2 # Waf build script for Samba 4's bundled Heimdal.
4 # Unless explicitly requested by the user (e.g.
5 # "./configure --bundled-libraries=!asn1_compile") this will always use the
6 # bundled Heimdal, even if a system heimdal was found. The reason
7 # for this is that our checks for the system heimdal are not accurate
8 # enough yet to know if it is usable (some bug fix might be missing,
9 # compile_et might not generate the expected code, etc).
13 conf
.CHECK_TYPE('u_char', 'uint8_t')
14 conf
.CHECK_TYPE('u_int32_t', 'uint32_t')
16 conf
.CHECK_HEADERS('err.h')
18 conf
.CHECK_HEADERS('ifaddrs.h')
19 conf
.CHECK_HEADERS('''crypt.h errno.h inttypes.h netdb.h signal.h sys/bswap.h
20 sys/file.h sys/stropts.h sys/timeb.h sys/times.h sys/uio.h sys/un.h
21 sys/utsname.h time.h timezone.h ttyname.h netinet/in.h
22 netinet/in6.h netinet6/in6.h''')
24 conf
.CHECK_HEADERS('curses.h term.h termcap.h', together
=True)
26 conf
.CHECK_FUNCS('''atexit cgetent getprogname setprogname gethostname
27 putenv rcmd readv sendmsg setitimer strlwr strncasecmp
28 strptime strsep strsep_copy strtok_r strupr swab umask uname unsetenv
29 closefrom err warn errx warnx flock writev''')
31 if conf
.CHECK_FUNCS('strerror_r'):
32 # Check if strerror_r is BSD compatible (default GNU implementation is not what Heimdal expects)
33 conf
.CHECK_CODE('int strerror_r(int errnum, char *buf, size_t buflen);',
34 'STRERROR_R_PROTO_COMPATIBLE',
35 headers
='string.h', addmain
=False, link
=False,
36 msg
="Checking for XSI (rather than GNU) prototype for strerror_r")
38 conf
.CHECK_FUNCS_IN('hstrerror', 'resolv socket nsl', checklibc
=True)
39 conf
.CHECK_FUNCS_IN('''getnameinfo sendmsg socket getipnodebyname gethostent gethostent_r
40 sethostent endhostent getipnodebyaddr freehostent gethostbyname
41 gethostbyname_r gethostbyaddr''',
45 conf
.CHECK_FUNCS('iruserok')
47 conf
.CHECK_FUNCS('bswap16')
48 conf
.CHECK_FUNCS('bswap32')
50 conf
.CHECK_TYPE('struct winsize', define
='HAVE_STRUCT_WINSIZE', headers
='sys/termios.h sys/ioctl.h')
51 conf
.CHECK_STRUCTURE_MEMBER('struct winsize', 'ws_xpixel',
52 define
='HAVE_WS_XPIXEL', headers
='sys/termios.h sys/ioctl.h')
53 conf
.CHECK_STRUCTURE_MEMBER('struct winsize', 'ws_ypixel',
54 define
='HAVE_WS_YPIXEL', headers
='sys/termios.h sys/ioctl.h')
55 conf
.DEFINE('HAVE_KRB_STRUCT_WINSIZE', 1)
56 conf
.DEFINE('VOID_RETSIGTYPE', 1)
58 conf
.CHECK_VARIABLE('h_errno', headers
='netdb.h')
60 # strangely enough, we need it with another define too
61 conf
.CHECK_DECLS('h_errno', headers
='netdb.h')
63 conf
.CHECK_FUNCS_IN('res_search res_nsearch res_ndestroy dns_search dn_expand', 'resolv',
64 checklibc
=True, headers
='netinet/in.h arpa/nameser.h resolv.h dns.h')
65 conf
.CHECK_VARIABLE('_res', headers
='netinet/in.h arpa/nameser.h resolv.h')
66 conf
.CHECK_DECLS('_res', headers
='netinet/in.h arpa/nameser.h resolv.h')
67 conf
.CHECK_FUNCS_IN('openpty', 'util', checklibc
=True, headers
='pty.h util.h libutil.h')
69 conf
.DEFINE('HAVE_KRB5',1)
71 conf
.CHECK_FUNCS('dirfd', headers
='dirent.h')
72 conf
.CHECK_DECLS('dirfd', reverse
=True, headers
='dirent.h')
73 conf
.CHECK_STRUCTURE_MEMBER('DIR', 'dd_fd', define
='HAVE_DIR_DD_FD', headers
='dirent.h')
75 conf
.DEFINE('SAMBA4_USES_HEIMDAL', 1)
77 # setup the right defines for a in-tree heimdal build
78 Logs
.info("Using in-tree heimdal kerberos defines")
79 conf
.define('HAVE_GSSAPI_GSSAPI_H', 1)
80 conf
.define('HAVE_GSSAPI_GSSAPI_KRB5_H', 1)
81 conf
.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
82 conf
.define('HAVE_KRB5_ADDRESSES', 1)
83 conf
.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
84 conf
.define('HAVE_KRB5_SET_REAL_TIME', 1)
85 conf
.define('HAVE_COM_ERR_H', 1)
86 conf
.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
87 conf
.define('HAVE_GSS_DISPLAY_STATUS', 1)
88 conf
.define('HAVE_GSS_WRAP_IOV', 1)
89 conf
.define('HAVE_GSS_KRB5_IMPORT_CRED', 1)
90 conf
.define('HAVE_GSS_OID_EQUAL', 1)
91 conf
