From 594e3161810ba5a57ce5a3c88a8cd89b11d04650 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 24 Apr 2012 19:37:13 +0300 Subject: [PATCH] lib/replace: split out GSSAPI from lib/replace/system/kerberos.h into lib/replace/system/gssapi.h With waf build include directories are defined by dependencies specified to subsystems. Without proper dependency cannot be found for embedded Heimdal builds when there are no system-wide gssapi/gssapi.h available. Split out GSSAPI header includes in a separate replacement header and use that explicitly where needed. Autobuild-User: Alexander Bokovoy Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104 --- auth/credentials/credentials_krb5.c | 1 + auth/kerberos/gssapi_pac.c | 1 - auth/kerberos/pac_utils.h | 2 ++ buildtools/wafsamba/samba3.py | 4 +++- lib/addns/dns.h | 1 + lib/krb5_wrap/krb5_samba.c | 1 + lib/replace/system/{kerberos.h => gssapi.h} | 28 +++++++++++++--------------- lib/replace/system/kerberos.h | 18 ++---------------- libcli/smb/wscript_build | 2 +- source3/configure.in | 2 ++ source3/libads/ads_status.c | 1 + source3/libads/sasl.c | 1 + source3/wscript_build | 4 ++-- source4/auth/gensec/gensec_gssapi.c | 4 +--- source4/auth/kerberos/krb5_init_context.c | 1 + source4/auth/kerberos/wscript_build | 2 +- source4/heimdal_build/wscript_configure | 1 + source4/ntvfs/ipc/vfs_ipc.c | 2 +- 18 files changed, 35 insertions(+), 41 deletions(-) copy lib/replace/system/{kerberos.h => gssapi.h} (84%) diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index 480d7c5951c..86b33d49983 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -23,6 +23,7 @@ #include "includes.h" #include "system/kerberos.h" +#include "system/gssapi.h" #include "auth/kerberos/kerberos.h" #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_proto.h" diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c index d1a79501cce..dadae1afa26 100644 --- a/auth/kerberos/gssapi_pac.c +++ b/auth/kerberos/gssapi_pac.c @@ -21,7 +21,6 @@ #include "includes.h" #ifdef HAVE_KRB5 -#include "lib/krb5_wrap/krb5_samba.h" #include "auth/kerberos/pac_utils.h" #if 0 diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h index bb954597f51..7726f527754 100644 --- a/auth/kerberos/pac_utils.h +++ b/auth/kerberos/pac_utils.h @@ -22,6 +22,8 @@ #define _PAC_UTILS_H #include "lib/krb5_wrap/krb5_samba.h" +#include "system/gssapi.h" + struct PAC_SIGNATURE_DATA; struct PAC_DATA; diff --git a/buildtools/wafsamba/samba3.py b/buildtools/wafsamba/samba3.py index 369285c395a..7f05ffe40d3 100644 --- a/buildtools/wafsamba/samba3.py +++ b/buildtools/wafsamba/samba3.py @@ -56,8 +56,10 @@ def s3_fix_kwargs(bld, kwargs): # local heimdal paths only included when USING_SYSTEM_KRB5 is not set if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): extra_includes += [ '../source4/heimdal/lib/com_err', + '../source4/heimdal/lib/krb5', '../source4/heimdal/lib/gssapi', - '../source4/heimdal_build' ] + '../source4/heimdal_build', + '../bin/default/source4/heimdal/lib/asn1' ] if bld.CONFIG_SET('BUILD_TDB2'): if bld.CONFIG_SET('USING_SYSTEM_TDB2'): diff --git a/lib/addns/dns.h b/lib/addns/dns.h index d0999918c14..88ba9d1fc0b 100644 --- a/lib/addns/dns.h +++ b/lib/addns/dns.h @@ -28,6 +28,7 @@ #include "../replace/replace.h" #include "system/network.h" #include "system/kerberos.h" +#include "system/gssapi.h" /* make sure we have