1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
|
#!/usr/bin/env python
# Waf build script for Samba 4's bundled Heimdal.
# Unless explicitly requested by the user (e.g.
# "./configure --bundled-libraries=!asn1_compile") this will always use the
# bundled Heimdal, even if a system heimdal was found. The reason
# for this is that our checks for the system heimdal are not accurate
# enough yet to know if it is usable (some bug fix might be missing,
# compile_et might not generate the expected code, etc).
import Logs, sys
conf.CHECK_TYPE('u_char', 'uint8_t')
conf.CHECK_TYPE('u_int32_t', 'uint32_t')
conf.CHECK_HEADERS('err.h')
conf.CHECK_HEADERS('ifaddrs.h')
conf.CHECK_HEADERS('''crypt.h errno.h inttypes.h netdb.h signal.h sys/bswap.h
sys/file.h sys/stropts.h sys/timeb.h sys/times.h sys/uio.h sys/un.h
sys/utsname.h time.h timezone.h ttyname.h netinet/in.h
netinet/in6.h netinet6/in6.h libintl.h''')
conf.CHECK_HEADERS('curses.h term.h termcap.h', together=True)
conf.CHECK_FUNCS('''atexit cgetent getprogname setprogname gethostname
putenv rcmd readv sendmsg setitimer strlwr strncasecmp
strptime strsep strsep_copy strtok_r strupr swab umask uname unsetenv
closefrom err warn errx warnx flock writev''')
if conf.CHECK_FUNCS('strerror_r'):
# Check if strerror_r is BSD compatible (default GNU implementation is not what Heimdal expects)
conf.CHECK_CODE('int strerror_r(int errnum, char *buf, size_t buflen);',
'STRERROR_R_PROTO_COMPATIBLE',
headers='string.h', addmain=False, link=False,
msg="Checking for XSI (rather than GNU) prototype for strerror_r")
conf.CHECK_FUNCS_IN('hstrerror', 'resolv socket nsl', checklibc=True)
conf.CHECK_FUNCS_IN('''getnameinfo sendmsg socket getipnodebyname gethostent gethostent_r
sethostent endhostent getipnodebyaddr freehostent gethostbyname
gethostbyname_r gethostbyaddr''',
'socket nsl',
checklibc=True)
conf.CHECK_FUNCS_IN('dgettext gettext', 'intl', headers='libintl.h')
conf.CHECK_FUNCS('iruserok')
conf.CHECK_FUNCS('bswap16')
conf.CHECK_FUNCS('bswap32')
conf.CHECK_TYPE('struct winsize', define='HAVE_STRUCT_WINSIZE', headers='sys/termios.h sys/ioctl.h')
conf.CHECK_STRUCTURE_MEMBER('struct winsize', 'ws_xpixel',
define='HAVE_WS_XPIXEL', headers='sys/termios.h sys/ioctl.h')
conf.CHECK_STRUCTURE_MEMBER('struct winsize', 'ws_ypixel',
define='HAVE_WS_YPIXEL', headers='sys/termios.h sys/ioctl.h')
conf.DEFINE('HAVE_KRB_STRUCT_WINSIZE', 1)
conf.DEFINE('VOID_RETSIGTYPE', 1)
conf.CHECK_VARIABLE('h_errno', headers='netdb.h')
# strangely enough, we need it with another define too
conf.CHECK_DECLS('h_errno', headers='netdb.h')
conf.CHECK_FUNCS_IN('res_search res_nsearch res_ndestroy dns_search dn_expand', 'resolv',
checklibc=True, headers='netinet/in.h arpa/nameser.h resolv.h dns.h')
conf.CHECK_VARIABLE('_res', headers='netinet/in.h arpa/nameser.h resolv.h')
conf.CHECK_DECLS('_res', headers='netinet/in.h arpa/nameser.h resolv.h')
conf.CHECK_FUNCS_IN('openpty', 'util', checklibc=True, headers='pty.h util.h libutil.h')
conf.DEFINE('HAVE_KRB5',1)
conf.CHECK_FUNCS('dirfd', headers='dirent.h')
conf.CHECK_DECLS('dirfd', reverse=True, headers='dirent.h')
conf.CHECK_STRUCTURE_MEMBER('DIR', 'dd_fd', define='HAVE_DIR_DD_FD', headers='dirent.h')
conf.DEFINE('SAMBA4_USES_HEIMDAL', 1)
# setup the right defines for a in-tree heimdal build
Logs.info("Using in-tree heimdal kerberos defines")
conf.define('HAVE_GSSAPI_GSSAPI_H', 1)
conf.define('HAVE_GSSAPI_GSSAPI_KRB5_H', 1)
conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
conf.define('HAVE_KRB5_ADDRESSES', 1)
conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
conf.define('HAVE_KRB5_SET_REAL_TIME', 1)
conf.define('HAVE_COM_ERR_H', 1)
conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
conf.define('HAVE_GSS_DISPLAY_STATUS', 1)
conf.define('HAVE_GSS_WRAP_IOV', 1)
conf.define('HAVE_GSS_KRB5_IMPORT_CRED', 1)
conf.define('HAVE_GSS_OID_EQUAL', 1)
conf.define('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID', 1)
conf.define('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT', 1)
conf.define('HAVE_GSSKRB5_GET_SUBKEY', 1)
conf.define('HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT', 1)
conf.define('HAVE_GSS_IMPORT_CRED', 1)
conf.define('HAVE_GSS_EXPORT_CRED', 1)
conf.define('HAVE_GSSAPI', 1)
conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1)
conf.define('HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE', 0)
conf.define('HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER', 0)
conf.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1)
conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
conf.define('HAVE_KRB5_ADDRESSES', 1)
conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1)
conf.define('HAVE_KRB5_CREATE_CHECKSUM', 1)
conf.define('HAVE_KRB5_CRYPTO', 1)
conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
conf.define('HAVE_KRB5_CRYPTO_INIT', 1)
conf.define('HAVE_KRB5_C_VERIFY_CHECKSUM', 1)
conf.define('HAVE_KRB5_ENCTYPE_TO_STRING', 1)
conf.define('HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', 1)
conf.define('HAVE_KRB5_FREE_ERROR_CONTENTS', 1)
conf.define('HAVE_KRB5_FREE_HOST_REALM', 1)
conf.define('HAVE_KRB5_FWD_TGT_CREDS', 1)
conf.define('HAVE_KRB5_GET_CREDS', 1)
conf.define('HAVE_KRB5_GET_CREDS_OPT_ALLOC', 1)
conf.define('HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE', 1)
conf.define('HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES', 1)
conf.define('HAVE_KRB5_GET_HOST_REALM', 1)
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1)
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1)
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1)
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1)
conf.define('HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK', 1)
conf.define('HAVE_KRB5_GET_PW_SALT', 1)
conf.define('HAVE_KRB5_GET_RENEWED_CREDS', 1)
conf.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1)
conf.define('HAVE_KRB5_KEYBLOCK_INIT', 1)
conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
conf.define('HAVE_KRB5_KRBHST_GET_ADDRINFO', 1)
conf.define('HAVE_KRB5_KRBHST_INIT', 1)
conf.define('HAVE_KRB5_KT_COMPARE', 1)
conf.define('HAVE_KRB5_KT_FREE_ENTRY', 1)
conf.define('HAVE_KRB5_KU_OTHER_CKSUM', 1)
conf.define('HAVE_KRB5_LOCATE_PLUGIN_H', 1)
conf.define('HAVE_KRB5_MK_REQ_EXTENDED', 1)
conf.define('HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM', 1)
conf.define('HAVE_KRB5_PRINCIPAL_GET_COMP_STRING', 1)
conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
conf.define('HAVE_KRB5_MAKE_PRINCIPAL', 1)
conf.define('HAVE_KRB5_REALM_TYPE', 1)
conf.define('HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES', 1)
conf.define('HAVE_KRB5_SET_REAL_TIME', 1)
conf.define('HAVE_KRB5_STRING_TO_KEY', 1)
conf.define('HAVE_KRB5_STRING_TO_KEY_SALT', 1)
conf.define('HAVE_FREE_CHECKSUM', 1)
conf.define('HAVE_LIBKRB5', 1)
conf.define('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', 1)
conf.define('HAVE_ETYPE_IN_ENCRYPTEDDATA', 1)
conf.define('KRB5_PRINC_REALM_RETURNS_REALM', 1)
conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
conf.define('HAVE_KRB5_H', 1)
conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', 1)
conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5_56', 1)
conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC', 1)
conf.define('HAVE_KRB5_PDU_NONE_DECL', 1)
conf.define('HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96', 1)
conf.define('HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96', 1)
conf.define('HAVE_KRB5_PRINCIPAL_GET_NUM_COMP', 1)
conf.define('HAVE_GSSAPI_GSSAPI_SPNEGO_H', 1)
conf.define('HAVE_FLAGS_IN_KRB5_CREDS', 1)
heimdal_includedirs = []
heimdal_libdirs = []
krb5_config = conf.find_program("krb5-config.heimdal", var="HEIMDAL_KRB5_CONFIG")
if not krb5_config:
krb5_config = conf.find_program("krb5-config", var="HEIMDAL_KRB5_CONFIG")
if krb5_config:
# Not ideal, but seems like the best way to get at these paths:
f = open(krb5_config, 'r')
try:
for l in f:
if l.startswith("libdir="):
heimdal_libdirs.append(l.strip()[len("libdir="):])
elif l.startswith("includedir="):
heimdal_includedirs.append(l.strip()[len("includedir="):])
finally:
f.close()
if conf.CHECK_BUNDLED_SYSTEM('com_err', checkfunctions='com_right_r com_err', headers='com_err.h'):
conf.define('USING_SYSTEM_COM_ERR', 1)
def check_system_heimdal_lib(name, functions='', headers='', onlyif=None):