.define('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID', 1)
92 conf
.define('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT', 1)
93 conf
.define('HAVE_GSSKRB5_GET_SUBKEY', 1)
94 conf
.define('HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT', 1)
95 conf
.define('HAVE_GSS_IMPORT_CRED', 1)
96 conf
.define('HAVE_GSS_EXPORT_CRED', 1)
97 conf
.define('HAVE_GSSAPI', 1)
98 conf
.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
99 conf
.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1)
100 conf
.define('HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE', 0)
101 conf
.define('HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER', 0)
102 conf
.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1)
103 conf
.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
104 conf
.define('HAVE_KRB5_ADDRESSES', 1)
105 conf
.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
106 conf
.define('HAVE_KRB5_CC_GET_LIFETIME', 1)
107 conf
.define('HAVE_KRB5_CREATE_CHECKSUM', 1)
108 conf
.define('HAVE_KRB5_CRYPTO', 1)
109 conf
.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
110 conf
.define('HAVE_KRB5_CRYPTO_INIT', 1)
111 conf
.define('HAVE_KRB5_C_VERIFY_CHECKSUM', 1)
112 conf
.define('HAVE_KRB5_ENCTYPE_TO_STRING', 1)
113 conf
.define('HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', 1)
114 conf
.define('HAVE_KRB5_FREE_ERROR_CONTENTS', 1)
115 conf
.define('HAVE_KRB5_FREE_HOST_REALM', 1)
116 conf
.define('HAVE_KRB5_FWD_TGT_CREDS', 1)
117 conf
.define('HAVE_KRB5_GET_CREDS', 1)
118 conf
.define('HAVE_KRB5_GET_CREDS_OPT_ALLOC', 1)
119 conf
.define('HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE', 1)
120 conf
.define('HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES', 1)
121 conf
.define('HAVE_KRB5_GET_HOST_REALM', 1)
122 conf
.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1)
123 conf
.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1)
124 conf
.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1)
125 conf
.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1)
126 conf
.define('HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK', 1)
127 conf
.define('HAVE_KRB5_GET_PW_SALT', 1)
128 conf
.define('HAVE_KRB5_GET_RENEWED_CREDS', 1)
129 conf
.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1)
130 conf
.define('HAVE_KRB5_KEYBLOCK_INIT', 1)
131 conf
.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
132 conf
.define('HAVE_KRB5_KRBHST_GET_ADDRINFO', 1)
133 conf
.define('HAVE_KRB5_KRBHST_INIT', 1)
134 conf
.define('HAVE_KRB5_KT_COMPARE', 1)
135 conf
.define('HAVE_KRB5_KT_FREE_ENTRY', 1)
136 conf
.define('HAVE_KRB5_KU_OTHER_CKSUM', 1)
137 conf
.define('HAVE_KRB5_LOCATE_PLUGIN_H', 1)
138 conf
.define('HAVE_KRB5_MK_REQ_EXTENDED', 1)
139 conf
.define('HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM', 1)
140 conf
.define('HAVE_KRB5_PRINCIPAL_GET_COMP_STRING', 1)
141 conf
.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
142 conf
.define('HAVE_KRB5_MAKE_PRINCIPAL', 1)
143 conf
.define('HAVE_KRB5_REALM_TYPE', 1)
144 conf
.define('HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES', 1)
145 conf
.define('HAVE_KRB5_SET_REAL_TIME', 1)
146 conf
.define('HAVE_KRB5_STRING_TO_KEY', 1)
147 conf
.define('HAVE_KRB5_STRING_TO_KEY_SALT', 1)
148 conf
.define('HAVE_FREE_CHECKSUM', 1)
149 conf
.define('HAVE_LIBKRB5', 1)
150 conf
.define('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', 1)
151 conf
.define('HAVE_ETYPE_IN_ENCRYPTEDDATA', 1)
152 conf
.define('KRB5_PRINC_REALM_RETURNS_REALM', 1)
153 conf
.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
154 conf
.define('HAVE_KRB5_H', 1)
155 conf
.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
156 conf
.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', 1)
157 conf
.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5_56', 1)
158 conf
.define('HAVE_ENCTYPE_ARCFOUR_HMAC', 1)
159 conf
.define('HAVE_KRB5_PDU_NONE_DECL', 1)
160 conf
