From 7fb82a5a247b95bcd981574d6c0db013c954e026 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 6 Jan 2012 18:32:41 +1100 Subject: krb5: Require gss_get_name_attribute or Heimdal's PAC parsing to build with krb5 Autobuild-User: Andrew Bartlett Autobuild-Date: Tue Jan 10 23:23:07 CET 2012 on sn-devel-104 --- source3/configure.in | 10 ++++++++++ source3/wscript | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/source3/configure.in b/source3/configure.in index 18c6250361..c0ddc27d0e 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3901,6 +3901,7 @@ if test x"$with_ads_support" != x"no"; then AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_mech_krb5, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_oid_equal, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_inquire_sec_context_by_oid, $KRB5_LIBS) @@ -4516,6 +4517,15 @@ if test x"$with_ads_support" != x"no"; then fi + if test x"$ac_cv_func_ext_gss_get_name_attribute" != x"yes" ; then + if test x"$ac_cv_func_ext_gsskrb5_extract_authz_data_from_sec_context" != x"yes" -o \ + if test x"$ac_cv_func_ext_gss_inquire_sec_context_by_oid" != x"yes" + then + AC_MSG_WARN(need either gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support) + use_ads=no + fi + fi + if test x"$use_ads" = x"yes"; then AC_DEFINE(WITH_ADS,1,[Whether to include Active Directory support]) AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support]) diff --git a/source3/wscript b/source3/wscript index 35f2b79024..3eafc2d78e 100644 --- a/source3/wscript +++ b/source3/wscript @@ -798,6 +798,17 @@ return krb5_kt_resolve(context, "WRFILE:api", &keytab); if not conf.CONFIG_SET('HAVE_KRB5_DECODE_AP_REQ'): Logs.warn("no KRB5_AP_REQ_DECODING_FUNCTION detected") use_ads=False + + # We don't actually use + # gsskrb5_extract_authz_data_from_sec_context, but it is a + # clue that this Heimdal, which does the PAC processing we + # need on the standard gss_inquire_sec_context_by_oid + if not conf.CONFIG_SET('HAVE_GSS_GET_NAME_ATTRIBUTE') and \ + not (conf.CONFIG_SET('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT') and \ + conf.CONFIG_SET('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID')): + Logs.warn("need eiterh gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support") + use_ads=False + if use_ads: conf.DEFINE('WITH_ADS', '1') conf.DEFINE('HAVE_KRB5', '1') -- cgit