From 7d3416e8cb686453ecbedbc085073af95835001e Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Wed, 2 Nov 2022 14:56:34 +1300 Subject: [PATCH] krb5: Detect support for krb5_const_pac type We can't unconditionally assume (as we did in third_party/heimdal_build/wscript_configure) that Heimdal has this type, since we may have an older system Heimdal that lacks it. We must also check whether krb5_pac_get_buffer() is usable with krb5_const_pac, and declare krb5_const_pac as a non-const typedef if not. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- lib/krb5_wrap/krb5_samba.h | 13 ++++++++++++- lib/krb5_wrap/wscript_configure | 18 ++++++++++++++++++ third_party/heimdal_build/wscript_configure | 3 ++- wscript | 1 + 4 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 lib/krb5_wrap/wscript_configure diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 93a010323bf..79178ac8008 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -135,7 +135,18 @@ typedef struct { #endif /* HAVE_E_DATA_POINTER_IN_KRB5_ERROR */ #ifndef HAVE_KRB5_CONST_PAC -typedef krb5_pac krb5_const_pac; +#ifdef KRB5_CONST_PAC_GET_BUFFER +typedef const struct krb5_pac_data *krb5_const_pac; +#else +/* + * Certain Heimdal versions include a version of krb5_pac_get_buffer() that is + * unusable in certain cases, taking a krb5_pac when a krb5_const_pac may be all + * that we can supply. Furthermore, MIT Kerberos doesn't declare krb5_const_pac + * at all. In such cases, we must declare krb5_const_pac as a non-const typedef + * so that the build can succeed. + */ +typedef struct krb5_pac_data *krb5_const_pac; +#endif #endif krb5_error_code smb_krb5_parse_name(krb5_context context, diff --git a/lib/krb5_wrap/wscript_configure b/lib/krb5_wrap/wscript_configure new file mode 100644 index 00000000000..b595eef679c --- /dev/null +++ b/lib/krb5_wrap/wscript_configure @@ -0,0 +1,18 @@ +#!/usr/bin/env python + +# Check whether we have the krb5_const_pac type, if we aren't sure already. +if conf.CONFIG_SET('HAVE_KRB5_CONST_PAC') or ( + conf.CHECK_TYPE('krb5_const_pac', + headers='krb5.h', + lib='krb5')): + # If the type is available, check whether krb5_pac_get_buffer() accepts it + # as its second parameter, or whether it takes krb5_pac instead. + conf.CHECK_C_PROTOTYPE('krb5_pac_get_buffer', + 'krb5_error_code krb5_pac_get_buffer(' + ' krb5_context context,' + ' krb5_const_pac p,' + ' uint32_t type,' + ' krb5_data *data)', + define='KRB5_CONST_PAC_GET_BUFFER', + headers='krb5.h', + lib='krb5') diff --git a/third_party/heimdal_build/wscript_configure b/third_party/heimdal_build/wscript_configure index ee58f7c2182..a97a1b9baa8 100644 --- a/third_party/heimdal_build/wscript_configure +++ b/third_party/heimdal_build/wscript_configure @@ -131,7 +131,6 @@ conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1) conf.define('HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE', 0) conf.define('HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER', 0) conf.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1) -conf.define('HAVE_KRB5_CONST_PAC', 1) conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1) conf.define('HAVE_KRB5_ADDRESSES', 1) conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1) @@ -206,6 +205,8 @@ conf.define('HAVE_KRB5_PROMPT_TYPE', 1) if conf.CONFIG_SET('USING_EMBEDDED_HEIMDAL'): conf.define('HAVE_KRB5_ADDLOG_FUNC_NEED_CONTEXT', 1) + conf.define('HAVE_KRB5_CONST_PAC', 1) + conf.define('KRB5_CONST_PAC_GET_BUFFER', 1) else: pass # TODO diff --git a/wscript b/wscript index 5e775ebd2dd..b556aa0cbe2 100644 --- a/wscript +++ b/wscript @@ -354,6 +354,7 @@ def configure(conf): conf.RECURSE('lib/socket') conf.RECURSE('lib/mscat') conf.RECURSE('packaging') + conf.RECURSE('lib/krb5_wrap') conf.SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS()