git.samba.org / tprouty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d15845e)
r6113: Move GENSEC and the kerberos code out of libcli/auth, and into
authorAndrew Bartlett <abartlet@samba.org>
Tue, 29 Mar 2005 08:24:03 +0000 (08:24 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:11:20 +0000 (13:11 -0500)
auth/gensec and auth/kerberos.

This also pulls the kerberos configure code out of libads (which is
otherwise dead), and into auth/kerberos/kerberos.m4

Andrew Bartlett
(This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)

30 files changed:
source4/auth/auth.h patch | blob | history
source4/auth/gensec/gensec.c [moved from source4/libcli/auth/gensec.c with 100% similarity] patch | blob | history
source4/auth/gensec/gensec.h [moved from source4/libcli/auth/gensec.h with 100% similarity] patch | blob | history
source4/auth/gensec/gensec.m4 [moved from source4/libcli/auth/gensec.m4 with 87% similarity] patch | blob | history
source4/auth/gensec/gensec.mk [moved from source4/libcli/auth/gensec.mk with 75% similarity] patch | blob | history
source4/auth/gensec/gensec_gssapi.c [moved from source4/libcli/auth/gensec_gssapi.c with 100% similarity] patch | blob | history
source4/auth/gensec/gensec_gsskrb5.c [moved from source4/libcli/auth/gensec_gsskrb5.c with 100% similarity] patch | blob | history
source4/auth/gensec/gensec_krb5.c [moved from source4/libcli/auth/gensec_krb5.c with 99% similarity] patch | blob | history
source4/auth/gensec/gensec_ntlmssp.c [moved from source4/libcli/auth/gensec_ntlmssp.c with 100% similarity] patch | blob | history
source4/auth/gensec/ntlmssp.c [moved from source4/libcli/auth/ntlmssp.c with 100% similarity] patch | blob | history
source4/auth/gensec/ntlmssp.h [moved from source4/libcli/auth/ntlmssp.h with 100% similarity] patch | blob | history
source4/auth/gensec/ntlmssp_parse.c [moved from source4/libcli/auth/ntlmssp_parse.c with 100% similarity] patch | blob | history
source4/auth/gensec/ntlmssp_sign.c [moved from source4/libcli/auth/ntlmssp_sign.c with 100% similarity] patch | blob | history
source4/auth/gensec/schannel.c [moved from source4/libcli/auth/schannel.c with 99% similarity] patch | blob | history
source4/auth/gensec/schannel.h [moved from source4/libcli/auth/schannel.h with 100% similarity] patch | blob | history
source4/auth/gensec/schannel_sign.c [moved from source4/libcli/auth/schannel_sign.c with 98% similarity] patch | blob | history
source4/auth/gensec/schannel_state.c [moved from source4/libcli/auth/schannel_state.c with 100% similarity] patch | blob | history
source4/auth/gensec/spnego.c [moved from source4/libcli/auth/spnego.c with 100% similarity] patch | blob | history
source4/auth/gensec/spnego.h [moved from source4/libcli/auth/spnego.h with 100% similarity] patch | blob | history
source4/auth/gensec/spnego_parse.c [moved from source4/libcli/auth/spnego_parse.c with 100% similarity] patch | blob | history
source4/auth/kerberos/clikrb5.c [moved from source4/libcli/auth/clikrb5.c with 99% similarity] patch | blob | history
source4/auth/kerberos/gssapi_parse.c [moved from source4/libcli/auth/gssapi_parse.c with 98% similarity] patch | blob | history
source4/auth/kerberos/kerberos.c [moved from source4/libcli/auth/kerberos.c with 99% similarity] patch | blob | history
source4/auth/kerberos/kerberos.h [moved from source4/libcli/auth/kerberos.h with 100% similarity] patch | blob | history
source4/auth/kerberos/kerberos.m4 [new file with mode: 0644] patch | blob
source4/auth/kerberos/kerberos.mk [new file with mode: 0644] patch | blob
source4/auth/kerberos/kerberos_verify.c [moved from source4/libcli/auth/kerberos_verify.c with 99% similarity] patch | blob | history
source4/build/smb_build/main.pm patch | blob | history
source4/configure.in patch | blob | history
source4/libads/config.m4 patch | blob | history

diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 425410e0888e20728302f1b4de08e7536adad0b1..a9f6b8eac544a04611b746e71a261a5f3acb8058 100644 (file)
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -22,10 +22,10 @@
 #ifndef _SAMBA_AUTH_H
 #define _SAMBA_AUTH_H
 
-#include "libcli/auth/ntlmssp.h"
+#include "auth/gensec/ntlmssp.h"
 #include "libcli/auth/credentials.h"
-#include "libcli/auth/gensec.h"
-#include "libcli/auth/spnego.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/spnego.h"
 
 /* modules can use the following to determine if the interface has changed
  * please increment the version number after each interface change
diff --git a/source4/libcli/auth/gensec.m4 b/source4/auth/gensec/gensec.m4
similarity index 87%
rename from source4/libcli/auth/gensec.m4
rename to source4/auth/gensec/gensec.m4
index 6ccf45ad7eaf7f169593da0fb547fd7d95172e4b..1af0a1d9c8971752d54c8cbef263aa86a082a5d8 100644 (file)
--- a/source4/libcli/auth/gensec.m4
+++ b/source4/auth/gensec/gensec.m4
@@ -3,7 +3,7 @@ SMB_MODULE_DEFAULT(gensec_gssapi, NOT)
 SMB_MODULE_DEFAULT(gensec_gsskrb5, NOT)
 
 if test x"$SMB_EXT_LIB_ENABLE_KRB5" = x"YES"; then
-       # enable this when krb5 is fully working
+       # krb5 is now disabled at runtime, not build time
        SMB_MODULE_DEFAULT(gensec_krb5, STATIC)
        SMB_MODULE_DEFAULT(gensec_gssapi, STATIC)
        if test x"$samba_cv_GSS_C_DCE_STYLE" = x"yes"; then
diff --git a/source4/libcli/auth/gensec.mk b/source4/auth/gensec/gensec.mk
similarity index 75%
rename from source4/libcli/auth/gensec.mk
rename to source4/auth/gensec/gensec.mk
index b4c612da14ea6d4de9f40466ddf6e7b245a33106..8ed6f7c8409af8843a87d8e3617cf42467386357 100644 (file)
--- a/source4/libcli/auth/gensec.mk
+++ b/source4/auth/gensec/gensec.mk
@@ -2,7 +2,7 @@
 # Start SUBSYSTEM GENSEC
 [SUBSYSTEM::GENSEC]
 INIT_FUNCTION = gensec_init
-INIT_OBJ_FILES = libcli/auth/gensec.o
+INIT_OBJ_FILES = auth/gensec/gensec.o
 REQUIRED_SUBSYSTEMS = \
                SCHANNELDB
 # End SUBSYSTEM GENSEC
@@ -13,13 +13,8 @@ REQUIRED_SUBSYSTEMS = \
 [MODULE::gensec_krb5]
 SUBSYSTEM = GENSEC
 INIT_FUNCTION = gensec_krb5_init
-INIT_OBJ_FILES = libcli/auth/gensec_krb5.o 
-ADD_OBJ_FILES = \
-               libcli/auth/clikrb5.o \
-               libcli/auth/kerberos.o \
-               libcli/auth/kerberos_verify.o \
-               libcli/auth/gssapi_parse.o
-REQUIRED_SUBSYSTEMS = NDR_KRB5PAC EXT_LIB_KRB5
+INIT_OBJ_FILES = auth/gensec/gensec_krb5.o 
+REQUIRED_SUBSYSTEMS = NDR_KRB5PAC KERBEROS EXT_LIB_KRB5 
 # End MODULE gensec_krb5
 ################################################
 
