;
+		hx509_context_init;
+		hx509_context_set_missing_revoke;
+		hx509_crl_add_revoked_certs;
+		hx509_crl_alloc;
+		hx509_crl_free;
+		hx509_crl_lifetime;
+		hx509_crl_sign;
+		hx509_crypto_aes128_cbc;
+		hx509_crypto_aes256_cbc;
+		hx509_crypto_allow_weak;
+		hx509_crypto_available;
+		hx509_crypto_decrypt;
+		hx509_crypto_des_rsdi_ede3_cbc;
+		hx509_crypto_destroy;
+		hx509_crypto_encrypt;
+		hx509_crypto_enctype_by_name;
+		hx509_crypto_free_algs;
+		hx509_crypto_get_params;
+		hx509_crypto_init;
+		hx509_crypto_provider;
+		hx509_crypto_select;
+		hx509_crypto_set_key_data;
+		hx509_crypto_set_key_name;
+		hx509_crypto_set_padding;
+		hx509_crypto_set_params;
+		hx509_crypto_set_random_key;
+		hx509_env_add;
+		hx509_env_add_binding;
+		hx509_env_find;
+		hx509_env_find_binding;
+		hx509_env_free;
+		hx509_env_init;
+		hx509_env_lfind;
+		hx509_err;
+		hx509_free_error_string;
+		hx509_free_octet_string_list;
+		hx509_general_name_unparse;
+		hx509_get_error_string;
+		hx509_get_one_cert;
+		hx509_lock_add_cert;
+		hx509_lock_add_certs;
+		hx509_lock_add_password;
+		hx509_lock_command_string;
+		hx509_lock_free;
+		hx509_lock_init;
+		hx509_lock_prompt;
+		hx509_lock_reset_certs;
+		hx509_lock_reset_passwords;
+		hx509_lock_reset_promper;
+		hx509_lock_set_prompter;
+		hx509_name_binary;
+		hx509_name_cmp;
+		hx509_name_copy;
+		hx509_name_expand;
+		hx509_name_free;
+		hx509_name_is_null_p;
+		hx509_name_normalize;
+		hx509_name_to_Name;
+		hx509_name_to_string;
+		hx509_ocsp_request;
+		hx509_ocsp_verify;
+		hx509_oid_print;
+		hx509_oid_sprint;
+		hx509_parse_name;
+		hx509_peer_info_add_cms_alg;
+		hx509_peer_info_alloc;
+		hx509_peer_info_free;
+		hx509_peer_info_set_cert;
+		hx509_peer_info_set_cms_algs;
+		hx509_pem_add_header;
+		hx509_pem_find_header;
+		hx509_pem_free_header;
+		hx509_pem_read;
+		hx509_pem_write;
+		hx509_print_stdout;
+		hx509_print_cert;
+		hx509_prompt_hidden;
+		hx509_query_alloc;
+		hx509_query_free;
+		hx509_query_match_cmp_func;
+		hx509_query_match_eku;
+		hx509_query_match_expr;
+		hx509_query_match_friendly_name;
+		hx509_query_match_issuer_serial;
+		hx509_query_match_option;
+		hx509_query_statistic_file;
+		hx509_query_unparse_stats;
+		hx509_revoke_add_crl;
+		hx509_revoke_add_ocsp;
+		hx509_revoke_free;
+		hx509_revoke_init;
+		hx509_revoke_ocsp_print;
+		hx509_revoke_verify;
+		hx509_set_error_string;
+		hx509_set_error_stringv;
+		hx509_signature_md5;
+		hx509_signature_rsa;
+		hx509_signature_rsa_with_md5;
+		hx509_signature_rsa_with_sha1;
+		hx509_signature_rsa_with_sha256;
+		hx509_signature_rsa_with_sha384;
+		hx509_signature_rsa_with_sha512;
+		hx509_signature_sha1;
+		hx509_signature_sha256;
+		hx509_signature_sha384;
+		hx509_signature_sha512;
+		hx509_unparse_der_name;
+		hx509_validate_cert;
+		hx509_validate_ctx_add_flags;
+		hx509_validate_ctx_free;
+		hx509_validate_ctx_init;
+		hx509_validate_ctx_set_print;
+		hx509_verify_attach_anchors;
+		hx509_verify_attach_revoke;
+		hx509_verify_ctx_f_allow_default_trustanchors;
+		hx509_verify_destroy_ctx;
+		hx509_verify_hostname;
+		hx509_verify_init_ctx;
+		hx509_verify_path;
+		hx509_verify_set_max_depth;
+		hx509_verify_set_proxy_certificate;
+		hx509_verify_set_strict_rfc3280_verification;
+		hx509_verify_set_time;
+		hx509_verify_signature;
+		hx509_xfree;
+		initialize_hx_error_table_r;
+		# pkcs11 symbols
+		C_GetFunctionList;
+	local:
+		*;
+};
+
diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
index d6cbaa1ff4..1a4723d2f8 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -368,32 +368,12 @@ HEIMDAL_ASN1('HEIMDAL_GSSAPI_ASN1',
     )
 
