From 672df66296f540b606aa43effab5f021b8978e4b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 22 Oct 2001 05:04:33 +0000 Subject: [PATCH] - fixed link order of krb5 libs - accept a wide range of principal names in session setup --- source/configure | 244 +++++++++++++++++-------------------- source/configure.in | 4 +- source/include/config.h.in | 6 - source/smbd/negprot.c | 1 + source/smbd/sesssetup.c | 24 +--- 5 files changed, 121 insertions(+), 158 deletions(-) diff --git a/source/configure b/source/configure index ba6ae68f80c..358b9c7ca2b 100755 --- a/source/configure +++ b/source/configure @@ -11213,10 +11213,6 @@ EOF LDFLAGS="$LDFLAGS -L$withval/lib" cat >> confdefs.h <<\EOF #define HAVE_KRB5 1 -EOF - - cat >> confdefs.h <&6 -echo "configure:11237: checking for krb5_mk_req_extended in -lkrb5" >&5 +echo "configure:11233: checking for krb5_mk_req_extended in -lkrb5" >&5 ac_lib_var=`echo krb5'_'krb5_mk_req_extended | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -11241,7 +11237,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lkrb5 $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11252: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11280,55 +11276,8 @@ fi ################################################################## # we might need the k5crypto and com_err libraries on some systems -echo $ac_n "checking for krb5_encrypt_data in -lk5crypto""... $ac_c" 1>&6 -echo "configure:11285: checking for krb5_encrypt_data in -lk5crypto" >&5 -ac_lib_var=`echo k5crypto'_'krb5_encrypt_data | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lk5crypto $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_lib=HAVE_LIB`echo k5crypto | sed -e 's/[^a-zA-Z0-9_]/_/g' \ - -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` - cat >> confdefs.h <&6 -fi - echo $ac_n "checking for _et_list in -lcom_err""... $ac_c" 1>&6 -echo "configure:11332: checking for _et_list in -lcom_err" >&5 +echo "configure:11281: checking for _et_list in -lcom_err" >&5 ac_lib_var=`echo com_err'_'_et_list | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -11336,7 +11285,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcom_err $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11300: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11362,14 +11311,47 @@ LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 - ac_tr_lib=HAVE_LIB`echo com_err | sed -e 's/[^a-zA-Z0-9_]/_/g' \ - -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` - cat >> confdefs.h <&6 +fi + +echo $ac_n "checking for krb5_encrypt_data in -lk5crypto""... $ac_c" 1>&6 +echo "configure:11321: checking for krb5_encrypt_data in -lk5crypto" >&5 +ac_lib_var=`echo k5crypto'_'krb5_encrypt_data | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lk5crypto $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" - LIBS="-lcom_err $LIBS" - +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lk5crypto" else echo "$ac_t""no" 1>&6 fi @@ -11378,7 +11360,7 @@ fi ################################################# # check for automount support echo $ac_n "checking whether to use AUTOMOUNT""... $ac_c" 1>&6 -echo "configure:11382: checking whether to use AUTOMOUNT" >&5 +echo "configure:11364: checking whether to use AUTOMOUNT" >&5 # Check whether --with-automount or --without-automount was given. if test "${with_automount+set}" = set; then withval="$with_automount" @@ -11403,7 +11385,7 @@ fi ################################################# # check for smbmount support echo $ac_n "checking whether to use SMBMOUNT""... $ac_c" 1>&6 -echo "configure:11407: checking whether to use SMBMOUNT" >&5 +echo "configure:11389: checking whether to use SMBMOUNT" >&5 # Check whether --with-smbmount or --without-smbmount was given. if test "${with_smbmount+set}" = set; then withval="$with_smbmount" @@ -11440,7 +11422,7 @@ fi # check for a PAM password database with_pam_for_crypt=no echo $ac_n "checking whether to use PAM password database""... $ac_c" 1>&6 -echo "configure:11444: checking whether to use PAM password database" >&5 +echo "configure:11426: checking whether to use PAM password database" >&5 # Check whether --with-pam or --without-pam was given. if test "${with_pam+set}" = set; then withval="$with_pam" @@ -11466,7 +11448,7 @@ fi # we can't build a pam module if we don't have pam. echo $ac_n "checking for pam_get_data in -lpam""... $ac_c" 1>&6 -echo "configure:11470: checking for pam_get_data in -lpam" >&5 +echo "configure:11452: checking for pam_get_data in -lpam" >&5 ac_lib_var=`echo pam'_'pam_get_data | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -11474,7 +11456,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lpam $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11512,7 +11494,7 @@ fi ################################################# # check for pam_smbpass support echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6 -echo "configure:11516: checking whether to use pam_smbpass" >&5 +echo "configure:11498: checking whether to use pam_smbpass" >&5 # Check whether --with-pam_smbpass or --without-pam_smbpass was given. if test "${with_pam_smbpass+set}" = set; then withval="$with_pam_smbpass" @@ -11550,12 +11532,12 @@ if test $with_pam_for_crypt = no; then for ac_func in crypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:11554: checking for $ac_func" >&5 +echo "configure:11536: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11564: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -11604,7 +11586,7 @@ done if test x"$ac_cv_func_crypt" = x"no"; then echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:11608: checking for crypt in -lcrypt" >&5 +echo "configure:11590: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -11612,7 +11594,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11609: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11658,7 +11640,7 @@ fi ## if test $with_pam_for_crypt = no; then echo $ac_n "checking for a crypt that needs truncated salt""... $ac_c" 1>&6 -echo "configure:11662: checking for a crypt that needs truncated salt" >&5 +echo "configure:11644: checking for a crypt that needs truncated salt" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_TRUNCATED_SALT'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11667,11 +11649,11 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_TRUNCATED_SALT=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11657: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_TRUNCATED_SALT=no else @@ -11709,7 +11691,7 @@ with_smbpasswd_sam=yes ################################################# # check for a TDB password database echo $ac_n "checking whether to use TDB SAM database""... $ac_c" 1>&6 -echo "configure:11713: checking whether to use TDB SAM database" >&5 +echo "configure:11695: checking whether to use TDB SAM database" >&5 # Check whether --with-tdbsam or --without-tdbsam was given. if test "${with_tdbsam+set}" = set; then withval="$with_tdbsam" @@ -11735,7 +11717,7 @@ fi ################################################# # check for a LDAP password database echo $ac_n "checking whether to use LDAP SAM database""... $ac_c" 1>&6 -echo "configure:11739: checking whether to use LDAP SAM database" >&5 +echo "configure:11721: checking whether to use LDAP SAM database" >&5 # Check whether --with-ldapsam or --without-ldapsam was given. if test "${with_ldapsam+set}" = set; then withval="$with_ldapsam" @@ -11762,7 +11744,7 @@ fi ################################################# # check for a NISPLUS password database echo $ac_n "checking whether to use NISPLUS SAM database""... $ac_c" 1>&6 -echo "configure:11766: checking whether to use NISPLUS SAM database" >&5 +echo "configure:11748: checking whether to use NISPLUS SAM database" >&5 # Check whether --with-nisplussam or --without-nisplussam was given. if test "${with_nisplussam+set}" = set; then withval="$with_nisplussam" @@ -11790,7 +11772,7 @@ fi # smbpasswd SAM is only used if another format # has not been defined echo $ac_n "checking whether to use traditional smbpasswd file""... $ac_c" 1>&6 -echo "configure:11794: checking whether to use traditional smbpasswd file" >&5 +echo "configure:11776: checking whether to use traditional smbpasswd file" >&5 if test $with_smbpasswd_sam = yes; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF @@ -11810,7 +11792,7 @@ fi ################################################# # check for a NISPLUS_HOME support echo $ac_n "checking whether to use NISPLUS_HOME""... $ac_c" 1>&6 -echo "configure:11814: checking whether to use NISPLUS_HOME" >&5 +echo "configure:11796: checking whether to use NISPLUS_HOME" >&5 # Check whether --with-nisplus-home or --without-nisplus-home was given. if test "${with_nisplus_home+set}" = set; then withval="$with_nisplus_home" @@ -11835,7 +11817,7 @@ fi ################################################# # check for the secure socket layer echo $ac_n "checking whether to use SSL""... $ac_c" 1>&6 -echo "configure:11839: checking whether to use SSL" >&5 +echo "configure:11821: checking whether to use SSL" >&5 # Check whether --with-ssl or --without-ssl was given. if test "${with_ssl+set}" = set; then withval="$with_ssl" @@ -11909,7 +11891,7 @@ fi ################################################# # check for syslog logging echo $ac_n "checking whether to use syslog