mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
eb9e3e8a54
For now let's just loose this functionality with the MIT build. gss_import/export_cred should be availa ble when MIT 1.11 is released and this code is used only in some proxy scenario. Not normally needed for common configurations.
228 lines
10 KiB
Python
Executable File
228 lines
10 KiB
Python
Executable File
#!/usr/bin/env python
|
|
# Waf build script for Samba 4's bundled Heimdal.
|
|
|
|
# Unless explicitly requested by the user (e.g.
|
|
# "./configure --bundled-libraries=!asn1_compile") this will always use the
|
|
# bundled Heimdal, even if a system heimdal was found. The reason
|
|
# for this is that our checks for the system heimdal are not accurate
|
|
# enough yet to know if it is usable (some bug fix might be missing,
|
|
# compile_et might not generate the expected code, etc).
|
|
|
|
import Logs, sys
|
|
|
|
conf.CHECK_TYPE('u_char', 'uint8_t')
|
|
conf.CHECK_TYPE('u_int32_t', 'uint32_t')
|
|
|
|
conf.CHECK_HEADERS('err.h')
|
|
|
|
conf.CHECK_HEADERS('ifaddrs.h')
|
|
conf.CHECK_HEADERS('''crypt.h errno.h inttypes.h netdb.h signal.h sys/bswap.h
|
|
sys/file.h sys/stropts.h sys/timeb.h sys/times.h sys/uio.h sys/un.h
|
|
sys/utsname.h time.h timezone.h ttyname.h netinet/in.h
|
|
netinet/in6.h netinet6/in6.h libintl.h''')
|
|
|
|
conf.CHECK_HEADERS('curses.h term.h termcap.h', together=True)
|
|
|
|
conf.CHECK_FUNCS('''atexit cgetent getprogname setprogname gethostname
|
|
putenv rcmd readv sendmsg setitimer strlwr strncasecmp
|
|
strptime strsep strsep_copy strtok_r strupr swab umask uname unsetenv
|
|
closefrom err warn errx warnx flock writev''')
|
|
|
|
conf.CHECK_FUNCS_IN('hstrerror', 'resolv socket nsl', checklibc=True)
|
|
conf.CHECK_FUNCS_IN('''getnameinfo sendmsg socket getipnodebyname gethostent gethostent_r
|
|
sethostent endhostent getipnodebyaddr freehostent gethostbyname
|
|
gethostbyname_r gethostbyaddr''',
|
|
'socket nsl',
|
|
checklibc=True)
|
|
|
|
conf.CHECK_FUNCS_IN('dgettext gettext', 'intl', headers='libintl.h')
|
|
|
|
conf.CHECK_FUNCS('iruserok')
|
|
|
|
conf.CHECK_FUNCS('bswap16')
|
|
conf.CHECK_FUNCS('bswap32')
|
|
|
|
conf.CHECK_TYPE('struct winsize', define='HAVE_STRUCT_WINSIZE', headers='sys/termios.h sys/ioctl.h')
|
|
conf.CHECK_STRUCTURE_MEMBER('struct winsize', 'ws_xpixel',
|
|
define='HAVE_WS_XPIXEL', headers='sys/termios.h sys/ioctl.h')
|
|
conf.CHECK_STRUCTURE_MEMBER('struct winsize', 'ws_ypixel',
|
|
define='HAVE_WS_YPIXEL', headers='sys/termios.h sys/ioctl.h')
|
|
conf.DEFINE('HAVE_KRB_STRUCT_WINSIZE', 1)
|
|
conf.DEFINE('VOID_RETSIGTYPE', 1)
|
|
|
|
conf.CHECK_VARIABLE('h_errno', headers='netdb.h')
|
|
|
|
# strangely enough, we need it with another define too
|
|
conf.CHECK_DECLS('h_errno', headers='netdb.h')
|
|
|
|
conf.CHECK_FUNCS_IN('res_search res_nsearch res_ndestroy dns_search dn_expand', 'resolv',
|
|
checklibc=True, headers='netinet/in.h arpa/nameser.h resolv.h dns.h')
|
|
conf.CHECK_VARIABLE('_res', headers='netinet/in.h arpa/nameser.h resolv.h')
|
|
conf.CHECK_DECLS('_res', headers='netinet/in.h arpa/nameser.h resolv.h')
|
|
conf.CHECK_FUNCS_IN('openpty', 'util', checklibc=True, headers='pty.h util.h libutil.h')
|
|
|
|
conf.DEFINE('HAVE_KRB5',1)
|
|
|
|
conf.CHECK_FUNCS('dirfd', headers='dirent.h')
|
|
conf.CHECK_DECLS('dirfd', reverse=True, headers='dirent.h')
|
|
conf.CHECK_STRUCTURE_MEMBER('DIR', 'dd_fd', define='HAVE_DIR_DD_FD', headers='dirent.h')
|
|
|
|
conf.DEFINE('SAMBA4_USES_HEIMDAL', 1)
|
|
|
|
# setup the right defines for a in-tree heimdal build
|
|
Logs.info("Using in-tree heimdal kerberos defines")
|
|
conf.define('HAVE_GSSAPI_GSSAPI_H', 1)
|
|
conf.define('HAVE_GSSAPI_GSSAPI_KRB5_H', 1)
|
|
conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
|
|
conf.define('HAVE_KRB5_ADDRESSES', 1)
|
|
conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
|
|
conf.define('HAVE_KRB5_SET_REAL_TIME', 1)
|
|
conf.define('HAVE_COM_ERR_H', 1)
|
|
conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
|
|
conf.define('HAVE_GSS_DISPLAY_STATUS', 1)
|
|
conf.define('HAVE_GSS_WRAP_IOV', 1)
|
|
conf.define('HAVE_GSS_KRB5_IMPORT_CRED', 1)
|
|
conf.define('HAVE_GSS_OID_EQUAL', 1)
|
|
conf.define('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID', 1)
|
|
conf.define('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT', 1)
|
|
conf.define('HAVE_GSSKRB5_GET_SUBKEY', 1)
|
|
conf.define('HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT', 1)
|
|
conf.define('HAVE_GSS_IMPORT_CRED', 1)