@@ -28,7 +23,7 @@ REQUIRED_SUBSYSTEMS = NDR_KRB5PAC EXT_LIB_KRB5
 [MODULE::gensec_gssapi]
 SUBSYSTEM = GENSEC
 INIT_FUNCTION = gensec_gssapi_init
-INIT_OBJ_FILES = libcli/auth/gensec_gssapi.o 
+INIT_OBJ_FILES = auth/gensec/gensec_gssapi.o 
 REQUIRED_SUBSYSTEMS = EXT_LIB_KRB5
 # End MODULE gensec_gssapi
 ################################################
@@ -38,7 +33,7 @@ REQUIRED_SUBSYSTEMS = EXT_LIB_KRB5
 [MODULE::gensec_gsskrb5]
 SUBSYSTEM = GENSEC
 INIT_FUNCTION = gensec_gsskrb5_init
-INIT_OBJ_FILES = libcli/auth/gensec_gsskrb5.o 
+INIT_OBJ_FILES = auth/gensec/gensec_gsskrb5.o 
 REQUIRED_SUBSYSTEMS = EXT_LIB_KRB5
 # End MODULE gensec_gsskrb5
 ################################################
@@ -48,9 +43,9 @@ REQUIRED_SUBSYSTEMS = EXT_LIB_KRB5
 [MODULE::gensec_spnego]
 SUBSYSTEM = GENSEC
 INIT_FUNCTION = gensec_spnego_init
-INIT_OBJ_FILES = libcli/auth/spnego.o
+INIT_OBJ_FILES = auth/gensec/spnego.o
 ADD_OBJ_FILES = \
-               libcli/auth/spnego_parse.o
+               auth/gensec/spnego_parse.o
 # End MODULE gensec_spnego
 ################################################
 
@@ -59,11 +54,11 @@ ADD_OBJ_FILES = \
 [MODULE::gensec_ntlmssp]
 SUBSYSTEM = GENSEC
 INIT_FUNCTION = gensec_ntlmssp_init
-INIT_OBJ_FILES = libcli/auth/gensec_ntlmssp.o
+INIT_OBJ_FILES = auth/gensec/gensec_ntlmssp.o
 ADD_OBJ_FILES = \
-               libcli/auth/ntlmssp.o \
-               libcli/auth/ntlmssp_parse.o \
-               libcli/auth/ntlmssp_sign.o
+               auth/gensec/ntlmssp.o \
+               auth/gensec/ntlmssp_parse.o \
+               auth/gensec/ntlmssp_sign.o
 REQUIRED_SUBSYSTEMS = AUTH
 # End MODULE gensec_ntlmssp
 ################################################
@@ -73,9 +68,9 @@ REQUIRED_SUBSYSTEMS = AUTH
 [MODULE::gensec_schannel]
 SUBSYSTEM = GENSEC
 INIT_FUNCTION = gensec_schannel_init
-INIT_OBJ_FILES = libcli/auth/schannel.o
+INIT_OBJ_FILES = auth/gensec/schannel.o
 ADD_OBJ_FILES = \
-               libcli/auth/schannel_sign.o
+               auth/gensec/schannel_sign.o
 REQUIRED_SUBSYSTEMS = AUTH SCHANNELDB
 # End MODULE gensec_ntlmssp
 ################################################
@@ -84,7 +79,7 @@ REQUIRED_SUBSYSTEMS = AUTH SCHANNELDB
 # Start SUBSYSTEM SCHANNELDB
 [SUBSYSTEM::SCHANNELDB]
 INIT_OBJ_FILES = \
-               libcli/auth/schannel_state.o
+               auth/gensec/schannel_state.o
 #
 # End SUBSYSTEM SCHANNELDB
 ################################################
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
similarity index 99%
rename from source4/libcli/auth/gensec_krb5.c
rename to source4/auth/gensec/gensec_krb5.c
index 453485d81603fc8872bbfbf17abc1bd32800d269..bad143f3c8bd5c34374b30e9215f028ecae57ce0 100644 (file)
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -27,7 +27,7 @@
 #include "includes.h"
 #include "system/kerberos.h"
 #include "system/time.h"
-#include "libcli/auth/kerberos.h"
+#include "auth/kerberos/kerberos.h"
 #include "librpc/gen_ndr/ndr_krb5pac.h"
 #include "auth/auth.h"
 
diff --git a/source4/libcli/auth/schannel.c b/source4/auth/gensec/schannel.c
similarity index 99%
rename from source4/libcli/auth/schannel.c
rename to source4/auth/gensec/schannel.c
index 3dbf10580bb99679527057065ad902537e059edd..0657de27d9148819b09276db030312fcf27be3f4 100644 (file)
--- a/source4/libcli/auth/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -24,7 +24,7 @@
 #include "includes.h"
 #include "librpc/gen_ndr/ndr_schannel.h"
 #include "auth/auth.h"
-#include "libcli/auth/schannel.h"
+#include "auth/gensec/schannel.h"
 
 static size_t schannel_sig_size(struct gensec_security *gensec_security)
 {
diff --git a/source4/libcli/auth/schannel_sign.c b/source4/auth/gensec/schannel_sign.c
similarity index 98%
rename from source4/libcli/auth/schannel_sign.c
rename to source4/auth/gensec/schannel_sign.c
index 3b493bd0d382d99b3fba7869e3a69e8dbc0d6dbf..493b26f6c09e55d53a1c5ce504e88d5426800662 100644 (file)
--- a/source4/libcli/auth/schannel_sign.c
+++ b/source4/auth/gensec/schannel_sign.c
@@ -23,9 +23,8 @@
 
 #include "includes.h"
 #include "lib/crypto/crypto.h"
-#include "libcli/auth/schannel.h"
-#include "libcli/auth/gensec.h"
-#include "libcli/auth/credentials.h"
+#include "auth/auth.h"
+#include "auth/gensec/schannel.h"
 
 #define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
 #define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
diff --git a/source4/libcli/auth/clikrb5.c b/source4/auth/kerberos/clikrb5.c
similarity index 99%
rename from source4/libcli/auth/clikrb5.c
rename to source4/auth/kerberos/clikrb5.c
index b7bd710304e30b48b8fbfba5e816fd7e3f618b68..ec8f60fbb3c35964702f7b32e7840ef4086d671c 100644 (file)
--- a/source4/libcli/auth/clikrb5.c
+++ b/source4/auth/kerberos/clikrb5.c
@@ -23,7 +23,7 @@
 #include "system/network.h"
 #include "system/kerberos.h"
 #include "system/time.h"
-#include "libcli/auth/kerberos.h"
+#include "auth/kerberos/kerberos.h"
 
 #ifdef HAVE_KRB5
 
diff --git a/source4/libcli/auth/gssapi_parse.c b/source4/auth/kerberos/gssapi_parse.c
similarity index 98%
rename from source4/libcli/auth/gssapi_parse.c
rename to source4/auth/kerberos/gssapi_parse.c
index 89929c8c6df20de4434ef520c8f1f5a1fe595b7e..2c2c4e17e59cbf01ce6398c4c8a63cac4063d72e 100644 (file)
--- a/source4/libcli/auth/gssapi_parse.c
+++ b/source4/auth/kerberos/gssapi_parse.c
@@ -25,7 +25,7 @@
 #include "includes.h"
 #include "asn_1.h"
 #include "system/kerberos.h"
-#include "libcli/auth/gensec.h"
+#include "auth/gensec/gensec.h"
 
