mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
947ad1581a
Without this, Heimdal will assume time_t is unsigned, and a wrong
assumption will cause 'infinite' ticket lifetimes to be reckoned as from
the past, and thus requests will fail with KDC_ERR_NEVER_VALID.
This is an adaptation to Heimdal:
commit 9ae9902249732237aa1711591604a6adf24963fe
Author: Nicolas Williams <nico@twosigma.com>
Date: Tue Feb 15 17:01:00 2022 -0600
cf: Check if time_t is signed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 1 18:07:50 UTC 2022 on sn-devel-184
(cherry picked from commit 9eb27f296a
)
211 lines
9.1 KiB
Python
211 lines
9.1 KiB
Python
#!/usr/bin/env python
|
|
# Waf build script for Samba 4's bundled Heimdal.
|
|
|
|
# Unless explicitly requested by the user (e.g.
|
|
# "./configure --bundled-libraries=!asn1_compile") this will always use the
|
|
# bundled Heimdal, even if a system heimdal was found. The reason
|
|
# for this is that our checks for the system heimdal are not accurate
|
|
# enough yet to know if it is usable (some bug fix might be missing,
|
|
# compile_et might not generate the expected code, etc).
|
|
|
|
import sys
|
|
from waflib import Logs
|
|
|
|
conf.CHECK_TYPE('u_char', 'uint8_t')
|
|
conf.CHECK_TYPE('u_int32_t', 'uint32_t')
|
|
|
|
conf.CHECK_HEADERS('err.h')
|
|
|
|
conf.CHECK_HEADERS('ifaddrs.h')
|
|
conf.CHECK_HEADERS('''crypt.h errno.h inttypes.h netdb.h signal.h sys/bswap.h
|
|
sys/file.h sys/stropts.h sys/timeb.h sys/times.h sys/uio.h sys/un.h
|
|
sys/utsname.h time.h timezone.h ttyname.h netinet/in.h
|
|
netinet/in6.h netinet6/in6.h''')
|
|
|
|
conf.CHECK_HEADERS('curses.h term.h termcap.h', together=True)
|
|
|
|
conf.CHECK_FUNCS('''atexit cgetent getprogname setprogname gethostname
|
|
putenv rcmd readv secure_getenv
|
|
sendmsg setitimer strlwr strncasecmp mkostemp
|
|
strptime strsep strsep_copy strtok_r strupr swab umask uname unsetenv
|
|
closefrom err warn errx warnx flock writev''')
|
|
|
|
conf.CHECK_FUNCS_IN('hstrerror', 'resolv socket nsl', checklibc=True)
|
|
conf.CHECK_FUNCS_IN('''getnameinfo sendmsg socket getipnodebyname gethostent gethostent_r
|
|
sethostent endhostent getipnodebyaddr freehostent gethostbyname
|
|
gethostbyname_r gethostbyaddr''',
|
|
'socket nsl',
|
|
checklibc=True)
|
|
|
|
conf.CHECK_FUNCS('iruserok')
|
|
|
|
conf.CHECK_FUNCS('bswap16')
|
|
conf.CHECK_FUNCS('bswap32')
|
|
|
|
conf.CHECK_TYPE('struct winsize', define='HAVE_STRUCT_WINSIZE', headers='sys/termios.h sys/ioctl.h')
|
|
conf.CHECK_STRUCTURE_MEMBER('struct winsize', 'ws_xpixel',
|
|
define='HAVE_WS_XPIXEL', headers='sys/termios.h sys/ioctl.h')
|
|
conf.CHECK_STRUCTURE_MEMBER('struct winsize', 'ws_ypixel',
|
|
define='HAVE_WS_YPIXEL', headers='sys/termios.h sys/ioctl.h')
|
|
conf.DEFINE('HAVE_KRB_STRUCT_WINSIZE', 1)
|
|
conf.DEFINE('VOID_RETSIGTYPE', 1)
|
|
|
|
conf.CHECK_VARIABLE('h_errno', headers='netdb.h')
|
|
|
|
# strangely enough, we need it with another define too
|
|
conf.CHECK_DECLS('h_errno', headers='netdb.h')
|
|
|
|
conf.CHECK_FUNCS_IN('res_search res_nsearch res_ndestroy dns_search dn_expand', 'resolv',
|
|
checklibc=True, headers='netinet/in.h arpa/nameser.h resolv.h dns.h')
|
|
conf.CHECK_VARIABLE('_res', headers='netinet/in.h arpa/nameser.h resolv.h')
|
|
conf.CHECK_DECLS('_res', headers='netinet/in.h arpa/nameser.h resolv.h')
|
|
|
|
conf.DEFINE('HAVE_KRB5',1)
|
|
|
|
conf.CHECK_FUNCS('dirfd', headers='dirent.h')
|
|
conf.CHECK_DECLS('dirfd', reverse=True, headers='dirent.h')
