Fix Samba3 on OpenIndiana.
authorGordon Ross <gordon.w.ross@gmail.com>
Fri, 6 May 2011 23:00:08 +0000 (16:00 -0700)
committerJeremy Allison <jra@samba.org>
Sat, 7 May 2011 00:20:14 +0000 (02:20 +0200)
I'd like Samba to use the native OpenLDAP and MIT Kerberos libs.
Attached are some patches to do that. (relative to git master)
It does not build for me without these.

(OpenIndiana is an off-shoot of OpenSolaris  See http://www.openindiana.org)

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat May  7 02:20:14 CEST 2011 on sn-devel-104

auth/kerberos/gssapi_pac.c
lib/replace/system/kerberos.h
source3/configure.in
source3/wscript

index d89a649ff21225089d2fc6533b617bf17a02cb57..e115cfe85c4b7b570f97c59ad2372ebe6cb0e9b0 100644 (file)
 
 #include "libcli/auth/krb5_wrap.h"
 
 
 #include "libcli/auth/krb5_wrap.h"
 
+#if 0
+/* FIXME - need proper configure/waf test
+ * to determine if gss_mech_krb5 and friends
+ * exist. JRA.
+ */
+/*
+ * These are not exported by Solaris -lkrb5
+ * Maybe move to libreplace somewhere?
+ */
+static const gss_OID_desc krb5_gss_oid_array[] = {
+       /* this is the official, rfc-specified OID */
+       { 9, "\052\206\110\206\367\022\001\002\002" },
+       /* this is the pre-RFC mech OID */
+       { 5, "\053\005\001\005\002" },
+       /* this is the unofficial, incorrect mech OID emitted by MS */
+       { 9, "\052\206\110\202\367\022\001\002\002" },
+       { 0, 0 }
+};
+
+const gss_OID_desc * const gss_mech_krb5              = krb5_gss_oid_array+0;
+const gss_OID_desc * const gss_mech_krb5_old          = krb5_gss_oid_array+1;
+const gss_OID_desc * const gss_mech_krb5_wrong        = krb5_gss_oid_array+2;
+#endif
+
 /* The Heimdal OID for getting the PAC */
 #define EXTRACT_PAC_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 8
 /*                                                     EXTRACTION OID             AUTHZ ID */
 /* The Heimdal OID for getting the PAC */
 #define EXTRACT_PAC_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 8
 /*                                                     EXTRACTION OID             AUTHZ ID */
index 6d8c59f9b57b78ce56d5afc0e83ac2bb934db9f9..ec3eff17c71578290ea0b329dc15d2c79cac27f3 100644 (file)
@@ -37,7 +37,9 @@
 #include <com_err.h>
 #endif
 
 #include <com_err.h>
 #endif
 
-#if HAVE_GSSAPI_GSSAPI_H
+#if HAVE_GSSAPI_GSSAPI_EXT_H
+#include <gssapi/gssapi_ext.h>
+#elif HAVE_GSSAPI_GSSAPI_H
 #include <gssapi/gssapi.h>
 #elif HAVE_GSSAPI_GSSAPI_GENERIC_H
 #include <gssapi/gssapi_generic.h>
 #include <gssapi/gssapi.h>
 #elif HAVE_GSSAPI_GSSAPI_GENERIC_H
 #include <gssapi/gssapi_generic.h>
index f9263f6e82f35d83bd8e36bf5d78d44bb7bce4a8..11dbc2872e4d2486b082cb344fa42cab4c0e1469 100644 (file)
@@ -3579,16 +3579,16 @@ else
     # Check to see whether there is enough LDAP functionality to be able
     # to build AD support.
 
     # Check to see whether there is enough LDAP functionality to be able
     # to build AD support.
 
-# HPUX only has ldap_init; ok, we take care of this in smbldap.c
+# HPUX and Solaris only has ldap_init; ok, we take care of this in smbldap.c
 case "$host_os" in
 case "$host_os" in
-       *hpux*)
+       *hpux* | *solaris*)
     AC_CHECK_FUNC_EXT(ldap_init,$LDAP_LIBS)
 
     if test x"$ac_cv_func_ext_ldap_init" != x"yes"; then
        if test x"$with_ads_support" = x"yes"; then
     AC_CHECK_FUNC_EXT(ldap_init,$LDAP_LIBS)
 
