From 2ddf89a2bc3c00b71dec230f071416e594f89113 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 21 May 2012 12:45:12 +0300 Subject: Introduce system MIT krb5 build with --with-system-mitkrb5 option. System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests. --- wscript_configure_krb5 | 208 ------------------------------------------------- 1 file changed, 208 deletions(-) delete mode 100644 wscript_configure_krb5 (limited to 'wscript_configure_krb5') diff --git a/wscript_configure_krb5 b/wscript_configure_krb5 deleted file mode 100644 index ba7ecf3c16..0000000000 --- a/wscript_configure_krb5 +++ /dev/null @@ -1,208 +0,0 @@ -import Logs, Options - -# Check for kerberos -have_gssapi=False - -conf.check_cfg(args="--cflags --libs", package="com_err", uselib_store="com_err") -conf.CHECK_FUNCS_IN('_et_list', 'com_err') -conf.CHECK_HEADERS('com_err.h', lib='com_err') - -Logs.info("Looking for kerberos features") -conf.find_program('krb5-config.heimdal', var='HEIMDAL_KRB5_CONFIG') -conf.find_program('krb5-config', var='KRB5_CONFIG') -if conf.env.KRB5_CONFIG: - conf.check_cfg(path="krb5-config", args="--cflags --libs", - package="gssapi", uselib_store="KRB5") - vendor = conf.cmd_and_log("%(path)s --vendor" % dict(path=conf.env.KRB5_CONFIG), dict()) - conf.env.KRB5_VENDOR = vendor.strip().lower() - if conf.env.KRB5_VENDOR != 'heimdal': - conf.define('USING_SYSTEM_KRB5', 1) - del conf.env.HEIMDAL_KRB5_CONFIG - -conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5') -conf.CHECK_HEADERS('gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h', lib='krb5') - -conf.CHECK_FUNCS_IN('krb5_encrypt_data', 'k5crypto') -conf.CHECK_FUNCS_IN('des_set_key','crypto') -conf.CHECK_FUNCS_IN('copy_Authenticator', 'asn1') -conf.CHECK_FUNCS_IN('roken_getaddrinfo_hostspec', 'roken') -if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \ - conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'): - have_gssapi=True -conf.CHECK_FUNCS_IN(''' - gss_wrap_iov - gss_krb5_import_cred - gss_get_name_attribute - gss_mech_krb5 - gss_oid_equal - gss_inquire_sec_context_by_oid - gsskrb5_extract_authz_data_from_sec_context - gss_krb5_export_lucid_sec_context - gss_import_cred gss_export_cred - ''', 'gssapi gssapi_krb5 krb5') -conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5') -conf.CHECK_FUNCS(''' - krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes - krb5_set_default_tgs_ktypes krb5_principal2salt - krb5_c_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey - krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes - krb5_get_default_in_tkt_etypes krb5_free_data_contents - krb5_principal_get_comp_string krb5_free_unparsed_name - krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init - krb5_krbhst_get_addrinfo - krb5_crypto_init krb5_crypto_destroy - krb5_c_verify_checksum krb5_principal_compare_any_realm - krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request - krb5_get_renewed_creds krb5_free_error_contents - initialize_krb5_error_table krb5_get_init_creds_opt_alloc - krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error - krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype - krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds - krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm - krb5_get_init_creds_keyblock krb5_get_init_creds_keytab - krb5_make_principal krb5_build_principal_alloc_va - krb5_cc_get_lifetime krb5_cc_retrieve_cred - krb5_free_checksum_contents krb5_c_make_checksum''', - lib='krb5 k5crypto') -conf.CHECK_DECLS('''krb5_get_credentials_for_user - krb5_auth_con_set_req_cksumtype''', - headers='krb5.h', always=True) -conf.CHECK_VARIABLE('AP_OPTS_USE_SUBKEY', headers='krb5.h') -conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h') -conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h') -conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h') -conf.CHECK_VARIABLE('ENCTYPE_AES128_CTS_HMAC_SHA1_96', headers='krb5.h') -conf.CHECK_VARIABLE('ENCTYPE_AES256_CTS_HMAC_SHA1_96', headers='krb5.h') -conf.CHECK_DECLS('KRB5_PDU_NONE', reverse=True, headers='krb5.h') -conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h', - define='HAVE_KRB5_KEYTAB_ENTRY_KEY') -conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h', - define='HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK') -conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'magic', headers='krb5.h', - define='HAVE_MAGIC_IN_KRB5_ADDRESS') -conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h', - define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS') -conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h', - define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ') - -conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h') - -conf.CHECK_CODE(''' - krb5_context