logging""... $ac_c" 1>&6 -echo "configure:11913: checking whether to use syslog logging" >&5 +echo "configure:11895: checking whether to use syslog logging" >&5 # Check whether --with-syslog or --without-syslog was given. if test "${with_syslog+set}" = set; then withval="$with_syslog" @@ -11934,7 +11916,7 @@ fi ################################################# # check for a shared memory profiling support echo $ac_n "checking whether to use profiling""... $ac_c" 1>&6 -echo "configure:11938: checking whether to use profiling" >&5 +echo "configure:11920: checking whether to use profiling" >&5 # Check whether --with-profiling-data or --without-profiling-data was given. if test "${with_profiling_data+set}" = set; then withval="$with_profiling_data" @@ -11962,7 +11944,7 @@ fi QUOTAOBJS=smbd/noquotas.o echo $ac_n "checking whether to support disk-quotas""... $ac_c" 1>&6 -echo "configure:11966: checking whether to support disk-quotas" >&5 +echo "configure:11948: checking whether to support disk-quotas" >&5 # Check whether --with-quotas or --without-quotas was given. if test "${with_quotas+set}" = set; then withval="$with_quotas" @@ -11973,13 +11955,13 @@ if test "${with_quotas+set}" = set; then *linux*) # Check for kernel 2.4.x quota braindamage... echo $ac_n "checking for linux 2.4.x quota braindamage..""... $ac_c" 1>&6 -echo "configure:11977: checking for linux 2.4.x quota braindamage.." >&5 +echo "configure:11959: checking for linux 2.4.x quota braindamage.." >&5 if eval "test \"`echo '$''{'samba_cv_linux_2_4_quota_braindamage'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -11991,7 +11973,7 @@ int main() { struct mem_dqblk D; ; return 0; } EOF -if { (eval echo configure:11995: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:11977: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_linux_2_4_quota_braindamage=yes else @@ -12040,7 +12022,7 @@ fi # check for experimental utmp accounting echo $ac_n "checking whether to support utmp accounting""... $ac_c" 1>&6 -echo "configure:12044: checking whether to support utmp accounting" >&5 +echo "configure:12026: checking whether to support utmp accounting" >&5 # Check whether --with-utmp or --without-utmp was given. if test "${with_utmp+set}" = set; then withval="$with_utmp" @@ -12140,7 +12122,7 @@ fi ################################################# # choose native language(s) of man pages echo $ac_n "checking chosen man pages' language(s)""... $ac_c" 1>&6 -echo "configure:12144: checking chosen man pages' language(s)" >&5 +echo "configure:12126: checking chosen man pages' language(s)" >&5 # Check whether --with-manpages-langs or --without-manpages-langs was given. if test "${with_manpages_langs+set}" = set; then withval="$with_manpages_langs" @@ -12168,14 +12150,14 @@ fi ################################################# # these tests are taken from the GNU fileutils package echo "checking how to get filesystem space usage" 1>&6 -echo "configure:12172: checking how to get filesystem space usage" >&5 +echo "configure:12154: checking how to get filesystem space usage" >&5 space=no # Test for statvfs64. if test $space = no; then # SVR4 echo $ac_n "checking statvfs64 function (SVR4)""... $ac_c" 1>&6 -echo "configure:12179: checking statvfs64 function (SVR4)" >&5 +echo "configure:12161: checking statvfs64 function (SVR4)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs64'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12183,7 +12165,7 @@ else fu_cv_sys_stat_statvfs64=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12183: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statvfs64=yes else @@ -12230,12 +12212,12 @@ fi if test $space = no; then # SVR4 echo $ac_n "checking statvfs function (SVR4)""... $ac_c" 1>&6 -echo "configure:12234: checking statvfs function (SVR4)" >&5 +echo "configure:12216: checking statvfs function (SVR4)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12243,7 +12225,7 @@ int main() { struct statvfs fsd; statvfs (0, &fsd); ; return 0; } EOF -if { (eval echo configure:12247: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12229: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* fu_cv_sys_stat_statvfs=yes else @@ -12268,7 +12250,7 @@ fi if test $space = no; then # DEC Alpha running OSF/1 echo $ac_n "checking for 3-argument statfs function (DEC OSF/1)""... $ac_c" 1>&6 -echo "configure:12272: checking for 3-argument statfs function (DEC OSF/1)" >&5 +echo "configure:12254: checking for 3-argument statfs function (DEC OSF/1)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs3_osf1'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12276,7 +12258,7 @@ else fu_cv_sys_stat_statfs3_osf1=no else cat > conftest.