.define('HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96', 1)
161 conf
.define('HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96', 1)
162 conf
.define('HAVE_KRB5_PRINCIPAL_GET_NUM_COMP', 1)
163 conf
.define('HAVE_GSSAPI_GSSAPI_SPNEGO_H', 1)
164 conf
.define('HAVE_FLAGS_IN_KRB5_CREDS', 1)
166 heimdal_includedirs
= []
168 krb5_config
= conf
.find_program("krb5-config.heimdal", var
="HEIMDAL_KRB5_CONFIG")
170 krb5_config
= conf
.find_program("krb5-config", var
="HEIMDAL_KRB5_CONFIG")
172 # Not ideal, but seems like the best way to get at these paths:
173 f
= open(krb5_config
, 'r')
176 if l
.startswith("libdir="):
177 heimdal_libdirs
.append(l
.strip()[len("libdir="):])
178 elif l
.startswith("includedir="):
179 heimdal_includedirs
.append(l
.strip()[len("includedir="):])
183 if conf
.CHECK_BUNDLED_SYSTEM('com_err', checkfunctions
='com_right_r com_err', headers
='com_err.h'):
184 conf
.define('USING_SYSTEM_COM_ERR', 1)
186 def check_system_heimdal_lib(name
, functions
='', headers
='', onlyif
=None):
187 # Only use system library if the user requested the bundled one not be
189 if conf
.LIB_MAY_BE_BUNDLED(name
):
191 setattr(conf
.env
, "CPPPATH_%s" % name
.upper(), heimdal_includedirs
)
192 setattr(conf
.env
, "LIBPATH_%s" % name
.upper(), heimdal_libdirs
)
193 conf
.CHECK_BUNDLED_SYSTEM(name
, checkfunctions
=functions
, headers
=headers
,
195 conf
.define('USING_SYSTEM_%s' % name
.upper(), 1)
198 def check_system_heimdal_binary(name
):
199 if conf
.LIB_MAY_BE_BUNDLED(name
):
201 if not conf
.find_program(name
, var
=name
.upper()):
203 conf
.define('USING_SYSTEM_%s' % name
.upper(), 1)
206 if check_system_heimdal_lib("roken", "rk_socket_set_reuseaddr", "roken.h"):
207 conf
.env
.CPPPATH_ROKEN_HOSTCC
= conf
.env
.CPPPATH_ROKEN
208 conf
.env
.LIBPATH_ROKEN_HOSTCC
= conf
.env
.LIBPATH_ROKEN
209 conf
.env
.LIB_ROKEN_HOSTCC
= "roken"
210 conf
.SET_TARGET_TYPE("ROKEN_HOSTCC", 'SYSLIB')
212 # Make sure HAVE_CONFIG_H is unset, as the system Heimdal headers use it
213 # and include config.h if it is set, resulting in failure (since config.h
216 CCDEFINES
= list(conf
.env
.CCDEFINES
)
217 conf
.undefine("HAVE_CONFIG_H")
218 while "HAVE_CONFIG_H=1" in conf
.env
.CCDEFINES
:
219 conf
.env
.CCDEFINES
.remove("HAVE_CONFIG_H=1")
221 check_system_heimdal_lib("wind", "wind_stringprep", "wind.h", onlyif
="roken")
222 check_system_heimdal_lib("hx509", "hx509_bitstring_print", "hx509.h", onlyif
="roken wind")
223 check_system_heimdal_lib("asn1", "initialize_asn1_error_table", "asn1_err.h", onlyif
="roken com_err")
224 check_system_heimdal_lib("heimbase", "heim_cmp", "heimbase.h", onlyif
="roken")
225 check_system_heimdal_lib("hcrypto", "MD4_Init", "hcrypto/md4.h",
226 onlyif
="asn1 roken com_err")
227 if check_system_heimdal_lib("krb5", "krb5_anyaddr", "krb5.h",
228 onlyif
="roken wind asn1 hx509 hcrypto com_err heimbase"):
229 conf
.CHECK_FUNCS_IN('krb5_free_unparsed_name', 'krb5', headers
="krb5.h")
230 check_system_heimdal_lib("gssapi", "gss_oid_to_name", "gssapi.h",
231 onlyif
="hcrypto asn1 roken krb5 com_err wind")
232 check_system_heimdal_lib("heimntlm", "heim_ntlm_ntlmv2_key", "heimntlm.h",
233 onlyif
="roken hcrypto krb5")
234 if check_system_heimdal_lib("hdb", "hdb_db_dir", "krb5.h hdb.h",
235 onlyif
="roken krb5 hcrypto com_err wind"):
238 int main(void) { hdb_enctype2key(NULL, NULL, NULL, 0, NULL); }
240 define
='HDB_ENCTYPE2KEY_TAKES_KEYSET',
243 msg
='Checking whether hdb_enctype2key takes a keyset argument',
246 check_system_heimdal_lib("kdc", "kdc_log", "kdc.h",
247 onlyif
="roken krb5 hdb asn1 heimntlm hcrypto com_err wind heimbase")
249 conf
.env
.CCDEFINES
= CCDEFINES
251 # With the proper checks in place we should be able to build against the system libtommath.
252 #if conf.CHECK_BUNDLED_SYSTEM('tommath', checkfunctions='mp_init', headers='tommath.h'):
253 # conf.define('USING_SYSTEM_TOMMATH', 1)
255 check_system_heimdal_binary("compile_et")
256 check_system_heimdal_binary("asn1_compile")