included the correct config.h */ #ifndef NO_CONFIG_H /* for some tests */ diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 4e555b28533..10207b58bc4 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -39,6 +39,7 @@ #define GSSAPI_BNDLENGTH 16 /* Bind Length (rfc-1964 pg.3) */ #define GSSAPI_CHECKSUM_SIZE (4+GSSAPI_BNDLENGTH+4) /* Length of bind length, bind field, flags field. */ +#define GSS_C_DELEG_FLAG 1 /* MIT krb5 1.7beta3 (in Ubuntu Karmic) is missing the prototype, but still has the symbol */ diff --git a/lib/replace/system/kerberos.h b/lib/replace/system/gssapi.h similarity index 84% copy from lib/replace/system/kerberos.h copy to lib/replace/system/gssapi.h index 7762d4be469..c22663c1d04 100644 --- a/lib/replace/system/kerberos.h +++ b/lib/replace/system/gssapi.h @@ -1,17 +1,17 @@ -#ifndef _system_kerberos_h -#define _system_kerberos_h +#ifndef _system_gssapi_h +#define _system_gssapi_h -/* +/* Unix SMB/CIFS implementation. - kerberos system include wrappers + GSSAPI system include wrappers Copyright (C) Andrew Tridgell 2004 - + ** NOTE! The following LGPL license applies to the replace ** library. This does NOT imply that all of Samba is released ** under the LGPL - + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either @@ -27,15 +27,7 @@ */ -#ifdef HAVE_KRB5 - -#if HAVE_KRB5_H -#include -#endif - -#if HAVE_COM_ERR_H -#include -#endif +#ifdef HAVE_LIBGSSAPI #ifdef HAVE_GSSAPI_GSSAPI_EXT_H #include @@ -51,5 +43,11 @@ #include #endif +#if HAVE_GSSAPI_GSSAPI_SPNEGO_H +#include +#elif HAVE_GSSAPI_SPNEGO_H +#include +#endif + #endif #endif diff --git a/lib/replace/system/kerberos.h b/lib/replace/system/kerberos.h index 7762d4be469..636ce0f2e0b 100644 --- a/lib/replace/system/kerberos.h +++ b/lib/replace/system/kerberos.h @@ -7,11 +7,11 @@ kerberos system include wrappers Copyright (C) Andrew Tridgell 2004 - + ** NOTE! The following LGPL license applies to the replace ** library. This does NOT imply that all of Samba is released ** under the LGPL - + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either @@ -37,19 +37,5 @@ #include #endif -#ifdef HAVE_GSSAPI_GSSAPI_EXT_H -#include -#elif HAVE_GSSAPI_GSSAPI_H -#include -#elif HAVE_GSSAPI_GSSAPI_GENERIC_H -#include -#elif HAVE_GSSAPI_H -#include -#endif - -#if HAVE_GSSAPI_GSSAPI_KRB5_H -#include -#endif - #endif #endif diff --git a/libcli/smb/wscript_build b/libcli/smb/wscript_build index 6feed445df5..4e860290e5a 100755 --- a/libcli/smb/wscript_build +++ b/libcli/smb/wscript_build @@ -10,7 +10,7 @@ bld.SAMBA_LIBRARY('cli_smb_common', smbXcli_base.c smb1cli_trans.c ''', - deps='LIBCRYPTO errors gssapi gensec krb5samba LIBASYNC_REQ', + deps='LIBCRYPTO errors gensec krb5samba LIBASYNC_REQ', public_deps='talloc samba-util', private_library=True, public_headers=''' diff --git a/source3/configure.in b/source3/configure.in index 70bdfc7b630..0253e076dce 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3568,6 +3568,8 @@ if test x"$with_ads_support" != x"no"; then if test x"$have_gssapi" != xyes ; then AC_MSG_WARN([Samba cannot be supported without GSSAPI]) use_ads=no + else + AC_DEFINE(HAVE_LIBGSSAPI, , [Whether the platform has GSSAPI support]) fi AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS) diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c index 919e5d34dcd..fc489a9f005 100644 --- a/source3/libads/ads_status.c +++ b/source3/libads/ads_status.c @@ -22,6 +22,7 @@ #include "includes.h" #include "smb_krb5.h" +#include "system/gssapi.h" #include "smb_ldap.h" #include "libads/ads_status.h" diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 02fd7545e5e..42d65b63d47 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -23,6 +23,7 @@ #include "auth_generic.h" #include "ads.h" #include "smb_krb5.h" +#include "system/gssapi.h" #ifdef HAVE_LDAP diff --git a/source3/wscript_build b/source3/wscript_build index ddd33467cc1..b9bb6ad5243 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -782,7 +782,7 @@ bld.SAMBA3_LIBRARY('util_cmdline', bld.SAMBA3_SUBSYSTEM('KRBCLIENT', source=KRBCLIENT_SRC, - public_deps='krb5samba k5crypto LIBTSOCKET CLDAP LIBNMB', + public_deps='krb5samba k5crypto gssapi LIBTSOCKET CLDAP LIBNMB', vars=locals()) bld.SAMBA3_SUBSYSTEM('samba3util', @@ -875,7 +875,7 @@ bld.SAMBA3_LIBRARY('ads', bld.SAMBA3_SUBSYSTEM('LIBADS_SERVER', source=LIBADS_SERVER_SRC, - deps='SERVER_MUTEX ndr-krb5pac krb5samba', + deps='SERVER_MUTEX ndr-krb5pac krb5samba gssapi', vars=locals()) bld.SAMBA3_SUBSYSTEM('LIBADS_PRINTER', diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index efd84437608..31964731d5a 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -24,6 +24,7 @@ #include "includes.h" #include "lib/events/events.h" #include "system/kerberos.h" +#include "system/gssapi.h" #include "auth/kerberos/kerberos.h" #include "librpc/gen_ndr/krb5pac.h" #include "auth/auth.h" @@ -37,9 +38,6 @@ #include "auth/gensec/gensec_toplevel_proto.h" #include "param/param.h" #include "auth/session_proto.h" -#include -#include -#include #include "gensec_gssapi.h" #include "lib/util/util_net.h" #include "auth/kerberos/pac_utils.h" diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 4125f395486..e90f8a6e198 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -22,6 +22,7 @@ #include "includes.h" #include "system/kerberos.h" +#include "system/gssapi.h" #include #include "auth/kerberos/kerberos.h" #include "lib/socket/socket.h" diff --git a/source4/auth/kerberos/wscript_build b/source4/auth/kerberos/wscript_build index 2ba6d564107..1a9b544465c 100755 --- a/source4/auth/kerberos/wscript_build +++ b/source4/auth/kerberos/wscript_build @@ -2,7 +2,7 @@ bld.SAMBA_SUBSYSTEM('KRB_INIT_CTX', source='krb5_init_context.c', - deps='krb5samba' + deps='gssapi krb5samba' ) bld.SAMBA_LIBRARY('authkrb5', diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure index e64128f44ab..1c03b341069 100644 --- a/source4/heimdal_build/wscript_configure +++ b/source4/heimdal_build/wscript_configure @@ -147,6 +147,7 @@ conf.define('HAVE_KRB5_PDU_NONE_DECL', 1) conf.define('HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96', 1) conf.define('HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96', 1) conf.define('HAVE_KRB5_KRB5_PRINCIPAL_GET_NUM_COMP', 1) +conf.define('HAVE_GSSAPI_GSSAPI_SPNEGO_H', 1) heimdal_includedirs = [] heimdal_libdirs = [] diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c index 8097a67ab9e..a1651b0f02d 100644 --- a/source4/ntvfs/ipc/vfs_ipc.c +++ b/source4/ntvfs/ipc/vfs_ipc.c @@ -38,7 +38,7 @@ #include "lib/socket/socket.h" #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" -#include +#include "system/gssapi.h" #include "system/locale.h" /* this is the private structure used to keep the state of an open -- 2.11.4.GIT