$ac_ext < @@ -12289,7 +12271,7 @@ else exit (statfs (".", &fsd, sizeof (struct statfs))); } EOF -if { (eval echo configure:12293: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12275: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs3_osf1=yes else @@ -12316,7 +12298,7 @@ fi if test $space = no; then # AIX echo $ac_n "checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)""... $ac_c" 1>&6 -echo "configure:12320: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 +echo "configure:12302: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_bsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12324,7 +12306,7 @@ else fu_cv_sys_stat_statfs2_bsize=no else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12329: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs2_bsize=yes else @@ -12370,7 +12352,7 @@ fi if test $space = no; then # SVR3 echo $ac_n "checking for four-argument statfs (AIX-3.2.5, SVR3)""... $ac_c" 1>&6 -echo "configure:12374: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 +echo "configure:12356: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs4'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12378,7 +12360,7 @@ else fu_cv_sys_stat_statfs4=no else cat > conftest.$ac_ext < #include @@ -12388,7 +12370,7 @@ else exit (statfs (".", &fsd, sizeof fsd, 0)); } EOF -if { (eval echo configure:12392: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs4=yes else @@ -12415,7 +12397,7 @@ fi if test $space = no; then # 4.4BSD and NetBSD echo $ac_n "checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)""... $ac_c" 1>&6 -echo "configure:12419: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 +echo "configure:12401: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_fsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12423,7 +12405,7 @@ else fu_cv_sys_stat_statfs2_fsize=no else cat > conftest.$ac_ext < #ifdef HAVE_SYS_PARAM_H @@ -12439,7 +12421,7 @@ else exit (statfs (".", &fsd)); } EOF -if { (eval echo configure:12443: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12425: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs2_fsize=yes else @@ -12466,7 +12448,7 @@ fi if test $space = no; then # Ultrix echo $ac_n "checking for two-argument statfs with struct fs_data (Ultrix)""... $ac_c" 1>&6 -echo "configure:12470: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 +echo "configure:12452: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_fs_data'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12474,7 +12456,7 @@ else fu_cv_sys_stat_fs_data=no else cat > conftest.$ac_ext < #ifdef HAVE_SYS_PARAM_H @@ -12494,7 +12476,7 @@ else exit (statfs (".", &fsd) != 1); } EOF -if { (eval echo configure:12498: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12480: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_fs_data=yes else @@ -12527,9 +12509,9 @@ fi # file support. # echo $ac_n "checking if large file support can be enabled""... $ac_c" 1>&6 -echo "configure:12531: checking if large file support can be enabled" >&5 +echo "configure:12513: checking if large file support can be enabled" >&5 cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:12528: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes else @@ -12607,7 +12589,7 @@ fi # check for ACL support echo $ac_n "checking whether to support ACLs""... $ac_c" 1>&6 -echo "configure:12611: checking whether to support ACLs" >&5 +echo "configure:12593: checking whether to support ACLs" >&5 # Check whether --with-acl-support or --without-acl-support was given. if test "${with_acl_support+set}" = set; then withval="$with_acl_support" @@ -12653,7 +12635,7 @@ EOF ;; *) echo $ac_n "checking for acl_get_file in -lacl""... $ac_c" 1>&6 -echo "configure:12657: checking for acl_get_file in -lacl" >&5 +echo "configure:12639: checking for acl_get_file in -lacl" >&5 ac_lib_var=`echo acl'_'acl_get_file | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -12661,7 +12643,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lacl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12658: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -12700,13 +12682,13 @@ else fi echo $ac_n "checking for ACL support""... $ac_c" 1>&6 -echo "configure:12704: checking for ACL support" >&5 +echo "configure:12686: checking for ACL support" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_POSIX_ACLS'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12714,7 +12696,7 @@ int main() { acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p); ; return 0; } EOF -if { (eval echo configure:12718: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12700: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* samba_cv_HAVE_POSIX_ACLS=yes