ctx; - krb5_get_init_creds_opt *opt = NULL; - krb5_get_init_creds_opt_free(ctx, opt); - ''', - 'KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', - headers='krb5.h', link=False, - msg="Checking whether krb5_get_init_creds_opt_free takes a context argument") -conf.CHECK_CODE(''' - const krb5_data *pkdata; - krb5_context context; - krb5_principal principal; - pkdata = krb5_princ_component(context, principal, 0); - ''', - 'HAVE_KRB5_PRINC_COMPONENT', - headers='krb5.h', lib='krb5', - msg="Checking whether krb5_princ_component is available") - -conf.CHECK_CODE(''' - int main(void) { - char buf[256]; - krb5_enctype_to_string(1, buf, 256); - return 0; - }''', - 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG', - headers='krb5.h', lib='krb5 k5crypto', - addmain=False, cflags='-Werror', - msg="Checking whether krb5_enctype_to_string takes size_t argument") - -conf.CHECK_CODE(''' - int main(void) { - krb5_context context = NULL; - char *str = NULL; - krb5_enctype_to_string(context, 1, &str); - if (str) free (str); - return 0; - }''', - 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', - headers='krb5.h stdlib.h', lib='krb5', - addmain=False, cflags='-Werror', - msg="Checking whether krb5_enctype_to_string takes krb5_context argument") -conf.CHECK_CODE(''' - int main(void) { - krb5_context ctx = NULL; - krb5_principal princ = NULL; - const char *str = krb5_princ_realm(ctx, princ)->data; - return 0; - }''', - 'HAVE_KRB5_PRINC_REALM', - headers='krb5.h', lib='krb5', - addmain=False, - msg="Checking whether the macro krb5_princ_realm is defined") -conf.CHECK_CODE(''' - int main(void) { - krb5_context context; - krb5_principal principal; - const char *realm; realm = krb5_principal_get_realm(context, principal); - return 0; - }''', - 'HAVE_KRB5_PRINCIPAL_GET_REALM', - headers='krb5.h', lib='krb5', - addmain=False, - msg="Checking whether krb5_principal_get_realm is defined") -conf.CHECK_CODE(''' - krb5_enctype enctype; - enctype = ENCTYPE_ARCFOUR_HMAC_MD5; - ''', - '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', - headers='krb5.h', lib='krb5', - msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available"); -conf.CHECK_CODE(''' - krb5_enctype enctype; - enctype = ENCTYPE_ARCFOUR_HMAC_MD5_56; - ''', - '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5_56', - headers='krb5.h', lib='krb5', - msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5_56 key type definition is available"); -conf.CHECK_CODE(''' - krb5_keytype keytype; - keytype = KEYTYPE_ARCFOUR_56; - ''', - '_HAVE_KEYTYPE_ARCFOUR_56', - headers='krb5.h', lib='krb5', - msg="Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is available"); -if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'): - conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', '1') -if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5_56') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'): - conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5_56', '1') - -conf.CHECK_CODE(''' - krb5_enctype enctype; - enctype = ENCTYPE_ARCFOUR_HMAC; - ''', - 'HAVE_ENCTYPE_ARCFOUR_HMAC', - headers='krb5.h', lib='krb5', - msg="Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is available"); -conf.CHECK_CODE(''' - krb5_enctype enctype; - enctype = ENCTYPE_ARCFOUR_HMAC_EXP; - ''', - 'HAVE_ENCTYPE_ARCFOUR_HMAC_EXP', - headers='krb5.h', lib='krb5', - msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_EXP key type definition is available"); - -conf.CHECK_CODE(''' - krb5_context context; - krb5_keytab keytab; - krb5_init_context(&context); - return krb5_kt_resolve(context, "WRFILE:api", &keytab); - ''', - 'HAVE_WRFILE_KEYTAB', - headers='krb5.h', lib='krb5', execute=True, - msg="Checking whether the WRFILE:-keytab is supported"); -# Check for KRB5_DEPRECATED handling -conf.CHECK_CODE('''#define KRB5_DEPRECATED 1 - #include ''', - 'HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER', addmain=False, - link=False, - msg="Checking for KRB5_DEPRECATED define taking an identifier") -- cgit