|
|
conf.define('HAVE_GSS_EXPORT_CRED', 1)
|
|
conf.define('HAVE_LIBGSSAPI', 1)
|
|
conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
|
|
conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1)
|
|
conf.define('HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE', 0)
|
|
conf.define('HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER', 0)
|
|
conf.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1)
|
|
conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
|
|
conf.define('HAVE_KRB5_ADDRESSES', 1)
|
|
conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
|
|
conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1)
|
|
conf.define('HAVE_KRB5_CRYPTO', 1)
|
|
conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
|
|
conf.define('HAVE_KRB5_CRYPTO_INIT', 1)
|
|
conf.define('HAVE_KRB5_C_VERIFY_CHECKSUM', 1)
|
|
conf.define('HAVE_KRB5_ENCTYPE_TO_STRING', 1)
|
|
conf.define('HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', 1)
|
|
conf.define('HAVE_KRB5_FREE_ERROR_CONTENTS', 1)
|
|
conf.define('HAVE_KRB5_FREE_HOST_REALM', 1)
|
|
conf.define('HAVE_KRB5_FWD_TGT_CREDS', 1)
|
|
conf.define('HAVE_KRB5_GET_CREDS', 1)
|
|
conf.define('HAVE_KRB5_GET_CREDS_OPT_ALLOC', 1)
|
|
conf.define('HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE', 1)
|
|
conf.define('HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES', 1)
|
|
conf.define('HAVE_KRB5_GET_HOST_REALM', 1)
|
|
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1)
|
|
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1)
|
|
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1)
|
|
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1)
|
|
conf.define('HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK', 1)
|
|
conf.define('HAVE_KRB5_GET_PW_SALT', 1)
|
|
conf.define('HAVE_KRB5_GET_RENEWED_CREDS', 1)
|
|
conf.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1)
|
|
conf.define('HAVE_KRB5_KEYBLOCK_INIT', 1)
|
|
conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
|
|
conf.define('HAVE_KRB5_KRBHST_GET_ADDRINFO', 1)
|
|
conf.define('HAVE_KRB5_KRBHST_INIT', 1)
|
|
conf.define('HAVE_KRB5_KT_COMPARE', 1)
|
|
conf.define('HAVE_KRB5_KT_FREE_ENTRY', 1)
|
|
conf.define('HAVE_KRB5_KU_OTHER_CKSUM', 1)
|
|
conf.define('HAVE_KRB5_LOCATE_PLUGIN_H', 1)
|
|
conf.define('HAVE_KRB5_MK_REQ_EXTENDED', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_GET_COMP_STRING', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
|
|
conf.define('HAVE_KRB5_MAKE_PRINCIPAL', 1)
|
|
conf.define('HAVE_KRB5_REALM_TYPE', 1)
|
|
conf.define('HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES', 1)
|
|
conf.define('HAVE_KRB5_SET_REAL_TIME', 1)
|
|
conf.define('HAVE_KRB5_STRING_TO_KEY', 1)
|
|
conf.define('HAVE_KRB5_STRING_TO_KEY_SALT', 1)
|
|
conf.define('HAVE_LIBKRB5', 1)
|
|
conf.define('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', 1)
|
|
conf.define('HAVE_ETYPE_IN_ENCRYPTEDDATA', 1)
|
|
conf.define('KRB5_PRINC_REALM_RETURNS_REALM', 1)
|
|
conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
|
|
conf.define('HAVE_KRB5_H', 1)
|
|
conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', 1)
|
|
conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
|
|
conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', 1)
|
|
conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC', 1)
|
|
conf.define('HAVE_KRB5_PDU_NONE_DECL', 1)
|
|
conf.define('HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96', 1)
|
|
conf.define('HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96', 1)
|
|
conf.define('HAVE_KRB5_KRB5_PRINCIPAL_GET_NUM_COMP', 1)
|
|
conf.define('HAVE_GSSAPI_GSSAPI_SPNEGO_H', 1)
|
|
|
|
heimdal_includedirs = []
|
|
heimdal_libdirs = []
|
|
krb5_config = conf.find_program("krb5-config.heimdal", var="HEIMDAL_KRB5_CONFIG")
|
|
if not krb5_config:
|
|
krb5_config = conf.find_program("krb5-config", var="HEIMDAL_KRB5_CONFIG")
|
|
if krb5_config:
|
|
# Not ideal, but seems like the best way to get at these paths:
|
|
f = open(krb5_config, 'r')
|
|
try:
|
|
for l in f:
|
|
if l.startswith("libdir="):
|
|
heimdal_libdirs.append(l.strip()[len("libdir="):])
|
|
elif l.startswith("includedir="):
|
|
heimdal_includedirs.append(l.strip()[len("includedir="):])
|
|
finally:
|
|
f.close()
|
|
|
|
if conf.CHECK_BUNDLED_SYSTEM('com_err', checkfunctions='com_right_r com_err', headers='com_err.h'):
|
|
conf.define('USING_SYSTEM_COM_ERR', 1)
|
|
|
|
def check_system_heimdal_lib(name, functions='', headers='', onlyif=None):