# Only use system library if the user requested the bundled one not be
# used.
if conf.LIB_MAY_BE_BUNDLED(name):
return False
setattr(conf.env, "CPPPATH_%s" % name.upper(), heimdal_includedirs)
setattr(conf.env, "LIBPATH_%s" % name.upper(), heimdal_libdirs)
conf.CHECK_BUNDLED_SYSTEM(name, checkfunctions=functions, headers=headers,
onlyif=onlyif)
conf.define('USING_SYSTEM_%s' % name.upper(), 1)
return True
def check_system_heimdal_binary(name):
if conf.LIB_MAY_BE_BUNDLED(name):
return False
if not conf.find_program(name, var=name.upper()):
return False
conf.define('USING_SYSTEM_%s' % name.upper(), 1)
return True
if check_system_heimdal_lib("roken", "rk_socket_set_reuseaddr", "roken.h"):
conf.env.CPPPATH_ROKEN_HOSTCC = conf.env.CPPPATH_ROKEN
conf.env.LIBPATH_ROKEN_HOSTCC = conf.env.LIBPATH_ROKEN
conf.env.LIB_ROKEN_HOSTCC = "roken"
conf.SET_TARGET_TYPE("ROKEN_HOSTCC", 'SYSLIB')
# Make sure HAVE_CONFIG_H is unset, as the system Heimdal headers use it
# and include config.h if it is set, resulting in failure (since config.h
# doesn't yet exist)
CCDEFINES = list(conf.env.CCDEFINES)
conf.undefine("HAVE_CONFIG_H")
while "HAVE_CONFIG_H=1" in conf.env.CCDEFINES:
conf.env.CCDEFINES.remove("HAVE_CONFIG_H=1")
try:
check_system_heimdal_lib("wind", "wind_stringprep", "wind.h", onlyif="roken")
check_system_heimdal_lib("hx509", "hx509_bitstring_print", "hx509.h", onlyif="roken wind")
check_system_heimdal_lib("asn1", "initialize_asn1_error_table", "asn1_err.h", onlyif="roken com_err")
check_system_heimdal_lib("heimbase", "heim_cmp", "heimbase.h", onlyif="roken")
check_system_heimdal_lib("hcrypto", "MD4_Init", "hcrypto/md4.h",
onlyif="asn1 roken com_err")
if check_system_heimdal_lib("krb5", "krb5_anyaddr", "krb5.h",
onlyif="roken wind asn1 hx509 hcrypto com_err heimbase"):
conf.CHECK_FUNCS_IN('krb5_free_unparsed_name', 'krb5', headers="krb5.h")
check_system_heimdal_lib("gssapi", "gss_oid_to_name", "gssapi.h",
onlyif="hcrypto asn1 roken krb5 com_err wind")
check_system_heimdal_lib("heimntlm", "heim_ntlm_ntlmv2_key", "heimntlm.h",
onlyif="roken hcrypto krb5")
if check_system_heimdal_lib("hdb", "hdb_db_dir", "krb5.h hdb.h",
onlyif="roken krb5 hcrypto com_err wind"):
conf.CHECK_CODE('''
#include <hdb.h>
int main(void) { hdb_enctype2key(NULL, NULL, NULL, 0, NULL); }
''',
define='HDB_ENCTYPE2KEY_TAKES_KEYSET',
addmain=False,
lib='hdb',
msg='Checking whether hdb_enctype2key takes a keyset argument',
local_include=False)
check_system_heimdal_lib("kdc", "kdc_log", "kdc.h",
onlyif="roken krb5 hdb asn1 heimntlm hcrypto com_err wind heimbase")
finally:
conf.env.CCDEFINES = CCDEFINES
# With the proper checks in place we should be able to build against the system libtommath.
#if conf.CHECK_BUNDLED_SYSTEM('tommath', checkfunctions='mp_init', headers='tommath.h'):
# conf.define('USING_SYSTEM_TOMMATH', 1)
check_system_heimdal_binary("compile_et")
check_system_heimdal_binary("asn1_compile")
|