     if test x"$ac_cv_func_ext_ldap_init" != x"yes"; then
        if test x"$with_ads_support" = x"yes"; then
-           AC_MSG_ERROR(Active Directory support on HPUX requires ldap_init)
+           AC_MSG_ERROR(Active Directory support on HPUX or Solaris requires ldap_init)
        elif test x"$with_ads_support" = x"auto"; then
        elif test x"$with_ads_support" = x"auto"; then
-           AC_MSG_WARN(Disabling Active Directory support (requires ldap_init on HPUX))
+           AC_MSG_WARN(Disabling Active Directory support (requires ldap_init on HPUX or Solaris))
            with_ads_support=no
        fi
     fi
            with_ads_support=no
        fi
     fi
@@ -3638,7 +3638,6 @@ if test x"$with_ads_support" != x"no"; then
         ;;
       yes)
         AC_MSG_RESULT(/usr)
         ;;
       yes)
         AC_MSG_RESULT(/usr)
-        FOUND_KRB5=yes
         ;;
       *)
         AC_MSG_RESULT($withval)
         ;;
       *)
         AC_MSG_RESULT($withval)
@@ -3727,6 +3726,21 @@ if test x"$with_ads_support" != x"no"; then
     fi
   fi
 
     fi
   fi
 
+  if test x$FOUND_KRB5 = x"no"; then
+    #################################################
+    # see if this box has Solaris MIT kerberos implementation
+    AC_MSG_CHECKING(for Solaris MIT kerberos)
+    if test -x "$KRB5CONFIG" && $KRB5CONFIG --version | grep -s Solaris | grep -s MIT > /dev/null ; then
+       FOUND_KRB5=yes
+       KRB5_LIBS="-lgss -lkrb5"
+       KRB5_CFLAGS="`$KRB5CONFIG --cflags`"
+       KRB5_CPPFLAGS="`$KRB5CONFIG --cflags`"
+       AC_MSG_RESULT(yes)
+    else
+      AC_MSG_RESULT(no)
+    fi
+  fi
+
   ac_save_CFLAGS=$CFLAGS
   ac_save_CPPFLAGS=$CPPFLAGS
   ac_save_LDFLAGS=$LDFLAGS
   ac_save_CFLAGS=$CFLAGS
   ac_save_CPPFLAGS=$CPPFLAGS
   ac_save_LDFLAGS=$LDFLAGS
@@ -3816,6 +3830,7 @@ if test x"$with_ads_support" != x"no"; then
   # now see if we can find the gssapi libs in standard paths
   if test x"$have_gssapi" != x"yes"; then
      AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[],have_gssapi=yes)
   # now see if we can find the gssapi libs in standard paths
   if test x"$have_gssapi" != x"yes"; then
      AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[],have_gssapi=yes)
+     AC_CHECK_LIB_EXT(gss, KRB5_LIBS,gss_display_status,[],[],have_gssapi=yes)
      AC_CHECK_FUNC_EXT(gss_wrap_iov, $KRB5_LIBS)
   fi
 
      AC_CHECK_FUNC_EXT(gss_wrap_iov, $KRB5_LIBS)
   fi
 
@@ -3870,6 +3885,7 @@ if test x"$with_ads_support" != x"no"; then
   AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS)
+  AC_CHECK_FUNC_EXT(gss_mech_krb5, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_oid_equal, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_inquire_sec_context_by_oid, $KRB5_LIBS)
 
   AC_CHECK_FUNC_EXT(gss_oid_equal, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_inquire_sec_context_by_oid, $KRB5_LIBS)
 
index 55b62d1c7ecb075db0c3a84be92dd4745cfac1ba..583e97af0f08b81e73067a2307db32d69456a951 100644 (file)
@@ -632,7 +632,7 @@ msg.msg_acctrightslen = sizeof(fd);
         if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \
            conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'):
             have_gssapi=True
         if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \
            conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'):
             have_gssapi=True
-        conf.CHECK_FUNCS_IN('gss_wrap_iov gss_krb5_import_cred gss_get_name_attribute gss_oid_equal gss_inquire_sec_context_by_oid', 'gssapi gssapi_krb5 krb5')
+        conf.CHECK_FUNCS_IN('gss_wrap_iov gss_krb5_import_cred gss_get_name_attribute gss_mech_krb5 gss_oid_equal gss_inquire_sec_context_by_oid', 'gssapi gssapi_krb5 krb5')
         conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5')
         conf.CHECK_FUNCS('''
 krb5_set_real_time krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
         conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5')
         conf.CHECK_FUNCS('''
 krb5_set_real_time krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes