From 4291fdcf3910b37d7dc7ed3849847fb162b5569b Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 20 Apr 2012 12:53:11 +0300 Subject: waf: move krb5 checks to a separate waf file With PROCESS_SEPARATE_RULE in wafsamba it is now possible to simplify configuration and checks for MIT/Heimdal Kerberos implementations. 1. Move MIT krb5 checks from source3/wscript to wscript_configure_krb5 2. Make sure they are called same way (--with-mit-krb5-checks) 3. If no configure checks identified MIT krb5 in system (or were disabled), make sure Heimdal build is selected, embedded (default) or system-provided. This makes logic of configuration unchanged for Heimdal builds but adds less hacky way to use MIT krb5 builds. The latter does not work yet as we need to untangle more subsystems from HDB/Heimdal-specific details but lays out a foundation for that. Signed-off-by: Simo Sorce --- source3/wscript | 180 --------------------------------------- wscript | 9 +- wscript_build | 18 ++-- wscript_build_embedded_heimdal | 1 + wscript_build_system_heimdal | 1 + wscript_configure_krb5 | 187 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 205 insertions(+), 191 deletions(-) create mode 100644 wscript_configure_krb5 diff --git a/source3/wscript b/source3/wscript index ef415d08fd..46aa582748 100755 --- a/source3/wscript +++ b/source3/wscript @@ -542,186 +542,6 @@ msg.msg_acctrightslen = sizeof(fd); conf.SET_TARGET_TYPE('ldap', 'EMPTY') conf.SET_TARGET_TYPE('lber', 'EMPTY') - # Check for kerberos - have_gssapi=False - if Options.options.with_mit_krb5_checks: - Logs.info("Looking for kerberos features") - conf.find_program('krb5-config', var='KRB5_CONFIG') - if conf.env.KRB5_CONFIG: - conf.check_cfg(path="krb5-config", args="--cflags --libs", - package="gssapi", uselib_store="KRB5") - conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5') - conf.CHECK_HEADERS('gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h com_err.h', lib='krb5') - - if conf.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'): - conf.env['WINBIND_KRB5_LOCATOR'] = 'bin/winbind_krb5_locator.so' - - conf.CHECK_FUNCS_IN('_et_list', 'com_err') - conf.CHECK_FUNCS_IN('krb5_encrypt_data', 'k5crypto') - conf.CHECK_FUNCS_IN('des_set_key','crypto') - conf.CHECK_FUNCS_IN('copy_Authenticator', 'asn1') - conf.CHECK_FUNCS_IN('roken_getaddrinfo_hostspec', 'roken') - if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \ - conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'): - have_gssapi=True - conf.CHECK_FUNCS_IN(''' - gss_wrap_iov - gss_krb5_import_cred - gss_get_name_attribute - gss_mech_krb5 - gss_oid_equal - gss_inquire_sec_context_by_oid - gsskrb5_extract_authz_data_from_sec_context - gss_krb5_export_lucid_sec_context - ''', 'gssapi gssapi_krb5 krb5') - conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5') - conf.CHECK_FUNCS(''' -krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes -krb5_set_default_tgs_ktypes krb5_principal2salt -krb5_c_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey -krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes -krb5_get_default_in_tkt_etypes krb5_free_data_contents -krb5_principal_get_comp_string krb5_free_unparsed_name -krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init -krb5_krbhst_get_addrinfo -krb5_crypto_init krb5_crypto_destroy -krb5_c_verify_checksum krb5_principal_compare_any_realm -krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request -krb5_get_renewed_creds krb5_free_error_contents -initialize_krb5_error_table krb5_get_init_creds_opt_alloc -krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error -krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype -krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds -krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm''', - lib='krb5 k5crypto') - conf.CHECK_DECLS('''krb5_get_credentials_for_user - krb5_auth_con_set_req_cksumtype''', - headers='krb5.h', always=True) - conf.CHECK_VARIABLE('AP_OPTS_USE_SUBKEY', headers='krb5.h') - conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h') - conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h') - conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h') - conf.CHECK_VARIABLE('ENCTYPE_AES128_CTS_HMAC_SHA1_96', headers='krb5.h') - conf.CHECK_VARIABLE('ENCTYPE_AES256_CTS_HMAC_SHA1_96', headers='krb5.h') - conf.CHECK_DECLS('KRB5_PDU_NONE', reverse=True, headers='krb5.h') - conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h', - define='HAVE_KRB5_KEYTAB_ENTRY_KEY') - conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h', - define='HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK') - conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'magic', headers='krb5.h', - define='HAVE_MAGIC_IN_KRB5_ADDRESS') - conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h', - define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS') - conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h', - define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ') - - conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h') - - conf.CHECK_CODE(''' -krb5_context ctx; -krb5_get_init_creds_opt *opt = NULL; -krb5_get_init_creds_opt_free(ctx, opt); -''', - 'KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', - headers='krb5.h', link=False, - msg="Checking whether krb5_get_init_creds_opt_free takes a context argument") - conf.CHECK_CODE(''' -const krb5_data *pkdata; -krb5_context context; -krb5_principal principal; -pkdata = krb5_princ_component(context, principal, 0); -''', - 'HAVE_KRB5_PRINC_COMPONENT', - headers='krb5.h', lib='krb5', - msg="Checking whether krb5_princ_component is available") - - conf.CHECK_CODE(''' -int main(void) { -char buf[256]; -krb5_enctype_to_string(1, buf, 256); -return 0; -}''', - 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG', - headers='krb5.h', lib='krb5 k5crypto', - addmain=False, cflags='-Werror', - msg="Checking whether krb5_enctype_to_string takes size_t argument") - - conf.CHECK_CODE(''' -int main(void) { -krb5_context context = NULL; -char *str = NULL; -krb5_enctype_to_string(context, 1, &str); -if (str) free (str); -return 0; -}''', - 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', - headers='krb5.h stdlib.h', lib='krb5', - addmain=False, cflags='-Werror', - msg="Checking whether krb5_enctype_to_string takes krb5_context argument") - conf.CHECK_CODE(''' -int main(void) { -krb5_context ctx = NULL; -krb5_principal princ = NULL; -const char *str = krb5_princ_realm(ctx, princ)->data; -return 0; -}''', - 'HAVE_KRB5_PRINC_REALM', - headers='krb5.h', lib='krb5', - addmain=False, - msg="Checking whether the macro krb5_princ_realm is defined") - conf.CHECK_CODE(''' -int main(void) { - krb5_context context; - krb5_principal principal; - const char *realm; realm = krb5_principal_get_realm(context, principal); - return 0; -}''', - 'HAVE_KRB5_PRINCIPAL_GET_REALM', - headers='krb5.h', lib='krb5', - addmain=False, - msg="Checking whether krb5_principal_get_realm is defined") - conf.CHECK_CODE(''' -krb5_enctype enctype; -enctype = ENCTYPE_ARCFOUR_HMAC_MD5; -''', - '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', - headers='krb5.h', lib='krb5', - msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available"); - conf.CHECK_CODE(''' -krb5_keytype keytype; -keytype = KEYTYPE_ARCFOUR_56; -''', - '_HAVE_KEYTYPE_ARCFOUR_56', - headers='krb5.h', lib='krb5', - msg="Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is