else @@ -12734,13 +12716,13 @@ echo "$ac_t""$samba_cv_HAVE_POSIX_ACLS" 1>&6 EOF echo $ac_n "checking for acl_get_perm_np""... $ac_c" 1>&6 -echo "configure:12738: checking for acl_get_perm_np" >&5 +echo "configure:12720: checking for acl_get_perm_np" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_ACL_GET_PERM_NP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12748,7 +12730,7 @@ int main() { acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm); ; return 0; } EOF -if { (eval echo configure:12752: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12734: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* samba_cv_HAVE_ACL_GET_PERM_NP=yes else @@ -12795,7 +12777,7 @@ fi # (WINBIND_STARGETS) and shared libraries (WINBIND_LTARGETS). echo $ac_n "checking whether to build winbind""... $ac_c" 1>&6 -echo "configure:12799: checking whether to build winbind" >&5 +echo "configure:12781: checking whether to build winbind" >&5 # Initially, the value of $host_os decides whether winbind is supported @@ -12874,11 +12856,11 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12864: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then echo "configure OK"; else diff --git a/source/configure.in b/source/configure.in index 77bcabc7162..621c43be12c 100644 --- a/source/configure.in +++ b/source/configure.in @@ -1631,8 +1631,8 @@ fi ################################################################## # we might need the k5crypto and com_err libraries on some systems -AC_CHECK_LIB(k5crypto, krb5_encrypt_data) -AC_CHECK_LIB(com_err, _et_list) +AC_CHECK_LIB(com_err, _et_list, [LIBS="$LIBS -lcom_err"]) +AC_CHECK_LIB(k5crypto, krb5_encrypt_data, [LIBS="$LIBS -lk5crypto"]) ################################################# # check for automount support diff --git a/source/include/config.h.in b/source/include/config.h.in index 7a93b52f82f..401ba5bef94 100644 --- a/source/include/config.h.in +++ b/source/include/config.h.in @@ -1019,9 +1019,6 @@ /* Define if you have the acl library (-lacl). */ #undef HAVE_LIBACL -/* Define if you have the com_err library (-lcom_err). */ -#undef HAVE_LIBCOM_ERR - /* Define if you have the cups library (-lcups). */ #undef HAVE_LIBCUPS @@ -1034,9 +1031,6 @@ /* Define if you have the inet library (-linet). */ #undef HAVE_LIBINET -/* Define if you have the k5crypto library (-lk5crypto). */ -#undef HAVE_LIBK5CRYPTO - /* Define if you have the nsl library (-lnsl). */ #undef HAVE_LIBNSL diff --git a/source/smbd/negprot.c b/source/smbd/negprot.c index ecc6e7ee514..097cb79e67a 100644 --- a/source/smbd/negprot.c +++ b/source/smbd/negprot.c @@ -165,6 +165,7 @@ static int negprot_spnego(char *p, uint8 cryptkey[8]) uint8 guid[16]; const char *OIDs[] = {OID_NTLMSSP, OID_KERBEROS5, + OID_KERBEROS5_OLD, NULL}; char *principal; int len; diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c index 003cb0dc3d8..fc6c694d9f1 100644 --- a/source/smbd/sesssetup.c +++ b/source/smbd/sesssetup.c @@ -33,16 +33,12 @@ static int reply_spnego_kerberos(connection_struct *conn, { DATA_BLOB ticket; krb5_context context; - krb5_principal server; krb5_auth_context auth_context = NULL; krb5_keytab keytab = NULL; krb5_data packet; krb5_ticket *tkt = NULL; int ret; char *realm, *client, *p; - fstring hostname; - char *principal; - extern pstring global_myname; const struct passwd *pw; char *user; gid_t gid; @@ -56,30 +52,21 @@ static int reply_spnego_kerberos(connection_struct *conn, return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - fstrcpy(hostname, global_myname); - strlower(hostname); - asprintf(&principal, "HOST/%s@%s", hostname, realm); - ret = krb5_init_context(&context); if (ret) { DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret))); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - ret = krb5_parse_name(context, principal, &server); - if (ret) { - DEBUG(1,("krb5_parse_name(%s) failed (%s)\n", - principal, error_message(ret))); - return ERROR_NT(NT_STATUS_LOGON_FAILURE); - } - - free(principal); - packet.length = ticket.length; packet.data = (krb5_pointer)ticket.data; +#if 0 + file_save("/tmp/ticket.dat", ticket.data, ticket.length); +#endif + if ((ret = krb5_rd_req(context, &auth_context, &packet, - server, keytab, NULL, &tkt))) { + NULL, keytab, NULL, &tkt))) { DEBUG(3,("krb5_rd_req failed (%s)\n", error_message(ret))); return ERROR_NT(NT_STATUS_LOGON_FAILURE); @@ -444,7 +431,6 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,cha blob1 = data_blob(p, SVAL(inbuf, smb_vwv7)); #if 0 - chdir("/home/tridge"); file_save("negotiate.dat", blob1.data, blob1.length); #endif