- # Check for kerberos
- have_gssapi=False
- if Options.options.with_mit_krb5_checks and conf.env.developer:
- Logs.info("Looking for kerberos features")
- conf.find_program('krb5-config', var='KRB5_CONFIG')
- if conf.env.KRB5_CONFIG:
- conf.check_cfg(path="krb5-config", args="--cflags --libs",
- package="gssapi", uselib_store="KRB5")
- conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5')
- conf.CHECK_HEADERS('gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h com_err.h', lib='krb5')
-
- if conf.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
- conf.env['WINBIND_KRB5_LOCATOR'] = 'bin/winbind_krb5_locator.so'
-
- conf.CHECK_FUNCS_IN('_et_list', 'com_err')
- conf.CHECK_FUNCS_IN('krb5_encrypt_data', 'k5crypto')
- conf.CHECK_FUNCS_IN('des_set_key','crypto')
- conf.CHECK_FUNCS_IN('copy_Authenticator', 'asn1')
- conf.CHECK_FUNCS_IN('roken_getaddrinfo_hostspec', 'roken')
- if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \
- conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'):
- have_gssapi=True
- conf.CHECK_FUNCS_IN('gss_wrap_iov gss_krb5_import_cred gss_get_name_attribute gss_mech_krb5 gss_oid_equal gss_inquire_sec_context_by_oid', 'gssapi gssapi_krb5 krb5')
- conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5')
- conf.CHECK_FUNCS('''
-krb5_set_real_time krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
-krb5_set_default_tgs_ktypes krb5_principal2salt krb5_use_enctype
-krb5_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey
-krb5_auth_con_setuseruserkey krb5_locate_kdc krb5_get_permitted_enctypes
-krb5_get_default_in_tkt_etypes krb5_free_data_contents
-krb5_principal_get_comp_string krb5_free_unparsed_name
-krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init
-krb5_krbhst_get_addrinfo krb5_c_enctype_compare krb5_enctypes_compatible_keys
-krb5_crypto_init krb5_crypto_destroy krb5_decode_ap_req free_AP_REQ
-krb5_verify_checksum krb5_c_verify_checksum krb5_principal_compare_any_realm
-krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request
-krb5_get_renewed_creds krb5_get_kdc_cred krb5_free_error_contents
-initialize_krb5_error_table krb5_get_init_creds_opt_alloc
-krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error
-krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype
-krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds
-krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm''',
- lib='krb5 k5crypto')
- conf.CHECK_DECLS('''krb5_get_credentials_for_user
- krb5_auth_con_set_req_cksumtype''',
- headers='krb5.h', always=True)
- conf.CHECK_VARIABLE('AP_OPTS_USE_SUBKEY', headers='krb5.h')
- conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h')
- conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h')
- conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h')
- conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h',
- define='HAVE_KRB5_KEYTAB_ENTRY_KEY')
- conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h',
- define='HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK')
- conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'magic', headers='krb5.h',
- define='HAVE_MAGIC_IN_KRB5_ADDRESS')
- conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h',
- define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS')
- conf.CHECK_STRUCTURE_MEMBER('krb5_ticket', 'enc_part2', headers='krb5.h',
- define='HAVE_KRB5_TKT_ENC_PART2')
- conf.CHECK_STRUCTURE_MEMBER('krb5_creds', 'keyblock', headers='krb5.h',
- define='HAVE_KRB5_KEYBLOCK_IN_CREDS')
- conf.CHECK_STRUCTURE_MEMBER('krb5_creds', 'session', headers='krb5.h',
- define='HAVE_KRB5_SESSION_IN_CREDS')
- conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h',
- define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ')
-
- conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h')
-
- conf.CHECK_CODE('''
-krb5_ticket ticket;
-krb5_kvno kvno;
-krb5_enctype enctype;
-enctype = ticket.enc_part.enctype;
-kvno = ticket.enc_part.kvno;
-''',
- 'KRB5_TICKET_HAS_KEYINFO',
- headers='krb5.h', link=False,
- msg="Checking whether the krb5_ticket structure contains the kvno and enctype")
- conf.CHECK_CODE('''
-krb5_context ctx;
-krb5_get_init_creds_opt *opt = NULL;
-krb5_get_init_creds_opt_free(ctx, opt);
-''',
- 'KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT',
- headers='krb5.h', link=False,
- msg="Checking whether krb5_get_init_creds_opt_free takes a context argument")
- conf.CHECK_CODE('krb5_mk_error(0,0,0)',
- 'HAVE_SHORT_KRB5_MK_ERROR_INTERFACE',
- headers='krb5.h', link=False,
- msg="Checking whether krb5_mk_error takes 3 arguments MIT or 9 Heimdal")
- conf.CHECK_CODE('''
-const krb5_data *pkdata;
-krb5_context context;
-krb5_principal principal;
-pkdata = krb5_princ_component(context, principal, 0);
-''',
- 'HAVE_KRB5_PRINC_COMPONENT',
- headers='krb5.h', lib='krb5',
- msg="Checking whether krb5_princ_component is available")
-
- conf.CHECK_CODE('''
-int main(void) {
-char buf[256];
-krb5_enctype_to_string(1, buf, 256);
-return 0;
-}''',
- 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG',
- headers='krb5.h', lib='krb5 k5crypto',
- addmain=False, cflags='-Werror',
- msg="Checking whether krb5_enctype_to_string takes size_t argument")
-
- conf.CHECK_CODE('''
-int main(void) {
-krb5_context context = NULL;
-char *str = NULL;
-krb5_enctype_to_string(context, 1, &str);
-if (str) free (str);
-return 0;
-}''',
- 'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG',
- headers='krb5.h stdlib.h', lib='krb5',
- addmain=False, cflags='-Werror',
- msg="Checking whether krb5_enctype_to_string takes krb5_context argument")
- conf.CHECK_CODE('''
-int main(void) {
-krb5_context ctx = NULL;
-krb5_principal princ = NULL;
-const char *str = krb5_princ_realm(ctx, princ)->data;
-return 0;
-}''',
- 'HAVE_KRB5_PRINC_REALM',
- headers='krb5.h', lib='krb5',
- addmain=False,
- msg="Checking whether the macro krb5_princ_realm is defined")
- conf.CHECK_CODE('''
-int main(void) {
- krb5_context context;
- krb5_principal principal;
- const char *realm; realm = krb5_principal_get_realm(context, principal);
- return 0;
-}''',
- 'HAVE_KRB5_PRINCIPAL_GET_REALM',
- headers='krb5.h', lib='krb5',
- addmain=False,
- msg="Checking whether krb5_principal_get_realm is defined")
- if conf.CHECK_CODE('''krb5_verify_checksum(0, 0, 0, 0, 0, 0, 0);''',
- 'KRB5_VERIFY_CHECKSUM_ARGS',
- headers='krb5.h', lib='krb5',
- msg="Checking whether krb5_verify_checksum takes 7 arguments"):
- conf.DEFINE('KRB5_VERIFY_CHECKSUM_ARGS', '7')
- else:
- conf.DEFINE('KRB5_VERIFY_CHECKSUM_ARGS', '6')
-
- conf.CHECK_CODE('''
-krb5_enctype enctype;
-enctype = ENCTYPE_ARCFOUR_HMAC_MD5;
-''',
- '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5',
- headers='krb5.h', lib='krb5',
- msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available");
- conf.CHECK_CODE('''
-krb5_keytype keytype;
-keytype = KEYTYPE_ARCFOUR_56;
-''',
- '_HAVE_KEYTYPE_ARCFOUR_56',
- headers='krb5.h', lib='krb5',
- msg="Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is available");
- if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'):
- conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', '1')
-
- conf.CHECK_CODE('''
-krb5_enctype enctype;
-enctype = ENCTYPE_ARCFOUR_HMAC;
-''',
- 'HAVE_ENCTYPE_ARCFOUR_HMAC',
- headers='krb5.h', lib='krb5',
- msg="Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is available");
-
- conf.CHECK_CODE('''
-krb5_context context;
-krb5_keytab keytab;
-krb5_init_context(&context);
-return krb5_kt_resolve(context, "WRFILE:api", &keytab);
-''',
- 'HAVE_WRFILE_KEYTAB',
- headers='krb5.h', lib='krb5', execute=True,
- msg="Checking whether the WRFILE:-keytab is supported");
-
- # Check for KRB5_DEPRECATED handling
- conf.CHECK_CODE('''#define KRB5_DEPRECATED 1
-#include <krb5.h>''',
- 'HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER', addmain=False,
- link=False,
- msg="Checking for KRB5_DEPRECATED define taking an identifier")
-