 
-HEIMDAL_ASN1('HEIMDAL_KRB5_ASN1',
-    'lib/asn1/krb5.asn1',
-    option_file='lib/asn1/krb5.opt',
-    directory='lib/asn1'
-    )
-
-
 HEIMDAL_ASN1('HEIMDAL_DIGEST_ASN1',
     'lib/asn1/digest.asn1',
     directory='lib/asn1'
     )
 
 
-HEIMDAL_ASN1('HEIMDAL_RFC2459_ASN1',
-    'lib/asn1/rfc2459.asn1',
-    options='--preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints',
-    directory='lib/asn1'
-    )
-
-
-HEIMDAL_ASN1('HEIMDAL_PKINIT_ASN1',
-    'lib/asn1/pkinit.asn1',
-    directory='lib/asn1'
-    )
-
-
 HEIMDAL_ASN1('HEIMDAL_KX509_ASN1',
     'lib/asn1/kx509.asn1',
     directory='lib/asn1'
@@ -516,7 +496,7 @@ KDC_SOURCE='kdc/default_config.c kdc/kerberos5.c kdc/krb5tgs.c kdc/pkinit.c kdc/
 
 HEIMDAL_LIBRARY('kdc', source=KDC_SOURCE,
                     includes='../heimdal/kdc',
-                    deps='roken krb5 hdb asn1 HEIMDAL_DIGEST_ASN1 HEIMDAL_KX509_ASN1 heimntlm HEIMDAL_HCRYPTO com_err wind HEIMDAL_BASE',
+                    deps='roken krb5 hdb asn1 HEIMDAL_DIGEST_ASN1 HEIMDAL_KX509_ASN1 heimntlm hcrypto com_err wind hbase',
                     vnum='2.0.0',
                     version_script='kdc/version-script.map')
 HEIMDAL_AUTOPROTO('kdc/kdc-protos.h', KDC_SOURCE)
@@ -529,7 +509,7 @@ HEIMNTLM_SOURCE = 'lib/ntlm/ntlm.c'
 HEIMDAL_LIBRARY('heimntlm',
                     source=HEIMNTLM_SOURCE,
                     includes='../heimdal/lib/ntlm',
-                    deps='roken HEIMDAL_HCRYPTO krb5',
+                    deps='roken hcrypto krb5',
                     vnum='1.0.1',
                     version_script='lib/ntlm/version-script.map',
     )
@@ -539,7 +519,7 @@ HEIMDAL_AUTOPROTO('lib/ntlm/heimntlm-protos.h', HEIMNTLM_SOURCE)
 HEIMDAL_SUBSYSTEM('HEIMDAL_HDB_KEYS',
     'lib/hdb/keys.c',
     includes='../heimdal/lib/hdb',
-    deps='roken HEIMDAL_HCRYPTO krb5 HEIMDAL_HDB_ASN1'
+    deps='roken hcrypto krb5 HEIMDAL_HDB_ASN1'
     )
 