|
|
conf.CHECK_STRUCTURE_MEMBER('DIR', 'dd_fd', define='HAVE_DIR_DD_FD', headers='dirent.h')
|
|
|
|
heimdal_no_error_flags = ['-Wno-error=discarded-qualifiers',
|
|
'-Wno-error=cast-qual',
|
|
'-Wno-error=missing-field-initializers',
|
|
'-Wno-error=shadow',
|
|
'-Wno-error=implicit-fallthrough',
|
|
'-Wno-error=enum-compare',
|
|
'-Wno-error=unused-but-set-variable',
|
|
'-Wno-error=unused-const-variable',
|
|
'-Wno-error=unused-variable',
|
|
'-Wno-error=unused-result']
|
|
for flag in heimdal_no_error_flags:
|
|
conf.ADD_NAMED_CFLAGS('HEIMDAL_NO_ERROR_CFLAGS',
|
|
flag,
|
|
testflags=True)
|
|
|
|
conf.ADD_NAMED_CFLAGS('HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS',
|
|
'-Wno-strict-overflow',
|
|
testflags=True)
|
|
|
|
conf.ADD_NAMED_CFLAGS('HEIMDAL_UNPICKY_WNO_FREE_NOHEAP_OBJECT_CFLAGS',
|
|
'-Wno-error=free-nonheap-object',
|
|
testflags=True)
|
|
|
|
if len(bld.env.HEIMDAL_NO_ERROR_CFLAGS) == len(heimdal_no_error_flags):
|
|
Logs.info("Most warnings in Heimdal code will "
|
|
"error due to -Werror (good)")
|
|
else:
|
|
conf.env.allow_heimdal_warnings = True
|
|
# Needed on CentOS 7 and Ubuntu 16.04 only for Bison generated
|
|
# files when we are not doing strict warnings -> errors
|
|
conf.ADD_NAMED_CFLAGS('HEIMDAL_UNPICKY_WNO_MAYBE_UNINITIALIZED_CFLAGS',
|
|
'-Wno-error=maybe-uninitialized',
|
|
testflags=True)
|
|
Logs.info("Allowing warnings in Heimdal code as this compiler does "
|
|
"not support enough -Wno-error flags (bad)")
|
|
|
|
conf.DEFINE('SAMBA4_USES_HEIMDAL', 1)
|
|
|
|
# setup the right defines for a in-tree heimdal build
|
|
Logs.info("Using in-tree heimdal kerberos defines")
|
|
conf.define('HAVE_GSSAPI_GSSAPI_H', 1)
|
|
conf.define('HAVE_GSSAPI_GSSAPI_KRB5_H', 1)
|
|
conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
|
|
conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
|
|
conf.define('HAVE_KRB5_SET_REAL_TIME', 1)
|
|
conf.define('HAVE_COM_ERR_H', 1)
|
|
conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
|
|
conf.define('HAVE_GSS_DISPLAY_STATUS', 1)
|
|
conf.define('HAVE_GSS_WRAP_IOV', 1)
|
|
conf.define('HAVE_GSS_KRB5_IMPORT_CRED', 1)
|
|
conf.define('HAVE_GSS_OID_EQUAL', 1)
|
|
conf.define('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID', 1)
|
|
conf.define('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT', 1)
|
|
conf.define('HAVE_GSSKRB5_GET_SUBKEY', 1)
|
|
conf.define('HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT', 1)
|
|
conf.define('HAVE_GSS_IMPORT_CRED', 1)
|
|
conf.define('HAVE_GSS_EXPORT_CRED', 1)
|
|
conf.define('HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X', 1)
|
|
conf.define('HAVE_GSSAPI', 1)
|
|
conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
|
|
conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1)
|
|
conf.define('HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE', 0)
|
|
conf.define('HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER', 0)
|
|
conf.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1)
|
|
conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
|
|
conf.define('HAVE_KRB5_ADDRESSES', 1)
|
|
conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
|
|
conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1)
|
|
conf.define('HAVE_KRB5_CC_COPY_CACHE', 1)
|
|
conf.define('HAVE_KRB5_CREATE_CHECKSUM', 1)
|
|
conf.define('HAVE_KRB5_CRYPTO', 1)
|
|
conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
|
|
conf.define('HAVE_KRB5_CRYPTO_INIT', 1)
|
|
