setmntent setpgid setpriv setproplist setsid setuidx
setxattr shmget shm_open sigaction sigblock sigprocmask sigset
sizeof_proplist_entry _stat __stat stat64 _stat64 __stat64 statvfs
-strcasecmp strchr strpbrk strsignal strtol strupr sysconf sysctlbyname
+strcasecmp strchr strpbrk strsignal strtol strupr sysconf sysctl sysctlbyname
__sys_llseek syslog _telldir __telldir telldir64 textdomain timegm
utimensat vsyslog _write __write __xstat
''')
conf.CHECK_FUNCS_IN('gss_wrap_iov gss_krb5_import_cred gss_get_name_attribute gss_mech_krb5 gss_oid_equal gss_inquire_sec_context_by_oid', 'gssapi gssapi_krb5 krb5')
conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5')
conf.CHECK_FUNCS('''
-krb5_set_real_time krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
+krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
krb5_set_default_tgs_ktypes krb5_principal2salt krb5_use_enctype
krb5_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey
krb5_auth_con_setuseruserkey krb5_locate_kdc krb5_get_permitted_enctypes
krb5_get_default_in_tkt_etypes krb5_free_data_contents
krb5_principal_get_comp_string krb5_free_unparsed_name
krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init
-krb5_krbhst_get_addrinfo krb5_c_enctype_compare krb5_enctypes_compatible_keys
+krb5_krbhst_get_addrinfo krb5_c_enctype_compare
krb5_crypto_init krb5_crypto_destroy krb5_decode_ap_req free_AP_REQ
-krb5_verify_checksum krb5_c_verify_checksum krb5_principal_compare_any_realm
+krb5_c_verify_checksum krb5_principal_compare_any_realm
krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request
-krb5_get_renewed_creds krb5_get_kdc_cred krb5_free_error_contents
+krb5_get_renewed_creds krb5_free_error_contents
initialize_krb5_error_table krb5_get_init_creds_opt_alloc
krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error
krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype
conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h')
conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h')
conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h')
+ conf.CHECK_VARIABLE('ENCTYPE_AES128_CTS_HMAC_SHA1_96', headers='krb5.h')
+ conf.CHECK_VARIABLE('ENCTYPE_AES256_CTS_HMAC_SHA1_96', headers='krb5.h')
conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h',
define='HAVE_KRB5_KEYTAB_ENTRY_KEY')
conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h',
headers='krb5.h', lib='krb5',
addmain=False,
msg="Checking whether krb5_principal_get_realm is defined")
- if conf.CHECK_CODE('''krb5_verify_checksum(0, 0, 0, 0, 0, 0, 0);''',
- 'KRB5_VERIFY_CHECKSUM_ARGS',
- headers='krb5.h', lib='krb5',
- msg="Checking whether krb5_verify_checksum takes 7 arguments"):
- conf.DEFINE('KRB5_VERIFY_CHECKSUM_ARGS', '7')
- else:
- conf.DEFINE('KRB5_VERIFY_CHECKSUM_ARGS', '6')
-
conf.CHECK_CODE('''
krb5_enctype enctype;
enctype = ENCTYPE_ARCFOUR_HMAC_MD5;
if not conf.CONFIG_SET('HAVE_KRB5_MK_REQ_EXTENDED'):
Logs.warn("krb5_mk_req_extended not found in -lkrb5")
use_ads=False
+ if not conf.CONFIG_SET('HAVE_KRB5_C_ENCTYPE_COMPARE'):
+ Logs.warn("krb5_c_enctype_compare not found in -lkrb5")
+ use_ads=False
+ if not conf.CONFIG_SET('HAVE_KRB5_GET_HOST_REALM'):
+ Logs.warn("krb5_get_host_realm not found in -lkrb5")
+ use_ads=False
+ if not conf.CONFIG_SET('HAVE_KRB5_FREE_HOST_REALM'):
+ Logs.warn("krb5_free_host_realm not found in -lkrb5")
+ use_ads=False
+ if not conf.CONFIG_SET('HAVE_KRB5_FWD_TGT_CREDS'):
+ Logs.warn("krb5_fwd_tgt_creds found in -lkrb5")
+ use_ads=False
+ if not conf.CONFIG_SET('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC'):
+ Logs.warn("krb5_get_init_creds_opt_alloc not found in -lkrb5")
+ use_ads=False
+ if not conf.CONFIG_SET('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT'):
+ Logs.warn("krb5_get_init_creds_opt_free was not found or was too old in -lkrb5")
+ use_ads=False
+ if not conf.CONFIG_SET('HAVE_KRB5_GET_RENEWED_CREDS'):
+ Logs.warn("krb5_get_renewed_creds not found in -lkrb5")
+ use_ads=False
+ if not conf.CONFIG_SET('HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM'):
+ Logs.warn("krb5_principal_compare_any_realm not found in -lkrb5")
+ use_ads=False
+ if not conf.CONFIG_SET('HAVE_KRB5_STRING_TO_KEY'):
+ Logs.warn("krb5_string_to_key not found in -lkrb5")
+ use_ads=False
if not conf.CONFIG_SET('HAVE_KRB5_PRINCIPAL2SALT') and \
not conf.CONFIG_SET('HAVE_KRB5_GET_PW_SALT'):
Logs.warn("no CREATE_KEY_FUNCTIONS detected")
not conf.CONFIG_SET('HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS'):
Logs.warn("no KT_FREE_FUNCTION detected")
use_ads=False
- if not conf.CONFIG_SET('HAVE_KRB5_C_VERIFY_CHECKSUM') and \
- not conf.CONFIG_SET('HAVE_KRB5_VERIFY_CHECKSUM'):
- Logs.warn("no KRB5_VERIFY_CHECKSUM_FUNCTION detected")
+ if not conf.CONFIG_SET('HAVE_KRB5_C_VERIFY_CHECKSUM'):
+ Logs.warn("krb5_c_verify_checksum_compare not found in -lkrb5")
use_ads=False
if not conf.CONFIG_SET('KRB5_TICKET_HAS_KEYINFO'):
# We only need the following functions if we can't get the enctype
if not conf.CONFIG_SET('HAVE_KRB5_DECODE_AP_REQ'):
Logs.warn("no KRB5_AP_REQ_DECODING_FUNCTION detected")
use_ads=False
+
+ # We don't actually use
+ # gsskrb5_extract_authz_data_from_sec_context, but it is a
+ # clue that this Heimdal, which does the PAC processing we
+ # need on the standard gss_inquire_sec_context_by_oid
+ if not conf.CONFIG_SET('HAVE_GSS_GET_NAME_ATTRIBUTE') and \
+ not (conf.CONFIG_SET('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT') and \
+ conf.CONFIG_SET('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID')):
+ Logs.warn("need eiterh gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support")
+ use_ads=False
+
if use_ads:
conf.DEFINE('WITH_ADS', '1')
conf.DEFINE('HAVE_KRB5', '1')