 
@@ -552,7 +532,7 @@ HEIMDAL_LIBRARY('hdb',
     version_script='lib/hdb/version-script.map',
     source=HDB_SOURCE,
     includes='../heimdal/lib/hdb',
-    deps='krb5 HEIMDAL_HDB_KEYS roken HEIMDAL_HCRYPTO com_err HEIMDAL_HDB_ASN1 wind',
+    deps='krb5 HEIMDAL_HDB_KEYS roken hcrypto com_err HEIMDAL_HDB_ASN1 wind',
     vnum='11.0.2',
     )
 HEIMDAL_AUTOPROTO('lib/hdb/hdb-protos.h', HDB_SOURCE)
@@ -602,7 +582,7 @@ lib/gssapi/mech/gss_import_name.c lib/gssapi/mech/gss_duplicate_name.c lib/gssap
 lib/gssapi/mech/gss_export_sec_context.c lib/gssapi/mech/gss_inquire_context.c lib/gssapi/mech/gss_release_name.c
 lib/gssapi/mech/gss_set_cred_option.c  lib/gssapi/mech/gss_pseudo_random.c ../heimdal_build/gssapi-glue.c''',
     includes='../heimdal/lib/gssapi ../heimdal/lib/gssapi/gssapi ../heimdal/lib/gssapi/spnego ../heimdal/lib/gssapi/krb5 ../heimdal/lib/gssapi/mech',
-    deps='HEIMDAL_HCRYPTO asn1 HEIMDAL_SPNEGO_ASN1 HEIMDAL_GSSAPI_ASN1 roken krb5 com_err wind',
+    deps='hcrypto asn1 HEIMDAL_SPNEGO_ASN1 HEIMDAL_GSSAPI_ASN1 roken krb5 com_err wind',
     vnum='2.0.0',
     version_script='lib/gssapi/version-script.map',
     )
@@ -612,7 +592,7 @@ HEIMDAL_SUBSYSTEM('HEIMDAL_CONFIG',
                   'lib/krb5/expand_path.c lib/krb5/plugin.c lib/krb5/context.c',
                   includes='../heimdal/lib/krb5 ../heimdal/lib/asn1 ../heimdal/include',
                   cflags=bld.dynconfig_cflags('LIBDIR BINDIR LIBEXECDIR SBINDIR'),
-                  deps='HEIMDAL_HCRYPTO HEIMDAL_BASE wind hx509 com_err'
+                  deps='hcrypto hbase wind hx509 com_err'
                   )
 
 KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in to_list(
@@ -655,7 +635,7 @@ KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in to_list(
 HEIMDAL_LIBRARY('krb5', KRB5_SOURCE,
     version_script='lib/krb5/version-script.map',
                     includes='../heimdal/lib/krb5 ../heimdal/lib/asn1 ../heimdal/include',
-            deps='roken HEIMDAL_PKINIT_ASN1 wind HEIMDAL_KRB5_ASN1 hx509 HEIMDAL_HCRYPTO samba-hostconfig intl com_err HEIMDAL_CONFIG HEIMDAL_BASE',
+            deps='roken wind asn1 hx509 hcrypto samba-hostconfig intl com_err HEIMDAL_CONFIG hbase',
             vnum='26.0.0',
                     )
 KRB5_PROTO_SOURCE = KRB5_SOURCE + ['lib/krb5/expand_path.c', 'lib/krb5/plugin.c', 'lib/krb5/context.c']
@@ -692,9 +672,32 @@ if not bld.CONFIG_SET("USING_SYSTEM_ASN1"):
         deps='roken com_err'
         )
 
+    HEIMDAL_ASN1('HEIMDAL_RFC2459_ASN1',
+        'lib/asn1/rfc2459.asn1',
+        options='--preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints',
+        directory='lib/asn1'
+        )
+
+    HEIMDAL_ASN1('HEIMDAL_KRB5_ASN1',
+        'lib/asn1/krb5.asn1',
+        option_file='lib/asn1/krb5.opt',
+        directory='lib/asn1'
+        )
+
+    HEIMDAL_ASN1('HEIMDAL_PKINIT_ASN1',
+        'lib/asn1/pkinit.asn1',
+        directory='lib/asn1'
+        )
+
+    HEIMDAL_ASN1('HEIMDAL_CMS_ASN1',
+        'lib/asn1/cms.asn1',
+        option_file='lib/asn1/cms.opt',
+        directory='lib/asn1'
+        )
+
     HEIMDAL_LIBRARY('asn1',
             version_script='lib/asn1/version-script.map',
-            deps="HEIMDAL_HEIM_ASN1",
+            deps="HEIMDAL_HEIM_ASN1 HEIMDAL_RFC2459_ASN1 HEIMDAL_KRB5_ASN1 HEIMDAL_PKINIT_ASN1 HEIMDAL_CMS_ASN1",
             source='',
             vnum='8.0.0')
 
@@ -705,17 +708,20 @@ if not bld.CONFIG_SET("USING_SYSTEM_TOMMATH"):
             includes='../heimdal/lib/hcrypto/libtommath'
         )
 