 /*
   generate a krb5 GSS-API wrapper packet given a ticket
diff --git a/source4/libcli/auth/kerberos.c b/source4/auth/kerberos/kerberos.c
similarity index 99%
rename from source4/libcli/auth/kerberos.c
rename to source4/auth/kerberos/kerberos.c
index 89b410828078e75e53766e81ae37e40cc141f6eb..98b530e7cf317551f0d4e931b134ccde0cb1d3cf 100644 (file)
--- a/source4/libcli/auth/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -25,7 +25,7 @@
 #include "includes.h"
 #include "system/kerberos.h"
 #include "system/time.h"
-#include "libcli/auth/kerberos.h"
+#include "auth/kerberos/kerberos.h"
 #include "secrets.h"
 #include "pstring.h"
 #include "ads.h"
diff --git a/source4/auth/kerberos/kerberos.m4 b/source4/auth/kerberos/kerberos.m4
new file mode 100644 (file)
index 0000000..f18386a
--- /dev/null
+++ b/source4/auth/kerberos/kerberos.m4
@@ -0,0 +1,491 @@
+#################################################
+# KRB5 support
+KRB5_CFLAGS=""
+KRB5_CPPFLAGS=""
+KRB5_LDFLAGS=""
+KRB5_LIBS=""
+with_krb5_support=auto
+krb5_withval=auto
+AC_MSG_CHECKING([for KRB5 support])
+
+# Do no harm to the values of CFLAGS and LIBS while testing for
+# Kerberos support.
+AC_ARG_WITH(krb5,
+[  --with-krb5=base-dir    Locate Kerberos 5 support (default=auto)],
+       [ case "$withval" in
+               no)
+                       with_krb5_support=no
+                       AC_MSG_RESULT(no)
+                       krb5_withval=no
+                       ;;
+               yes)
+                       with_krb5_support=yes
+                       AC_MSG_RESULT(yes)
+                       krb5_withval=yes
+                       ;;
+               auto)
+                       with_krb5_support=auto
+                       AC_MSG_RESULT(auto)
+                       krb5_withval=auto
+                       ;;
+               *)
+                       with_krb5_support=yes
+                       AC_MSG_RESULT(yes)
+                       krb5_withval=$withval
+                       KRB5CONFIG="$krb5_withval/bin/krb5-config"
+                       ;;
+       esac ],
+       AC_MSG_RESULT($with_krb5_support)
+)
+
+if test x$with_krb5_support != x"no"; then
+       FOUND_KRB5=no
+       FOUND_KRB5_VIA_CONFIG=no
+
+       #################################################
+       # check for krb5-config from recent MIT and Heimdal kerberos 5
+       AC_MSG_CHECKING(for working specified location for krb5-config)
+       if test x$KRB5CONFIG != "x"; then
+               if test -x "$KRB5CONFIG"; then
+                       ac_save_CFLAGS=$CFLAGS
+                       CFLAGS="";export CFLAGS
+                       ac_save_LDFLAGS=$LDFLAGS
+                       LDFLAGS="";export LDFLAGS
+                       KRB5_LIBS="`$KRB5CONFIG --libs gssapi`"
+                       KRB5_CFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`" 
+                       KRB5_CPPFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
+                       CFLAGS=$ac_save_CFLAGS;export CFLAGS
+                       LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS
+                       FOUND_KRB5=yes
+                       FOUND_KRB5_VIA_CONFIG=yes
+                       AC_MSG_RESULT(yes. Found $KRB5CONFIG)
+               else 
+                       AC_MSG_RESULT(no. Fallback to specified directory)
+               fi
+       else
+               AC_MSG_RESULT(no. Fallback to finding krb5-config in path)
+               #################################################
+               # check for krb5-config from recent MIT and Heimdal kerberos 5
+               AC_PATH_PROG(KRB5CONFIG, krb5-config)
+               AC_MSG_CHECKING(for working krb5-config in path)
+               if test -x "$KRB5CONFIG"; then
+                       ac_save_CFLAGS=$CFLAGS
+                       CFLAGS="";export CFLAGS
+                       ac_save_LDFLAGS=$LDFLAGS
+                       LDFLAGS="";export LDFLAGS
+                       KRB5_LIBS="`$KRB5CONFIG --libs gssapi`"
+                       KRB5_CFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`" 
+                       KRB5_CPPFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
+                       CFLAGS=$ac_save_CFLAGS;export CFLAGS
+                       LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS
+                       FOUND_KRB5=yes
+                       FOUND_KRB5_VIA_CONFIG=yes
+                       AC_MSG_RESULT(yes. Found $KRB5CONFIG)
+               else
+                       AC_MSG_RESULT(no. Fallback to previous krb5 detection strategy)
+               fi
+       fi
+  
+       if test x$FOUND_KRB5 != x"yes"; then
+               #################################################
+               # check for location of Kerberos 5 install
+               AC_MSG_CHECKING(for kerberos 5 install path)
+               case "$krb5_withval" in
+                       no)
+                               AC_MSG_RESULT(no krb5-path given)
+                               ;;
+                       yes)
+                               AC_MSG_RESULT(/usr)
+                               FOUND_KRB5=yes
+                               ;;
+                       *)
+                               AC_MSG_RESULT($krb5_withval)
+                               KRB5_CFLAGS="-I$krb5_withval/include"
+                               KRB5_CPPFLAGS="-I$krb5_withval/include"
+                               KRB5_LDFLAGS="-L$krb5_withval/lib"
+                               FOUND_KRB5=yes
+                               ;;
+               esac
+       fi
+
+       if test x$FOUND_KRB5 != x"yes"; then
+               #################################################
+               # see if this box has the SuSE location for the heimdal krb implementation
+               AC_MSG_CHECKING(for /usr/include/heimdal)
+               if test -d /usr/include/heimdal; then
+                       if test -f /usr/lib/heimdal/lib/libkrb5.a; then
+                               KRB5_CFLAGS="-I/usr/include/heimdal"
+                               KRB5_CPPFLAGS="-I/usr/include/heimdal"
+                               KRB5_LDFLAGS="-L/usr/lib/heimdal/lib"
+                               AC_MSG_RESULT(yes)
+                       else
+                               KRB5_CFLAGS="-I/usr/include/heimdal"
+                               KRB5_CPPFLAGS="-I/usr/include/heimdal"
+                               AC_MSG_RESULT(yes)
+                       fi
+               else
+                       AC_MSG_RESULT(no)
+               fi
+       fi
+
+       if test x$FOUND_KRB5 != x"yes"; then
+               #################################################
+               # see if this box has the RedHat location for kerberos
+               AC_MSG_CHECKING(for /usr/kerberos)
+               if test -d /usr/kerberos -a -f /usr/kerberos/lib/libkrb5.a; then
+                       KRB5_LDFLAGS="-L/usr/kerberos/lib"
+                       KRB5_CFLAGS="-I/usr/kerberos/include"
+                       KRB5_CPPFLAGS="-I/usr/kerberos/include"
+                       AC_MSG_RESULT(yes)
+               else
+                       AC_MSG_RESULT(no)
+               fi
+       fi
+
+       ac_save_CFLAGS=$CFLAGS
+       ac_save_CPPFLAGS=$CPPFLAGS
+       ac_save_LDFLAGS=$LDFLAGS
+
+       #MIT needs this, to let us see 'internal' parts of the headers we use
+       KRB5_CFLAGS="${KRB5_CFLAGS} -DKRB5_PRIVATE -DKRB5_DEPRECATED"
+
+       #Heimdal needs this
+       #TODO: we need to parse KRB5_LIBS for -L path
+       #      and set -Wl,-rpath -Wl,path
+
+       CFLAGS="$CFLAGS $KRB5_CFLAGS"
+       CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
+       LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
+
+       KRB5_LIBS="$KRB5_LDFLAGS $KRB5_LIBS"
+
+       # now check for krb5.h. Some systems have the libraries without the headers!
+       # note that this check is done here to allow for different kerberos
+       # include paths
+       AC_CHECK_HEADERS(krb5.h)
+
+       if test x"$ac_cv_header_krb5_h" = x"no"; then
+               # Give a warning if KRB5 support was not explicitly requested,