|
|
# Only use system library if the user requested the bundled one not be
|
|
# used.
|
|
if conf.LIB_MAY_BE_BUNDLED(name):
|
|
return False
|
|
setattr(conf.env, "CPPPATH_%s" % name.upper(), heimdal_includedirs)
|
|
setattr(conf.env, "LIBPATH_%s" % name.upper(), heimdal_libdirs)
|
|
conf.CHECK_BUNDLED_SYSTEM(name, checkfunctions=functions, headers=headers,
|
|
onlyif=onlyif)
|
|
conf.define('USING_SYSTEM_%s' % name.upper(), 1)
|
|
return True
|
|
|
|
def check_system_heimdal_binary(name):
|
|
if conf.LIB_MAY_BE_BUNDLED(name):
|
|
return False
|
|
if not conf.find_program(name, var=name.upper()):
|
|
return False
|
|
conf.define('USING_SYSTEM_%s' % name.upper(), 1)
|
|
return True
|
|
|
|
if check_system_heimdal_lib("roken", "rk_socket_set_reuseaddr", "roken.h"):
|
|
conf.env.CPPPATH_ROKEN_HOSTCC = conf.env.CPPPATH_ROKEN
|
|
conf.env.LIBPATH_ROKEN_HOSTCC = conf.env.LIBPATH_ROKEN
|
|
conf.env.LIB_ROKEN_HOSTCC = "roken"
|
|
conf.SET_TARGET_TYPE("ROKEN_HOSTCC", 'SYSLIB')
|
|
check_system_heimdal_lib("wind", "wind_stringprep", "wind.h", onlyif="roken")
|
|
check_system_heimdal_lib("hx509", "hx509_bitstring_print", "hx509.h", onlyif="roken wind")
|
|
check_system_heimdal_lib("asn1", "initialize_asn1_error_table", "asn1_err.h", onlyif="roken com_err")
|
|
check_system_heimdal_lib("heimbase", "heim_cmp", "heimbase.h", onlyif="roken")
|
|
check_system_heimdal_lib("hcrypto", "MD4_Init", "hcrypto/md4.h",
|
|
onlyif="asn1 roken com_err")
|
|
if check_system_heimdal_lib("krb5", "krb5_anyaddr", "krb5.h",
|
|
onlyif="roken wind asn1 hx509 hcrypto com_err heimbase"):
|
|
conf.CHECK_FUNCS_IN('krb5_free_unparsed_name', 'krb5', headers="krb5.h")
|
|
check_system_heimdal_lib("gssapi", "gss_oid_to_name", "gssapi.h",
|
|
onlyif="hcrypto asn1 roken krb5 com_err wind")
|
|
check_system_heimdal_lib("heimntlm", "heim_ntlm_ntlmv2_key", "heimntlm.h",
|
|
onlyif="roken hcrypto krb5")
|
|
check_system_heimdal_lib("hdb", "hdb_db_dir", "krb5.h hdb.h",
|
|
onlyif="roken krb5 hcrypto com_err wind")
|
|
check_system_heimdal_lib("kdc", "kdc_log", "kdc.h",
|
|
onlyif="roken krb5 hdb asn1 heimntlm hcrypto com_err wind heimbase")
|
|
|
|
|
|
# With the proper checks in place we should be able to build against the system libtommath.
|
|
# conf.CHECK_BUNDLED_SYSTEM('tommath', checkfunctions='mp_init', headers='tommath.h')
|
|
# conf.define('USING_SYSTEM_TOMMATH', 1)
|
|
|
|
check_system_heimdal_binary("compile_et")
|
|
check_system_heimdal_binary("asn1_compile")
|