available"); - if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'): - conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', '1') - - conf.CHECK_CODE(''' -krb5_enctype enctype; -enctype = ENCTYPE_ARCFOUR_HMAC; -''', - 'HAVE_ENCTYPE_ARCFOUR_HMAC', - headers='krb5.h', lib='krb5', - msg="Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is available"); - - conf.CHECK_CODE(''' -krb5_context context; -krb5_keytab keytab; -krb5_init_context(&context); -return krb5_kt_resolve(context, "WRFILE:api", &keytab); -''', - 'HAVE_WRFILE_KEYTAB', - headers='krb5.h', lib='krb5', execute=True, - msg="Checking whether the WRFILE:-keytab is supported"); - - # Check for KRB5_DEPRECATED handling - conf.CHECK_CODE('''#define KRB5_DEPRECATED 1 -#include ''', - 'HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER', addmain=False, - link=False, - msg="Checking for KRB5_DEPRECATED define taking an identifier") - if Options.options.with_ads: use_ads=True if not conf.CONFIG_SET('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and \ diff --git a/wscript b/wscript index 15e1ce51bf..337643621c 100755 --- a/wscript +++ b/wscript @@ -84,7 +84,14 @@ def configure(conf): conf.RECURSE('dynconfig') conf.RECURSE('lib/ldb') - if not os.getenv('USING_SYSTEM_KRB5'): + if Options.options.with_mit_krb5_checks: + conf.PROCESS_SEPARATE_RULE('krb5') + # Only process heimdal_build for non-MIT KRB5 builds + # When MIT KRB5 checks are done as above, conf.env.KRB5_VENDOR will be set + # to the lowcased output of 'krb5-config --vendor'. + # If it is not set or the output is 'heimdal', we are dealing with + # system-provided or embedded Heimdal build + if conf.CONFIG_GET('KRB5_VENDOR') in (None, 'heimdal'): conf.RECURSE('source4/heimdal_build') conf.RECURSE('source4/lib/tls') conf.RECURSE('source4/ntvfs/sysdep') diff --git a/wscript_build b/wscript_build index ad790ca506..717d8b0a1a 100644 --- a/wscript_build +++ b/wscript_build @@ -95,7 +95,6 @@ bld.RECURSE('libcli/smb') bld.RECURSE('libcli/util') bld.RECURSE('libcli/cldap') bld.RECURSE('lib/subunit/c') -bld.RECURSE('source4/kdc') bld.RECURSE('lib/smbconf') bld.RECURSE('lib/async_req') bld.RECURSE('libcli/security') @@ -112,17 +111,16 @@ bld.RECURSE('libcli/registry') bld.RECURSE('source4/lib/policy') bld.RECURSE('libcli/named_pipe_auth') -if bld.CONFIG_SET("USING_SYSTEM_KRB5"): - if bld.CONFIG_SET("HEIMDAL_KRB5_CONFIG") and bld.CONFIG_SET("KRB5_CONFIG"): - if bld.CONFIG_GET("HEIMDAL_KRB5_CONFIG") != bld.CONFIG_GET("KRB5_CONFIG"): - # When both HEIMDAL_KRB5_CONFIG and KRB5_CONFIG are set and not equal, - # it means one is Heimdal-specific (krb5-config.heimdal, for example) - # and there is system heimdal - bld.PROCESS_SEPARATE_RULE('system_heimdal') +if bld.CONFIG_GET('KRB5_VENDOR') in (None, 'heimdal'): + if bld.CONFIG_GET("HEIMDAL_KRB5_CONFIG") and bld.CONFIG_GET("USING_SYSTEM_KRB5"): + # When both HEIMDAL_KRB5_CONFIG and KRB5_CONFIG are set and not equal, + # it means one is Heimdal-specific (krb5-config.heimdal, for example) + # and there is system heimdal + bld.PROCESS_SEPARATE_RULE('system_heimdal') else: - bld.PROCESS_SEPARATE_RULE('system_krb5') + bld.PROCESS_SEPARATE_RULE('embedded_heimdal') else: - bld.PROCESS_SEPARATE_RULE('embedded_heimdal') + bld.PROCESS_SEPARATE_RULE('system_mitkrb5') bld.RECURSE('libcli/smbreadline') bld.RECURSE('codepages') diff --git a/wscript_build_embedded_heimdal b/wscript_build_embedded_heimdal index 9b829d83c0..fec28bedf6 100644 --- a/wscript_build_embedded_heimdal +++ b/wscript_build_embedded_heimdal @@ -1,4 +1,5 @@ import Logs Logs.info("\tSelected embedded Heimdal build") +bld.RECURSE('source4/kdc') bld.RECURSE('source4/heimdal_build') diff --git a/wscript_build_system_heimdal b/wscript_build_system_heimdal index 4ea8cd7351..8ec09b4783 100644 --- a/wscript_build_system_heimdal +++ b/wscript_build_system_heimdal @@ -1,4 +1,5 @@ import Logs Logs.info("\tSelected system Heimdal build") +bld.RECURSE('source4/kdc') bld.RECURSE('source4/heimdal_build') diff --git a/wscript_configure_krb5 b/wscript_configure_krb5 new file mode 100644 index 0000000000..2fb1c586fd --- /dev/null +++ b/wscript_configure_krb5 @@ -0,0 +1,187 @@ +import Logs, Options + +# Check for kerberos +have_gssapi=False + +Logs.info("Looking for kerberos features") +conf.find_program('krb5-config.heimdal', var='HEIMDAL_KRB5_CONFIG') +conf.find_program('krb5-config', var='KRB5_CONFIG') +if conf.env.KRB5_CONFIG: + conf.check_cfg(path="krb5-config", args="--cflags --libs", + package="gssapi", uselib_store="KRB5") + vendor = conf.cmd_and_log("%(path)s --vendor" % dict(path=conf.env.KRB5_CONFIG), dict()) + conf.env.KRB5_VENDOR = vendor.strip().lower() + if conf.env.KRB5_VENDOR != 'heimdal': + conf.define('USING_SYSTEM_KRB5', 1) + del conf.env.HEIMDAL_KRB5_CONFIG + +conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5') +conf.CHECK_HEADERS('gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h com_err.h', lib='krb5') + +if conf.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'): + conf.env['WINBIND_KRB5_LOCATOR'] = 'bin/winbind_krb5_locator.so' + +conf.CHECK_FUNCS_IN('_et_list', 'com_err') +conf.CHECK_FUNCS_IN('krb5_encrypt_data', 'k5crypto') +conf.CHECK_FUNCS_IN('des_set_key','crypto') +conf.CHECK_FUNCS_IN('copy_Authenticator', 'asn1') +conf.CHECK_FUNCS_IN('roken_getaddrinfo_hostspec', 'roken') +if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \ + conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'): + have_gssapi=True +conf.CHECK_FUNCS_IN(''' + gss_wrap_iov + gss_krb5_import_cred + gss_get_name_attribute + gss_mech_krb5 + gss_oid_equal + gss_inquire_sec_context_by_oid + gsskrb5_extract_authz_data_from_sec_context + gss_krb5_export_lucid_sec_context + ''', 'gssapi gssapi_krb5 krb5') +conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5') +conf.CHECK_FUNCS(''' + krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes + krb5_set_default_tgs_ktypes krb5_principal2salt + krb5_c_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey + krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes + krb5_get_default_in_tkt_etypes krb5_free_data_contents + krb5_principal_get_comp_string krb5_free_unparsed_name + krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init + krb5_krbhst_get_addrinfo + krb5_crypto_init krb5_crypto_destroy + krb5_c_verify_checksum krb5_principal_compare_any_realm + krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request + krb5_get_renewed_creds krb5_free_error_contents + initialize_krb5_error_table krb5_get_init_creds_opt_alloc + krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error + krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype + krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds + krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm''', + lib='krb5 k5crypto') +conf.CHECK_DECLS('''krb5_get_credentials_for_user + krb5_auth_con_set_req_cksumtype''', + headers='krb5.h', always=True) +conf.CHECK_VARIABLE('AP_OPTS_USE_SUBKEY', headers='krb5.h') +conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h') +conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h') +conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h') +conf.CHECK_VARIABLE('ENCTYPE_AES128_CTS_HMAC_SHA1_96', headers='krb5.h') +conf.CHECK_VARIABLE('ENCTYPE_AES256_CTS_HMAC_SHA1_96', headers='krb5.h') +conf.CHECK_DECLS('KRB5_PDU_NONE', reverse=True, headers='krb5.h') +conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h', + define='HAVE_KRB5_KEYTAB_ENTRY_KEY') +conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h', + define='HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK') +conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'magic', headers='krb5.h', + define='HAVE_MAGIC_IN_KRB5_ADDRESS') +conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h', + define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS') +conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h', + define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ') + +conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h') + +conf.CHECK_CODE(''' + krb5_context ctx; + krb5_get_init_creds_opt *opt = NULL; + krb5_get_init_creds_opt_free(ctx, opt); + ''', + 'KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', + headers='krb5.h', link=False, + msg="Checking whether krb5_get_init_creds_opt_free takes a context argument") +conf.CHECK_CODE(''' + const krb5_data *pkdata; + krb5_context context; + krb5_principal principal; + pkdata = krb5_princ_component(context, principal, 0); + ''', + 'HAVE_KRB5_PRINC_COMPONENT', + headers='krb5.h', lib='krb5', + msg="Checking whether krb5_princ_component is available") + +conf.CHECK_CODE(''' + int main(void) { + char buf[256]; + krb5_enctype_to_string(1, buf, 256); + return 0; + }''', + 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG', + headers='krb5.h', lib='krb5 k5crypto', + addmain=False, cflags='-Werror', + msg="Checking whether krb5_enctype_to_string takes size_t argument") + +conf.CHECK_CODE(''' + int main(void) { + krb5_context context = NULL; + char *str = NULL; + krb5_enctype_to_string(context, 1, &str); + if (str) free (str); + return 0; + }''', + 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', + headers='krb5.h stdlib.h', lib='krb5', + addmain=False, cflags='-Werror', + msg="Checking whether krb5_enctype_to_string takes krb5_context argument") +conf.CHECK_CODE(''' + int main(void) { + krb5_context ctx = NULL; + krb5_principal princ = NULL; + const char *str = krb5_princ_realm(ctx, princ)->data; + return 0; + }''', + 'HAVE_KRB5_PRINC_REALM', + headers='krb5.h', lib='krb5', + addmain=False, + msg="Checking whether the macro krb5_princ_realm is defined") +conf.CHECK_CODE(''' + int main(void) { + krb5_context context; + krb5_principal principal; + const char *realm; realm = krb5_principal_get_realm(context, principal); + return 0; + }''', + 'HAVE_KRB5_PRINCIPAL_GET_REALM', + headers='krb5.h', lib='krb5', + addmain=False, + msg="Checking whether krb5_principal_get_realm is defined") +conf.CHECK_CODE(''' + krb5_enctype enctype; + enctype = ENCTYPE_ARCFOUR_HMAC_MD5; + ''', + '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', + headers='krb5.h', lib='krb5', + msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available"); +conf.CHECK_CODE(''' + krb5_keytype keytype; + keytype = KEYTYPE_ARCFOUR_56; + ''', + '_HAVE_KEYTYPE_ARCFOUR_56', + headers='krb5.h', lib='krb5', + msg="Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is available"); +if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'): + conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', '1') + +conf.CHECK_CODE(''' + krb5_enctype enctype; + enctype = ENCTYPE_ARCFOUR_HMAC; + ''', + 'HAVE_ENCTYPE_ARCFOUR_HMAC', + headers='krb5.h', lib='krb5', + msg="Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is available"); + +conf.CHECK_CODE(''' + krb5_context context; + krb5_keytab keytab; + krb5_init_context(&context); + return krb5_kt_resolve(context, "WRFILE:api", &keytab); + ''', + 'HAVE_WRFILE_KEYTAB', + headers='krb5.h', lib='krb5', execute=True, + msg="Checking whether the WRFILE:-keytab is supported"); +# Check for KRB5_DEPRECATED handling +conf.CHECK_CODE('''#define KRB5_DEPRECATED 1 + #include ''', + 'HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER', addmain=False, + link=False, + msg="Checking for KRB5_DEPRECATED define taking an identifier") -- cgit