+               # i.e with_krb5_support = auto, otherwise die with an error.
+               if test x"$with_krb5_support" = x"yes"; then
+                       AC_MSG_ERROR([KRB5 cannot be supported without krb5.h])
+               else
+                       AC_MSG_WARN([KRB5 cannot be supported without krb5.h])
+               fi
+               # Turn off AD support and restore CFLAGS and LIBS variables
+               with_krb5_support="no"
+       fi
+
+       CFLAGS=$ac_save_CFLAGS
+       CPPFLAGS=$ac_save_CPPFLAGS
+       LDFLAGS=$ac_save_LDFLAGS
+fi
+
+# Now we have determined whether we really want KRB5 support
+
+if test x"$with_krb5_support" != x"no"; then
+       ac_save_CFLAGS=$CFLAGS
+       ac_save_CPPFLAGS=$CPPFLAGS
+       ac_save_LDFLAGS=$LDFLAGS
+       ac_save_LIBS=$LIBS
+
+       CFLAGS="$CFLAGS $KRB5_CFLAGS"
+       CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
+       LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
+
+       # now check for gssapi headers.  This is also done here to allow for
+       # different kerberos include paths
+       AC_CHECK_HEADERS(gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h com_err.h)
+
+       ##################################################################
+       # we might need the k5crypto and com_err libraries on some systems
+       AC_CHECK_LIB_EXT(com_err, KRB5_LIBS, _et_list)
+       AC_CHECK_LIB_EXT(k5crypto, KRB5_LIBS, krb5_encrypt_data)
+
+       # Heimdal checks.
+       # But only if we didn't have a krb5-config to tell us this already
+       if test x"$FOUND_KRB5_VIA_CONFIG" != x"yes"; then
+               AC_CHECK_LIB_EXT(crypto, KRB5_LIBS, des_set_key)
+               AC_CHECK_LIB_EXT(asn1, KRB5_LIBS, copy_Authenticator)
+               AC_CHECK_LIB_EXT(roken, KRB5_LIBS, roken_getaddrinfo_hostspec)
+       fi
+
+       # Heimdal checks. On static Heimdal gssapi must be linked before krb5.
+       AC_CHECK_LIB_EXT(gssapi, KRB5_LIBS, gss_display_status,[],[],
+                               AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
+
+       ########################################################
+       # now see if we can find the krb5 libs in standard paths
+       # or as specified above
+       AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_mk_req_extended)
+       AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_kt_compare)
+
+       ########################################################
+       # now see if we can find the gssapi libs in standard paths
+       if test x"$ac_cv_lib_ext_gssapi_gss_display_status" != x"yes"; then
+          AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[],
+               AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
+        fi
+
+       AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_set_default_in_tkt_etypes, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_set_default_tgs_ktypes, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_principal2salt, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_use_enctype, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_string_to_key, $KRB5_LIBS) 
+       AC_CHECK_FUNC_EXT(krb5_get_pw_salt, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS) 
+       AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS) 
+       AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS) 
+       AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS) 
+       AC_CHECK_FUNC_EXT(krb5_free_ktypes, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_principal_get_comp_string, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_verify_checksum, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_c_verify_checksum, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_ticket_get_authorization_data_type, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_c_enctype_compare, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_enctypes_compatible_keys, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_get_error_string, $KRB5_LIBS)
+       AC_CHECK_FUNC_EXT(krb5_free_error_string, $KRB5_LIBS)
+
+       LIBS="$LIBS $KRB5_LIBS"
+  
+       AC_CACHE_CHECK([for krb5_encrypt_block type],
+                samba_cv_HAVE_KRB5_ENCRYPT_BLOCK,[
+       AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_encrypt_block block;],
+               samba_cv_HAVE_KRB5_ENCRYPT_BLOCK=yes,
+               samba_cv_HAVE_KRB5_ENCRYPT_BLOCK=no)])
+
+       if test x"$samba_cv_HAVE_KRB5_ENCRYPT_BLOCK" = x"yes"; then
+               AC_DEFINE(HAVE_KRB5_ENCRYPT_BLOCK,1,
+               [Whether the type krb5_encrypt_block exists])
+       fi
+
+       AC_CACHE_CHECK([for addrtype in krb5_address],
+               samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_address kaddr; kaddr.addrtype = ADDRTYPE_INET;],
+               samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=yes,
+               samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=no)])
+       if test x"$samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS" = x"yes"; then
+               AC_DEFINE(HAVE_ADDRTYPE_IN_KRB5_ADDRESS,1,
+               [Whether the krb5_address struct has a addrtype property])
+       fi
+
+       AC_CACHE_CHECK([for addr_type in krb5_address],
+               samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_address kaddr; kaddr.addr_type = KRB5_ADDRESS_INET;],
+               samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=yes,
+               samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=no)])
+       if test x"$samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS" = x"yes"; then
+               AC_DEFINE(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,1,
+               [Whether the krb5_address struct has a addr_type property])
+       fi
+
+       AC_CACHE_CHECK([for enc_part2 in krb5_ticket], 
+               samba_cv_HAVE_KRB5_TKT_ENC_PART2,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_ticket tkt; tkt.enc_part2->authorization_data[0]->contents = NULL;],
+               samba_cv_HAVE_KRB5_TKT_ENC_PART2=yes,
+               samba_cv_HAVE_KRB5_TKT_ENC_PART2=no)])
+       if test x"$samba_cv_HAVE_KRB5_TKT_ENC_PART2" = x"yes"; then
+               AC_DEFINE(HAVE_KRB5_TKT_ENC_PART2,1,
+               [Whether the krb5_ticket struct has a enc_part2 property])
+       fi
+
+       AC_CACHE_CHECK([for keyblock in krb5_creds],
+                 samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS,[
+       AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_creds creds; krb5_keyblock kb; creds.keyblock = kb;],
+               samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS=yes,
+               samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS=no)])
+
+       if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS" = x"yes"; then
+               AC_DEFINE(HAVE_KRB5_KEYBLOCK_IN_CREDS,1,
+               [Whether the krb5_creds struct has a keyblock property])
+       fi
+
+       AC_CACHE_CHECK([for session in krb5_creds],
+                 samba_cv_HAVE_KRB5_SESSION_IN_CREDS,[
+       AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_creds creds; krb5_keyblock kb; creds.session = kb;],
+               samba_cv_HAVE_KRB5_SESSION_IN_CREDS=yes,
+               samba_cv_HAVE_KRB5_SESSION_IN_CREDS=no)])
+
+       if test x"$samba_cv_HAVE_KRB5_SESSION_IN_CREDS" = x"yes"; then
+               AC_DEFINE(HAVE_KRB5_SESSION_IN_CREDS,1,
+               [Whether the krb5_creds struct has a session property])
+       fi
+
+       AC_CACHE_CHECK([for keyvalue in krb5_keyblock],
+               samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_keyblock key; key.keyvalue.data = NULL;],
+               samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=yes,
+               samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=no)])
+       if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE" = x"yes"; then
+               AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1,
+               [Whether the krb5_keyblock struct has a keyvalue property])
+       fi
+