conf.define('HAVE_KRB5_C_VERIFY_CHECKSUM', 1)
|
|
conf.define('HAVE_KRB5_ENCTYPE_TO_STRING', 1)
|
|
conf.define('HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', 1)
|
|
conf.define('HAVE_KRB5_FREE_ERROR_CONTENTS', 1)
|
|
conf.define('HAVE_KRB5_FREE_UNPARSED_NAME', 1)
|
|
conf.define('HAVE_KRB5_FREE_HOST_REALM', 1)
|
|
conf.define('HAVE_KRB5_FWD_TGT_CREDS', 1)
|
|
conf.define('HAVE_KRB5_GET_CREDS', 1)
|
|
conf.define('HAVE_KRB5_GET_CREDS_OPT_ALLOC', 1)
|
|
conf.define('HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE', 1)
|
|
conf.define('HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES', 1)
|
|
conf.define('HAVE_KRB5_GET_HOST_REALM', 1)
|
|
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1)
|
|
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1)
|
|
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1)
|
|
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1)
|
|
conf.define('HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK', 1)
|
|
conf.define('HAVE_KRB5_GET_PW_SALT', 1)
|
|
conf.define('HAVE_KRB5_GET_RENEWED_CREDS', 1)
|
|
conf.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1)
|
|
conf.define('HAVE_KRB5_KEYBLOCK_INIT', 1)
|
|
conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
|
|
conf.define('HAVE_KRB5_KRBHST_GET_ADDRINFO', 1)
|
|
conf.define('HAVE_KRB5_KRBHST_INIT', 1)
|
|
conf.define('HAVE_KRB5_KT_COMPARE', 1)
|
|
conf.define('HAVE_KRB5_KT_FREE_ENTRY', 1)
|
|
conf.define('HAVE_KRB5_KU_OTHER_CKSUM', 1)
|
|
conf.define('HAVE_KRB5_LOCATE_PLUGIN_H', 1)
|
|
conf.define('HAVE_KRB5_MK_REQ_EXTENDED', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_GET_COMP_STRING', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
|
|
conf.define('HAVE_KRB5_MAKE_PRINCIPAL', 1)
|
|
conf.define('HAVE_KRB5_REALM_TYPE', 1)
|
|
conf.define('HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES', 1)
|
|
conf.define('HAVE_KRB5_SET_REAL_TIME', 1)
|
|
conf.define('HAVE_KRB5_STRING_TO_KEY', 1)
|
|
conf.define('HAVE_KRB5_STRING_TO_KEY_SALT', 1)
|
|
conf.define('HAVE_FREE_CHECKSUM', 1)
|
|
conf.define('HAVE_LIBKRB5', 1)
|
|
conf.define('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', 1)
|
|
conf.define('HAVE_ETYPE_IN_ENCRYPTEDDATA', 1)
|
|
conf.define('KRB5_PRINC_REALM_RETURNS_REALM', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
|
|
conf.define('HAVE_KRB5_H', 1)
|
|
conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
|
|
conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', 1)
|
|
conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5_56', 1)
|
|
conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC', 1)
|
|
conf.define('HAVE_KRB5_PDU_NONE_DECL', 1)
|
|
conf.define('HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96', 1)
|
|
conf.define('HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_GET_NUM_COMP', 1)
|
|
conf.define('HAVE_GSSAPI_GSSAPI_SPNEGO_H', 1)
|
|
conf.define('HAVE_FLAGS_IN_KRB5_CREDS', 1)
|
|
conf.define('HAVE_KRB5_CONFIG_GET_BOOL_DEFAULT', 1)
|
|
conf.define('HAVE_KRB5_DATA_COPY', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_SET_REALM', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_SET_TYPE', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_GET_TYPE', 1)
|
|
conf.define('HAVE_KRB5_WARNX', 1)
|
|
conf.define('HAVE_KRB5_PROMPT_TYPE', 1)
|
|
|
|
if conf.CONFIG_SET('USING_EMBEDDED_HEIMDAL'):
|
|
conf.define('HAVE_KRB5_ADDLOG_FUNC_NEED_CONTEXT', 1)
|
|
else:
|
|
pass # TODO
|
|
|
|
conf.CHECK_SIGN('time_t')
|