-# FIXME: This should be a library:
-HEIMDAL_SUBSYSTEM('HEIMDAL_HCRYPTO',
+HEIMDAL_LIBRARY('hcrypto',
     'lib/hcrypto/aes.c lib/hcrypto/bn.c lib/hcrypto/dh.c lib/hcrypto/dh-ltm.c lib/hcrypto/des.c lib/hcrypto/dsa.c lib/hcrypto/engine.c lib/hcrypto/md2.c lib/hcrypto/md4.c lib/hcrypto/md5.c lib/hcrypto/rsa.c lib/hcrypto/rsa-ltm.c lib/hcrypto/rc2.c lib/hcrypto/rc4.c lib/hcrypto/rijndael-alg-fst.c lib/hcrypto/rnd_keys.c lib/hcrypto/sha.c lib/hcrypto/sha256.c lib/hcrypto/sha512.c lib/hcrypto/ui.c lib/hcrypto/evp.c lib/hcrypto/evp-hcrypto.c lib/hcrypto/pkcs5.c lib/hcrypto/pkcs12.c lib/hcrypto/rand.c lib/hcrypto/rand-egd.c lib/hcrypto/rand-unix.c lib/hcrypto/rand-fortuna.c lib/hcrypto/rand-timer.c lib/hcrypto/hmac.c lib/hcrypto/camellia.c lib/hcrypto/camellia-ntt.c lib/hcrypto/common.c lib/hcrypto/validate.c',
     includes='../heimdal/lib/hcrypto ../heimdal/lib ../heimdal/include',
-    deps='roken asn1 HEIMDAL_RFC2459_ASN1 tommath'
+    deps='roken asn1 tommath',
+    version_script='lib/hcrypto/version-script.map',
+    vnum='5.0.1',
     )
 
-HEIMDAL_SUBSYSTEM('HEIMDAL_BASE',
+HEIMDAL_LIBRARY('hbase',
     'base/array.c base/bool.c base/dict.c base/heimbase.c base/string.c base/number.c base/null.c',
     includes='../heimdal/base ../heimdal/include',
-    deps='roken replace'
+    deps='roken replace',
+    version_script='base/version-script.map',
+    vnum='1.0.0',
     )
 
 
@@ -744,12 +750,6 @@ if not bld.CONFIG_SET("USING_SYSTEM_HX509"):
         directory='lib/asn1'
         )
 
-    HEIMDAL_ASN1('HEIMDAL_CMS_ASN1',
-        'lib/asn1/cms.asn1',
-        option_file='lib/asn1/cms.opt',
-        directory='lib/asn1'
-        )
-
     HEIMDAL_ASN1('HEIMDAL_PKCS10_ASN1',
         'lib/hx509/pkcs10.asn1',
         options='--preserve-binary=CertificationRequestInfo',
@@ -798,8 +798,9 @@ if not bld.CONFIG_SET("USING_SYSTEM_HX509"):
     HEIMDAL_LIBRARY('hx509',
         'lib/hx509/ca.c lib/hx509/cert.c lib/hx509/cms.c lib/hx509/collector.c lib/hx509/crypto.c lib/hx509/error.c lib/hx509/env.c lib/hx509/file.c lib/hx509/keyset.c lib/hx509/ks_dir.c lib/hx509/ks_file.c lib/hx509/ks_keychain.c lib/hx509/ks_mem.c lib/hx509/ks_null.c lib/hx509/ks_p11.c lib/hx509/ks_p12.c lib/hx509/lock.c lib/hx509/name.c lib/hx509/peer.c lib/hx509/print.c lib/hx509/req.c lib/hx509/revoke.c lib/hx509/sel.c lib/hx509/hx509_err.c lib/hx509/sel-lex.c lib/hx509/sel-gram.c',
         includes='../heimdal/lib/hx509',
-        deps='roken com_err asn1 HEIMDAL_HCRYPTO HEIMDAL_CMS_ASN1 HEIMDAL_RFC2459_ASN1 HEIMDAL_OCSP_ASN1 HEIMDAL_PKCS8_ASN1 HEIMDAL_PKCS9_ASN1 HEIMDAL_PKCS12_ASN1 HEIMDAL_PKINIT_ASN1 HEIMDAL_PKCS10_ASN1 wind HEIMDAL_KRB5_ASN1',
+        deps='roken com_err asn1 hcrypto asn1 HEIMDAL_OCSP_ASN1 HEIMDAL_PKCS8_ASN1 HEIMDAL_PKCS9_ASN1 HEIMDAL_PKCS12_ASN1 HEIMDAL_PKCS10_ASN1 wind',
         vnum='5.0.0',
+        version_script='lib/hx509/version-script.map',
         )
 
 if not bld.CONFIG_SET('USING_SYSTEM_WIND'):
-- 
cgit