+       AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5],
+               samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC_MD5;],
+               samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=yes,
+               samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=no)])
+       AC_CACHE_CHECK([for KEYTYPE_ARCFOUR_56],
+                 samba_cv_HAVE_KEYTYPE_ARCFOUR_56,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_keytype keytype; keytype = KEYTYPE_ARCFOUR_56;],
+               samba_cv_HAVE_KEYTYPE_ARCFOUR_56=yes,
+               samba_cv_HAVE_KEYTYPE_ARCFOUR_56=no)])
+       # Heimdals with KEYTYPE_ARCFOUR but not KEYTYPE_ARCFOUR_56 are broken
+       # w.r.t. arcfour and windows, so we must not enable it here
+       if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5" = x"yes" -a\
+          x"$samba_cv_HAVE_KEYTYPE_ARCFOUR_56" = x"yes"; then
+               AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1,
+               [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available])
+       fi
+
+       AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY],
+               samba_cv_HAVE_AP_OPTS_USE_SUBKEY,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_flags ap_options; ap_options = AP_OPTS_USE_SUBKEY;],
+               samba_cv_HAVE_AP_OPTS_USE_SUBKEY=yes,
+               samba_cv_HAVE_AP_OPTS_USE_SUBKEY=no)])
+       if test x"$samba_cv_HAVE_AP_OPTS_USE_SUBKEY" = x"yes"; then
+               AC_DEFINE(HAVE_AP_OPTS_USE_SUBKEY,1,
+               [Whether the AP_OPTS_USE_SUBKEY ap option is available])
+       fi
+
+       AC_CACHE_CHECK([for KV5M_KEYTAB],
+               samba_cv_HAVE_KV5M_KEYTAB,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_keytab_entry entry; entry.magic = KV5M_KEYTAB;],
+               samba_cv_HAVE_KV5M_KEYTAB=yes,
+               samba_cv_HAVE_KV5M_KEYTAB=no)])
+       if test x"$samba_cv_HAVE_KV5M_KEYTAB" = x"yes"; then
+               AC_DEFINE(HAVE_KV5M_KEYTAB,1,
+               [Whether the KV5M_KEYTAB option is available])
+       fi
+
+       AC_CACHE_CHECK([for the krb5_princ_component macro],
+               samba_cv_HAVE_KRB5_PRINC_COMPONENT,[
+               AC_TRY_LINK([#include <krb5.h>],
+               [const krb5_data *pkdata; krb5_context context; krb5_principal principal; 
+                       pkdata = krb5_princ_component(context, principal, 0);],
+               samba_cv_HAVE_KRB5_PRINC_COMPONENT=yes,
+               samba_cv_HAVE_KRB5_PRINC_COMPONENT=no)])
+       if test x"$samba_cv_HAVE_KRB5_PRINC_COMPONENT" = x"yes"; then
+               AC_DEFINE(HAVE_KRB5_PRINC_COMPONENT,1,
+               [Whether krb5_princ_component is available])
+       fi
+
+       AC_CACHE_CHECK([for key in krb5_keytab_entry],
+               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_keytab_entry entry; krb5_keyblock e; entry.key = e;],
+               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=yes,
+               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=no)])
+       if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY" = x"yes"; then
+               AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEY,1,
+               [Whether krb5_keytab_entry has key member])
+       fi
+
+       AC_CACHE_CHECK([for keyblock in krb5_keytab_entry],
+               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_keytab_entry entry; entry.keyblock.keytype = 0;],
+               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=yes,
+               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=no)])
+       if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK" = x"yes"; then
+               AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,1,
+               [Whether krb5_keytab_entry has keyblock member])
+       fi
+
+       AC_CACHE_CHECK([for WRFILE: keytab support],
+                samba_cv_HAVE_WRFILE_KEYTAB,[
+               AC_TRY_RUN([
+               #include<krb5.h>
+               main()
+               {
+                       krb5_context context;
+                       krb5_keytab keytab;
+                       krb5_init_context(&context);
+                       return krb5_kt_resolve(context, "WRFILE:api", &keytab);
+               }],
+               samba_cv_HAVE_WRFILE_KEYTAB=yes,
+               samba_cv_HAVE_WRFILE_KEYTAB=no)])
+       if test x"$samba_cv_HAVE_WRFILE_KEYTAB" = x"yes"; then
+               AC_DEFINE(HAVE_WRFILE_KEYTAB,1,
+               [Whether the WRFILE:-keytab is supported])
+       fi
+
+       AC_CACHE_CHECK([for krb5_princ_realm returns krb5_realm or krb5_data],
+               samba_cv_KRB5_PRINC_REALM_RETURNS_REALM,[
+               AC_TRY_COMPILE([#include <krb5.h>],
+               [krb5_context context;krb5_principal principal;krb5_realm realm;
+                       realm = *krb5_princ_realm(context, principal);],
+               samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=yes,
+               samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=no)])
+       if test x"$samba_cv_KRB5_PRINC_REALM_RETURNS_REALM" = x"yes"; then
+               AC_DEFINE(KRB5_PRINC_REALM_RETURNS_REALM,1,
+               [Whether krb5_princ_realm returns krb5_realm or krb5_data])
+       fi
+
+       # TODO: check all gssapi headers for this
+       AC_CACHE_CHECK([for GSS_C_DCE_STYLE in gssapi.h],
+               samba_cv_GSS_C_DCE_STYLE,[
+               AC_TRY_COMPILE([#include <gssapi.h>],
+               [int flags = GSS_C_DCE_STYLE;],
+               samba_cv_GSS_C_DCE_STYLE=yes,
+               samba_cv_GSS_C_DCE_STYLE=no)])
+
+       if test x"$ac_cv_lib_ext_krb5_krb5_mk_req_extended" = x"yes"; then
+               AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support])
+               AC_MSG_CHECKING(whether KRB5 support is used)
+               SMB_EXT_LIB_ENABLE(KRB5,YES)
+               AC_MSG_RESULT(yes)
+               echo "KRB5_CFLAGS:   ${KRB5_CFLAGS}"
+               echo "KRB5_CPPFLAGS: ${KRB5_CPPFLAGS}"
+               echo "KRB5_LDFLAGS:  ${KRB5_LDFLAGS}"
+               echo "KRB5_LIBS:     ${KRB5_LIBS}"
+       else
+               if test x"$with_krb5_support" = x"yes"; then
+                       AC_MSG_ERROR(a working krb5 library is needed for KRB5 support)
+               else
+                       AC_MSG_WARN(a working krb5 library is needed for KRB5 support)
+               fi
+               KRB5_CFLAGS=""
+               KRB5_CPPFLAGS=""
+               KRB5_LDFLAGS=""
+               KRB5_LIBS=""
+               with_krb5_support=no 
+       fi
+
+       CFLAGS=$ac_save_CFLAGS
+       CPPFLAGS=$ac_save_CPPFLAGS
+       LDFLAGS=$ac_save_LDFLAGS
+       LIBS="$ac_save_LIBS"
+
+       # as a nasty hack add the krb5 stuff to the global vars,
+       # at some point this should not be needed anymore when the build system
+       # can handle that alone
+       CFLAGS="$CFLAGS $KRB5_CFLAGS"
+       CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
+       LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
+fi
+
+SMB_EXT_LIB(KRB5,[${KRB5_LIBS}],[${KRB5_CFLAGS}],[${KRB5_CPPFLAGS}],[${KRB5_LDFLAGS}])
+
diff --git a/source4/auth/kerberos/kerberos.mk b/source4/auth/kerberos/kerberos.mk
new file mode 100644 (file)
index 0000000..a43e6bb
--- /dev/null
+++ b/source4/auth/kerberos/kerberos.mk
@@ -0,0 +1,10 @@
+#################################
+# Start SUBSYSTEM KERBEROS
+[SUBSYSTEM::KERBEROS]
+INIT_OBJ_FILES = auth/kerberos/kerberos.o 
+ADD_OBJ_FILES = \
+               auth/kerberos/clikrb5.o \
+               auth/kerberos/kerberos_verify.o \
+               auth/kerberos/gssapi_parse.o
+# End SUBSYSTEM KERBEROS
+#################################
diff --git a/source4/libcli/auth/kerberos_verify.c b/source4/auth/kerberos/kerberos_verify.c
similarity index 99%
rename from source4/libcli/auth/kerberos_verify.c
rename to source4/auth/kerberos/kerberos_verify.c
index a1dfe1056e946894f5fc0fab5da440c8981c9250..3188e603cdbfee3c1efba47d31c1acb61a4711d5 100644 (file)
--- a/source4/libcli/auth/kerberos_verify.c
+++ b/source4/auth/kerberos/kerberos_verify.c
@@ -25,7 +25,7 @@
 
