1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

20 Commits

Author SHA1 Message Date
Günther Deschner
1092324f7f wscript: detect if we have libkdb5 and kdb.h.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:27 +01:00
Stefan Metzmacher
1fd5bdafbd wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
Newer MIT versions (maybe krb5-1.14) will also support this.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:26 +01:00
Andreas Schneider
b73235fb54 krb5_wrap: Do not use deprecated KRB5 functions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Mar  7 17:57:39 CET 2016 on sn-devel-144
2016-03-07 17:57:39 +01:00
Günther Deschner
b3931af2df s3-kerberos: avoid entering a password change dialogue also when using MIT.
Without this fix, for accounts with an expired password, a password change
process is initiated and - due to the prompter - this fails with a confusing
error message:

"kerberos_kinit_password Administrator@W2K12DOM.BER.REDHAT.COM failed: Password
mismatch
Failed to join domain: failed to connect to AD: Password mismatch"

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-23 01:41:17 +01:00
Günther Deschner
6755376ced kerberos: make sure we only use prompter type when available.
We also verified that we cannot simply remove the prompter as several older
versions of Heimdal would crash.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct  2 07:29:43 CEST 2015 on sn-devel-104
2015-10-02 07:29:43 +02:00
Günther Deschner
e38acb344a krb5_wrap: add smb_krb5_principal_set_type().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-03-27 01:26:16 +01:00
Thomas Nagy
3c0e3af395 Transition to waf 1.8: wrapped conf.check_cfg
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>

(forward ported to current master by abartlet)

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-16 03:00:07 +01:00
Matthieu Patou
540f3ad347 waf: add k5crypto to the list of system libraries if they are reported by the krb5config but not found as requied by the different tests
Otherwise on some systems we have error message like
"Implied dependency k5crypto in winbind_krb5_locator is of type EMPTY"
Even though krb5config indicated that this library is needed and the
library is present

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-10-03 11:01:42 +02:00
Günther Deschner
9c5470be1e lib/krb5_wrap: provide krb5_warnx() replacement.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug  8 08:30:50 CEST 2014 on sn-devel-104
2014-08-08 08:30:50 +02:00
Günther Deschner
0e255497d2 lib/krb5_wrap: add smb_krb5_principal_get_type().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
763cae60c3 lib/krb5_wrap: add smb_krb5_principal_set_realm().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
a6145a2822 wscript: add check for krb5_keyblock_init.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
9fed7ed00e lib/krb5_wrap: add krb5_copy_data_contents.
This reuses krb5_data_copy() if available, choosed not to call it
krb5_data_copy as that is easily mixed up with krb5_copy_data (which allocs the
krb5_data pointer). Thanks Simo for proposing the better name.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 06:02:35 +02:00
Günther Deschner
561c74666a lib/krb5_wrap: add smb_krb5_get_allowed_weak_crypto().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
2014-08-08 06:02:34 +02:00
Björn Jacke
9a03cc93f4 wafbuild: use WERROR_FLAGS in wscript_configure_system_mitkrb5 2012-10-30 13:18:50 +01:00
Alexander Bokovoy
e1023501d9 waf: fix parsing krb5-config --version for MIT krb5
krb5-config --version may return a string that ends with a suffix after
version number (1.X-prerelease or 1.X-beta1, for example). Detect and
ignore the suffix.

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Jun  7 17:03:01 CEST 2012 on sn-devel-104
2012-06-07 17:03:01 +02:00
Alexander Bokovoy
6e9aca7d41 waf: check for krb5_create_checksum and krb5_creds.flags for some Heimdal versions
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Jun  1 11:23:21 CEST 2012 on sn-devel-104
2012-06-01 11:23:21 +02:00
Alexander Bokovoy
27503cea09 freebsd9: support both WAF MIT krb5 build and autoconf build against MIT krb5
System-provided Heimdal Kerberos in FreeBSD 9 lacks proper support for parsing MS PAC.
This leaves us with MIT krb5 package from ports or embedded Heimdal in source4.
MIT krb5 from ports is 1.9.2, it supports all needed features for AD support in smbd,
as well as WAF MIT krb5 build. In order to use it, one needs to install 'krb5' package.

Autoconf build:
  --with-krb5=/usr/local

WAF build:
  --with-system-mitkrb5 /usr/local

or otherwise krb5-config from system Heimdal will overtake and break the detection, leaving
you with a mixture of Kerberos libraries from different locations.

WAF build accepts multiple paths as sub-arguments of the --with-system-mitkrb5 and searches
through them for krb5-config, i.e. /usr/local /usr/kerberos ...

Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Mon May 28 23:40:30 CEST 2012 on sn-devel-104
2012-05-28 23:40:30 +02:00
Alexander Bokovoy
b452fb30f7 waf: for MIT krb5 build require kerberos version above 1.9
MIT krb5 implementation provides sufficient support for features
used in Samba 4 starting with 1.9. Require version above when using
system MIT krb5 build.

Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Thu May 24 18:15:36 CEST 2012 on sn-devel-104
2012-05-24 18:15:36 +02:00
Alexander Bokovoy
2ddf89a2bc Introduce system MIT krb5 build with --with-system-mitkrb5 option.
System MIT krb5 build also enabled by specifying --without-ad-dc

When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.

Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
  * Samba 4 client libraries and their Python bindings
  * Samba 3 server (smbd, nmbd, winbindd from source3/)
  * Samba 3 client libraries

In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-23 17:51:50 +03:00