 #include "includes.h"
 #include "system/kerberos.h"
-#include "libcli/auth/kerberos.h"
+#include "auth/kerberos/kerberos.h"
 #include "asn_1.h"
 #include "lib/ldb/include/ldb.h"
 #include "secrets.h"
diff --git a/source4/build/smb_build/main.pm b/source4/build/smb_build/main.pm
index 381c548ac1439d962b03053964e26b7df9bfcff5..1dee5be910f71eec0d25c4ea2b73fd81b8aeae8b 100644 (file)
--- a/source4/build/smb_build/main.pm
+++ b/source4/build/smb_build/main.pm
@@ -44,7 +44,8 @@ sub smb_build_main($)
                "ldap_server/config.mk",
                "winbind/config.mk",
                "nbt_server/config.mk",
-               "libcli/auth/gensec.mk",
+               "auth/gensec/gensec.mk",
+               "auth/kerberos/kerberos.mk",
                "libcli/auth/config.mk",
                "libcli/ldap/config.mk",
                "libcli/config.mk",
diff --git a/source4/configure.in b/source4/configure.in
index 366f0380309e253503ec4c07520c59a1984f4606..4b4959158976835ec91679b7c1467a177e959180 100644 (file)
--- a/source4/configure.in
+++ b/source4/configure.in
@@ -20,7 +20,8 @@ SMB_INCLUDE_M4(lib/ldb/config.m4)
 SMB_INCLUDE_M4(lib/events/config.m4)
 SMB_INCLUDE_M4(lib/cmdline/config.m4)
 SMB_INCLUDE_M4(param/config.m4)
-SMB_INCLUDE_M4(libcli/auth/gensec.m4)
+SMB_INCLUDE_M4(auth/kerberos/kerberos.m4)
+SMB_INCLUDE_M4(auth/gensec/gensec.m4)
 SMB_INCLUDE_M4(libcli/config.m4)
 SMB_INCLUDE_M4(librpc/config.m4)
 SMB_INCLUDE_M4(smbd/process_model.m4)
diff --git a/source4/libads/config.m4 b/source4/libads/config.m4
index 8c27dba49ea2d6425a24ea8b1f356b3d7a5486df..a9e3fb5678c62be0be95a325282cdf9b0efd9ee8 100644 (file)
--- a/source4/libads/config.m4
+++ b/source4/libads/config.m4
@@ -86,494 +86,4 @@ if test x"$with_ldap_support" != x"no"; then
   LIBS=$ac_save_LIBS
 fi
 
-#################################################
-# KRB5 support
-KRB5_CFLAGS=""
-KRB5_CPPFLAGS=""
-KRB5_LDFLAGS=""
-KRB5_LIBS=""
-with_krb5_support=auto
-krb5_withval=auto
-AC_MSG_CHECKING([for KRB5 support])
-
-# Do no harm to the values of CFLAGS and LIBS while testing for
-# Kerberos support.
-AC_ARG_WITH(krb5,
-[  --with-krb5=base-dir    Locate Kerberos 5 support (default=auto)],
-       [ case "$withval" in
-               no)
-                       with_krb5_support=no
-                       AC_MSG_RESULT(no)
-                       krb5_withval=no
-                       ;;
-               yes)
-                       with_krb5_support=yes
-                       AC_MSG_RESULT(yes)
-                       krb5_withval=yes
-                       ;;
-               auto)
-                       with_krb5_support=auto
-                       AC_MSG_RESULT(auto)
-                       krb5_withval=auto
-                       ;;
-               *)
-                       with_krb5_support=yes
-                       AC_MSG_RESULT(yes)
-                       krb5_withval=$withval
-                       KRB5CONFIG="$krb5_withval/bin/krb5-config"
-                       ;;
-       esac ],
-       AC_MSG_RESULT($with_krb5_support)
-)
-
-if test x$with_krb5_support != x"no"; then
-       FOUND_KRB5=no
-       FOUND_KRB5_VIA_CONFIG=no
-
-       #################################################
-       # check for krb5-config from recent MIT and Heimdal kerberos 5
-       AC_MSG_CHECKING(for working specified location for krb5-config)
-       if test x$KRB5CONFIG != "x"; then
-               if test -x "$KRB5CONFIG"; then
-                       ac_save_CFLAGS=$CFLAGS
-                       CFLAGS="";export CFLAGS
-                       ac_save_LDFLAGS=$LDFLAGS
-                       LDFLAGS="";export LDFLAGS
-                       KRB5_LIBS="`$KRB5CONFIG --libs gssapi`"
-                       KRB5_CFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`" 
-                       KRB5_CPPFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
-                       CFLAGS=$ac_save_CFLAGS;export CFLAGS
-                       LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS
-                       FOUND_KRB5=yes
-                       FOUND_KRB5_VIA_CONFIG=yes
-                       AC_MSG_RESULT(yes. Found $KRB5CONFIG)
-               else 
-                       AC_MSG_RESULT(no. Fallback to specified directory)
-               fi
-       else
-               AC_MSG_RESULT(no. Fallback to finding krb5-config in path)
-               #################################################
-               # check for krb5-config from recent MIT and Heimdal kerberos 5
-               AC_PATH_PROG(KRB5CONFIG, krb5-config)
-               AC_MSG_CHECKING(for working krb5-config in path)
-               if test -x "$KRB5CONFIG"; then
-                       ac_save_CFLAGS=$CFLAGS
-                       CFLAGS="";export CFLAGS
-                       ac_save_LDFLAGS=$LDFLAGS
-                       LDFLAGS="";export LDFLAGS
-                       KRB5_LIBS="`$KRB5CONFIG --libs gssapi`"
-                       KRB5_CFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`" 
-                       KRB5_CPPFLAGS="`$KRB5CONFIG --cflags | sed s/@INCLUDE_des@//`"
-                       CFLAGS=$ac_save_CFLAGS;export CFLAGS
-                       LDFLAGS=$ac_save_LDFLAGS;export LDFLAGS
-                       FOUND_KRB5=yes
-                       FOUND_KRB5_VIA_CONFIG=yes
-                       AC_MSG_RESULT(yes. Found $KRB5CONFIG)
-               else
-                       AC_MSG_RESULT(no. Fallback to previous krb5 detection strategy)
-               fi
-       fi
-  
-       if test x$FOUND_KRB5 != x"yes"; then
-               #################################################
-               # check for location of Kerberos 5 install
-               AC_MSG_CHECKING(for kerberos 5 install path)
-               case "$krb5_withval" in
-                       no)
-                               AC_MSG_RESULT(no krb5-path given)
-                               ;;
-                       yes)
-                               AC_MSG_RESULT(/usr)
-                               FOUND_KRB5=yes
-                               ;;
-                       *)
-                               AC_MSG_RESULT($krb5_withval)
-                               KRB5_CFLAGS="-I$krb5_withval/include"
-                               KRB5_CPPFLAGS="-I$krb5_withval/include"
-                               KRB5_LDFLAGS="-L$krb5_withval/lib"
-                               FOUND_KRB5=yes
-                               ;;
-               esac
-       fi
-
-       if test x$FOUND_KRB5 != x"yes"; then
-               #################################################
-               # see if this box has the SuSE location for the heimdal krb implementation
-               AC_MSG_CHECKING(for /usr/include/heimdal)
-               if test -d /usr/include/heimdal; then
-                       if test -f /usr/lib/heimdal/lib/libkrb5.a; then
-                               KRB5_CFLAGS="-I/usr/include/heimdal"
-                               KRB5_CPPFLAGS="-I/usr/include/heimdal"
-                               KRB5_LDFLAGS="-L/usr/lib/heimdal/lib"
-                               AC_MSG_RESULT(yes)
-                       else
-                               KRB5_CFLAGS="-I/usr/include/heimdal"
-                               KRB5_CPPFLAGS="-I/usr/include/heimdal"
-                               AC_MSG_RESULT(yes)
-                       fi
-               else
-                       AC_MSG_RESULT(no)
-               fi
-       fi
-
-       if test x$FOUND_KRB5 != x"yes"; then
-               #################################################
-               # see if this box has the RedHat location for kerberos
-               AC_MSG_CHECKING(for /usr/kerberos)
-               if test -d /usr/kerberos -a -f /usr/kerberos/lib/libkrb5.a; then
-                       KRB5_LDFLAGS="-L/usr/kerberos/lib"
-                       KRB5_CFLAGS="-I/usr/kerberos/include"
-                       KRB5_CPPFLAGS="-I/usr/kerberos/include"
-                       AC_MSG_RESULT(yes)
-               else
-                       AC_MSG_RESULT(no)
-               fi
-       fi
-
-       ac_save_CFLAGS=$CFLAGS
-       ac_save_CPPFLAGS=$CPPFLAGS
-       ac_save_LDFLAGS=$LDFLAGS
-
-       #MIT needs this, to let us see 'internal' parts of the headers we use
-       KRB5_CFLAGS="${KRB5_CFLAGS} -DKRB5_PRIVATE -DKRB5_DEPRECATED"
-
-       #Heimdal needs this
-       #TODO: we need to parse KRB5_LIBS for -L path
-       #      and set -Wl,-rpath -Wl,path
-
-       CFLAGS="$CFLAGS $KRB5_CFLAGS"
-       CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
-       LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
-
-       KRB5_LIBS="$KRB5_LDFLAGS $KRB5_LIBS"
-
-       # now check for krb5.h. Some systems have the libraries without the headers!
-       # note that this check is done here to allow for different kerberos
-       # include paths
-       AC_CHECK_HEADERS(krb5.h)
-
-       if test x"$ac_cv_header_krb5_h" = x"no"; then
-               # Give a warning if KRB5 support was not explicitly requested,
-               # i.e with_krb5_support = auto, otherwise die with an error.
-               if test x"$with_krb5_support" = x"yes"; then
-                       AC_MSG_ERROR([KRB5 cannot be supported without krb5.h])
-               else
-                       AC_MSG_WARN([KRB5 cannot be supported without krb5.h])
-               fi
-               # Turn off AD support and restore CFLAGS and LIBS variables
-               with_krb5_support="no"
-       fi
-
-       CFLAGS=$ac_save_CFLAGS
-       CPPFLAGS=$ac_save_CPPFLAGS
-       LDFLAGS=$ac_save_LDFLAGS
-fi
-
-# Now we have determined whether we really want KRB5 support
-
-if test x"$with_krb5_support" != x"no"; then
-       ac_save_CFLAGS=$CFLAGS
-       ac_save_CPPFLAGS=$CPPFLAGS
-       ac_save_LDFLAGS=$LDFLAGS
-       ac_save_LIBS=$LIBS
-
-       CFLAGS="$CFLAGS $KRB5_CFLAGS"
-       CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
-       LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
-
-       # now check for gssapi headers.  This is also done here to allow for
-       # different kerberos include paths
-       AC_CHECK_HEADERS(gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h com_err.h)
-
-       ##################################################################
-       # we might need the k5crypto and com_err libraries on some systems
-       AC_CHECK_LIB_EXT(com_err, KRB5_LIBS, _et_list)
-       AC_CHECK_LIB_EXT(k5crypto, KRB5_LIBS, krb5_encrypt_data)
-
-       # Heimdal checks.
-       # But only if we didn't have a krb5-config to tell us this already
-       if test x"$FOUND_KRB5_VIA_CONFIG" != x"yes"; then
-               AC_CHECK_LIB_EXT(crypto, KRB5_LIBS, des_set_key)
-               AC_CHECK_LIB_EXT(asn1, KRB5_LIBS, copy_Authenticator)
-               AC_CHECK_LIB_EXT(roken, KRB5_LIBS, roken_getaddrinfo_hostspec)
-       fi
-
-       # Heimdal checks. On static Heimdal gssapi must be linked before krb5.
-       AC_CHECK_LIB_EXT(gssapi, KRB5_LIBS, gss_display_status,[],[],
-                               AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
-
-       ########################################################
-       # now see if we can find the krb5 libs in standard paths
-       # or as specified above
-       AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_mk_req_extended)
-       AC_CHECK_LIB_EXT(krb5, KRB5_LIBS, krb5_kt_compare)
-
-       ########################################################
-       # now see if we can find the gssapi libs in standard paths
-       if test x"$ac_cv_lib_ext_gssapi_gss_display_status" != x"yes"; then
-          AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS,gss_display_status,[],[],
-               AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available]))
-        fi
-
-       AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_set_default_in_tkt_etypes, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_set_default_tgs_ktypes, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_principal2salt, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_use_enctype, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_string_to_key, $KRB5_LIBS) 
-       AC_CHECK_FUNC_EXT(krb5_get_pw_salt, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS) 
-       AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS) 
-       AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS) 
-       AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS) 
-       AC_CHECK_FUNC_EXT(krb5_free_ktypes, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_principal_get_comp_string, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_verify_checksum, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_c_verify_checksum, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_ticket_get_authorization_data_type, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_krbhst_get_addrinfo, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_c_enctype_compare, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_enctypes_compatible_keys, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_get_error_string, $KRB5_LIBS)
-       AC_CHECK_FUNC_EXT(krb5_free_error_string, $KRB5_LIBS)
-
-       LIBS="$LIBS $KRB5_LIBS"
-  
-       AC_CACHE_CHECK([for krb5_encrypt_block type],
-                samba_cv_HAVE_KRB5_ENCRYPT_BLOCK,[
-       AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_encrypt_block block;],
-               samba_cv_HAVE_KRB5_ENCRYPT_BLOCK=yes,
-               samba_cv_HAVE_KRB5_ENCRYPT_BLOCK=no)])
-
-       if test x"$samba_cv_HAVE_KRB5_ENCRYPT_BLOCK" = x"yes"; then
-               AC_DEFINE(HAVE_KRB5_ENCRYPT_BLOCK,1,
-               [Whether the type krb5_encrypt_block exists])
-       fi
-
-       AC_CACHE_CHECK([for addrtype in krb5_address],
-               samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_address kaddr; kaddr.addrtype = ADDRTYPE_INET;],
-               samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=yes,
-               samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS=no)])
-       if test x"$samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS" = x"yes"; then
-               AC_DEFINE(HAVE_ADDRTYPE_IN_KRB5_ADDRESS,1,
-               [Whether the krb5_address struct has a addrtype property])
-       fi
-
-       AC_CACHE_CHECK([for addr_type in krb5_address],
-               samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_address kaddr; kaddr.addr_type = KRB5_ADDRESS_INET;],
-               samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=yes,
-               samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS=no)])
-       if test x"$samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS" = x"yes"; then
-               AC_DEFINE(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,1,
-               [Whether the krb5_address struct has a addr_type property])
-       fi
-
-       AC_CACHE_CHECK([for enc_part2 in krb5_ticket], 
-               samba_cv_HAVE_KRB5_TKT_ENC_PART2,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_ticket tkt; tkt.enc_part2->authorization_data[0]->contents = NULL;],
-               samba_cv_HAVE_KRB5_TKT_ENC_PART2=yes,
-               samba_cv_HAVE_KRB5_TKT_ENC_PART2=no)])
-       if test x"$samba_cv_HAVE_KRB5_TKT_ENC_PART2" = x"yes"; then
-               AC_DEFINE(HAVE_KRB5_TKT_ENC_PART2,1,
-               [Whether the krb5_ticket struct has a enc_part2 property])
-       fi
-
-       AC_CACHE_CHECK([for keyblock in krb5_creds],
-                 samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS,[
-       AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_creds creds; krb5_keyblock kb; creds.keyblock = kb;],
-               samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS=yes,
-               samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS=no)])
-
-       if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_IN_CREDS" = x"yes"; then
-               AC_DEFINE(HAVE_KRB5_KEYBLOCK_IN_CREDS,1,
-               [Whether the krb5_creds struct has a keyblock property])
-       fi
-
-       AC_CACHE_CHECK([for session in krb5_creds],
-                 samba_cv_HAVE_KRB5_SESSION_IN_CREDS,[
-       AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_creds creds; krb5_keyblock kb; creds.session = kb;],
-               samba_cv_HAVE_KRB5_SESSION_IN_CREDS=yes,
-               samba_cv_HAVE_KRB5_SESSION_IN_CREDS=no)])
-
-       if test x"$samba_cv_HAVE_KRB5_SESSION_IN_CREDS" = x"yes"; then
-               AC_DEFINE(HAVE_KRB5_SESSION_IN_CREDS,1,
-               [Whether the krb5_creds struct has a session property])
-       fi
-
-       AC_CACHE_CHECK([for keyvalue in krb5_keyblock],
-               samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_keyblock key; key.keyvalue.data = NULL;],
-               samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=yes,
-               samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE=no)])
-       if test x"$samba_cv_HAVE_KRB5_KEYBLOCK_KEYVALUE" = x"yes"; then
-               AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1,
-               [Whether the krb5_keyblock struct has a keyvalue property])
-       fi
-
-       AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5],
-               samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC_MD5;],
-               samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=yes,
-               samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5=no)])
-       AC_CACHE_CHECK([for KEYTYPE_ARCFOUR_56],
-                 samba_cv_HAVE_KEYTYPE_ARCFOUR_56,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_keytype keytype; keytype = KEYTYPE_ARCFOUR_56;],
-               samba_cv_HAVE_KEYTYPE_ARCFOUR_56=yes,
-               samba_cv_HAVE_KEYTYPE_ARCFOUR_56=no)])
-       # Heimdals with KEYTYPE_ARCFOUR but not KEYTYPE_ARCFOUR_56 are broken
-       # w.r.t. arcfour and windows, so we must not enable it here
-       if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5" = x"yes" -a\
-          x"$samba_cv_HAVE_KEYTYPE_ARCFOUR_56" = x"yes"; then
-               AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1,
-               [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available])
-       fi
-
-       AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY],
-               samba_cv_HAVE_AP_OPTS_USE_SUBKEY,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_flags ap_options; ap_options = AP_OPTS_USE_SUBKEY;],
-               samba_cv_HAVE_AP_OPTS_USE_SUBKEY=yes,
-               samba_cv_HAVE_AP_OPTS_USE_SUBKEY=no)])
-       if test x"$samba_cv_HAVE_AP_OPTS_USE_SUBKEY" = x"yes"; then
-               AC_DEFINE(HAVE_AP_OPTS_USE_SUBKEY,1,
-               [Whether the AP_OPTS_USE_SUBKEY ap option is available])
-       fi
-
-       AC_CACHE_CHECK([for KV5M_KEYTAB],
-               samba_cv_HAVE_KV5M_KEYTAB,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_keytab_entry entry; entry.magic = KV5M_KEYTAB;],
-               samba_cv_HAVE_KV5M_KEYTAB=yes,
-               samba_cv_HAVE_KV5M_KEYTAB=no)])
-       if test x"$samba_cv_HAVE_KV5M_KEYTAB" = x"yes"; then
-               AC_DEFINE(HAVE_KV5M_KEYTAB,1,
-               [Whether the KV5M_KEYTAB option is available])
-       fi
-
-       AC_CACHE_CHECK([for the krb5_princ_component macro],
-               samba_cv_HAVE_KRB5_PRINC_COMPONENT,[
-               AC_TRY_LINK([#include <krb5.h>],
-               [const krb5_data *pkdata; krb5_context context; krb5_principal principal; 
-                       pkdata = krb5_princ_component(context, principal, 0);],
-               samba_cv_HAVE_KRB5_PRINC_COMPONENT=yes,
-               samba_cv_HAVE_KRB5_PRINC_COMPONENT=no)])
-       if test x"$samba_cv_HAVE_KRB5_PRINC_COMPONENT" = x"yes"; then
-               AC_DEFINE(HAVE_KRB5_PRINC_COMPONENT,1,
-               [Whether krb5_princ_component is available])
-       fi
-
-       AC_CACHE_CHECK([for key in krb5_keytab_entry],
-               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_keytab_entry entry; krb5_keyblock e; entry.key = e;],
-               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=yes,
-               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY=no)])
-       if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEY" = x"yes"; then
-               AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEY,1,
-               [Whether krb5_keytab_entry has key member])
-       fi
-
-       AC_CACHE_CHECK([for keyblock in krb5_keytab_entry],
-               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_keytab_entry entry; entry.keyblock.keytype = 0;],
-               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=yes,
-               samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK=no)])
-       if test x"$samba_cv_HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK" = x"yes"; then
-               AC_DEFINE(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK,1,
-               [Whether krb5_keytab_entry has keyblock member])
-       fi
-
-       AC_CACHE_CHECK([for WRFILE: keytab support],
-                samba_cv_HAVE_WRFILE_KEYTAB,[
-               AC_TRY_RUN([
-               #include<krb5.h>
-               main()
-               {
-                       krb5_context context;
-                       krb5_keytab keytab;
-                       krb5_init_context(&context);
-                       return krb5_kt_resolve(context, "WRFILE:api", &keytab);
-               }],
-               samba_cv_HAVE_WRFILE_KEYTAB=yes,
-               samba_cv_HAVE_WRFILE_KEYTAB=no)])
-       if test x"$samba_cv_HAVE_WRFILE_KEYTAB" = x"yes"; then
-               AC_DEFINE(HAVE_WRFILE_KEYTAB,1,
-               [Whether the WRFILE:-keytab is supported])
-       fi
-
-       AC_CACHE_CHECK([for krb5_princ_realm returns krb5_realm or krb5_data],
-               samba_cv_KRB5_PRINC_REALM_RETURNS_REALM,[
-               AC_TRY_COMPILE([#include <krb5.h>],
-               [krb5_context context;krb5_principal principal;krb5_realm realm;
-                       realm = *krb5_princ_realm(context, principal);],
-               samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=yes,
-               samba_cv_KRB5_PRINC_REALM_RETURNS_REALM=no)])
-       if test x"$samba_cv_KRB5_PRINC_REALM_RETURNS_REALM" = x"yes"; then
-               AC_DEFINE(KRB5_PRINC_REALM_RETURNS_REALM,1,
-               [Whether krb5_princ_realm returns krb5_realm or krb5_data])
-       fi
-
-       # TODO: check all gssapi headers for this
-       AC_CACHE_CHECK([for GSS_C_DCE_STYLE in gssapi.h],
-               samba_cv_GSS_C_DCE_STYLE,[
-               AC_TRY_COMPILE([#include <gssapi.h>],
-               [int flags = GSS_C_DCE_STYLE;],
-               samba_cv_GSS_C_DCE_STYLE=yes,
-               samba_cv_GSS_C_DCE_STYLE=no)])
-
-       if test x"$ac_cv_lib_ext_krb5_krb5_mk_req_extended" = x"yes"; then
-               AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support])
-               AC_MSG_CHECKING(whether KRB5 support is used)
-               SMB_EXT_LIB_ENABLE(KRB5,YES)
-               AC_MSG_RESULT(yes)
-               echo "KRB5_CFLAGS:   ${KRB5_CFLAGS}"
-               echo "KRB5_CPPFLAGS: ${KRB5_CPPFLAGS}"
-               echo "KRB5_LDFLAGS:  ${KRB5_LDFLAGS}"
-               echo "KRB5_LIBS:     ${KRB5_LIBS}"
-       else
-               if test x"$with_krb5_support" = x"yes"; then
-                       AC_MSG_ERROR(a working krb5 library is needed for KRB5 support)
-               else
-                       AC_MSG_WARN(a working krb5 library is needed for KRB5 support)
-               fi
-               KRB5_CFLAGS=""
-               KRB5_CPPFLAGS=""
-               KRB5_LDFLAGS=""
-               KRB5_LIBS=""
-               with_krb5_support=no 
-       fi
-
-       CFLAGS=$ac_save_CFLAGS
-       CPPFLAGS=$ac_save_CPPFLAGS
-       LDFLAGS=$ac_save_LDFLAGS
-       LIBS="$ac_save_LIBS"
-
-       # as a nasty hack add the krb5 stuff to the global vars,
-       # at some point this should not be needed anymore when the build system
-       # can handle that alone
-       CFLAGS="$CFLAGS $KRB5_CFLAGS"
-       CPPFLAGS="$CPPFLAGS $KRB5_CPPFLAGS"
-       LDFLAGS="$LDFLAGS $KRB5_LDFLAGS"
-fi
-
 SMB_EXT_LIB(LDAP,[${LDAP_LIBS}],[${LDAP_CFLAGS}],[${LDAP_CPPFLAGS}],[${LDAP_LDFLAGS}])
-SMB_EXT_LIB(KRB5,[${KRB5_LIBS}],[${KRB5_CFLAGS}],[${KRB5_CPPFLAGS}],[${KRB5_LDFLAGS}])
My public samba repository