hi luke, i have tried your patch with heimdal-0.5 and heimdal-0.4e and added some rough configure.in-checks so that you can choose now between your kerberbos implementation:
--with-krb5impl={heimdal,mit} Choose Kerberos 5 implementation
(default=mit)
--with-krb5libs=DIR Locate Kerberos 5 libs (default=/usr)
--with-krb5includes=DIR Locate Kerberos 5 includes (default=/usr/)
if you have choosen heimdal and configure finds your libs/includes,
HAVE_HEIMDAL is going to be set.
i also had to add $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) on several occasions
in the Makefile to link the missing krb5_set_real_time-function
(i think this should not be the long-term solution.)
everything compiles fine now (with heimdal-0.5, because 0.4e does not have
AP_OPTS_USE_SUBKEY), net ads and smbclient do work *correctly* towards
win2k advanced server, but smbd and winbindd do *not* correctly retrieve
their ticket in ads-mode. while smbd fails with:
libads/kerberos_verify.c:ads_verify_ticket(192)
krb5_rd_req with auth failed (Unknown error -1765328203)
winbind immediately panics.
i suspect that heimdal cannot correctly handle the des-cbc-md5-enctype
that ads uses when the machine is joined to the domain, but i am really
not a kerberos expert...
it would be great to finally have samba3 working with heimdal.
thanks a lot,
guenther
On Wed, Oct 09, 2002 at 05:56:17PM +1000, Luke Howard wrote:
> We're using a custom version of Heimdal, so I may have left out
> a few things that prevent it from building on a normal system.
> Please let me know if I have and I'll fix the patch. It is also
> untested right now, so you may wish to wait until I've had time
> to test it before applying it. :-)
>
> There is no auto-detection; you must configure with -DHEIMDAL.
> You may also need to comment out the /usr/kerberos check in
> configure.in if building on a RedHat system.
>
> regards,
>
> -- Luke
--
Guenther Deschner [EMAIL PROTECTED]
SuSE Linux AG GnuPG: 8EE11688
Berliner Str. 27 phone: +49 (0) 30 / 430944778
D-13507 Berlin fax: +49 (0) 30 / 43732804
--- source/include/includes.h 18 Sep 2002 19:06:58 -0000 1.280
+++ source/include/includes.h 9 Oct 2002 07:51:53 -0000
@@ -397,6 +397,9 @@
#endif
#if HAVE_KRB5_H
+#ifdef HAVE_HEIMDAL
+#define __MD5_H__
+#endif
#include <krb5.h>
#else
#undef HAVE_KRB5
@@ -410,6 +413,12 @@
#include <ldap.h>
#else
#undef HAVE_LDAP
+#endif
+
+#if HAVE_GSSAPI_H
+#include <gssapi.h>
+#else
+#undef HAVE_KRB5
#endif
#if HAVE_GSSAPI_GSSAPI_H
--- source/libads/kerberos_verify.c 4 Oct 2002 07:41:56 -0000 1.3
+++ source/libads/kerberos_verify.c 9 Oct 2002 07:51:54 -0000
@@ -24,6 +24,27 @@
#ifdef HAVE_KRB5
+#if defined(HAVE_HEIMDAL) && !defined(XAD)
+/*
+ * This function is not in the Heimdal mainline.
+ */
+krb5_error_code krb5_set_real_time(krb5_context context,
+ int32_t seconds, int32_t microseconds)
+{
+ krb5_error_code ret;
+ int32_t sec, usec;
+
+ ret = krb5_us_timeofday(context, &sec, &usec);
+ if (ret)
+ return ret;
+
+ context->kdc_sec_offset = seconds - sec;
+ context->kdc_usec_offset = microseconds - usec;
+
+ return 0;
+}
+#endif /* HAVE_HEIMDAL && !XAD */
+
/*
verify an incoming ticket and parse out the principal name and
authorization_data if available
@@ -36,10 +57,14 @@
krb5_keytab keytab = NULL;
krb5_data packet;
krb5_ticket *tkt = NULL;
+#ifdef HAVE_HEIMDAL
+ krb5_salt salt;
+#else
krb5_data salt;
krb5_encrypt_block eblock;
+#endif /* HAVE_HEIMDAL */
int ret, i;
- krb5_keyblock * key;
+ krb5_keyblock *key;
krb5_principal host_princ;
char *host_princ_s;
extern pstring global_myname;
@@ -48,6 +73,9 @@
krb5_data password;
krb5_enctype *enctypes = NULL;
+#ifdef XAD
+ /* We would rather use the keytab. */
+#else
if (!secrets_init()) {
DEBUG(1,("secrets_init failed\n"));
return NT_STATUS_LOGON_FAILURE;
@@ -61,6 +89,7 @@
password.data = password_s;
password.length = strlen(password_s);
+#endif /* XAD */
ret = krb5_init_context(&context);
if (ret) {
@@ -92,39 +121,68 @@
return NT_STATUS_LOGON_FAILURE;
}
+#ifdef HAVE_HEIMDAL
+ ret = krb5_get_pw_salt(context, host_princ, &salt);
+ if (ret) {
+ DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+#else
ret = krb5_principal2salt(context, host_princ, &salt);
if (ret) {
DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
return NT_STATUS_LOGON_FAILURE;
}
+#endif /* HAVE_HEIMDAL */
if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
return NT_STATUS_NO_MEMORY;
}
-
+
+#ifdef HAVE_HEIMDAL
+ if ((ret = krb5_get_default_in_tkt_etypes(context, &enctypes))) {
+ DEBUG(1,("krb5_get_default_in_tkt_etypes failed (%s)\n",
+ error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+#else
if ((ret = krb5_get_permitted_enctypes(context, &enctypes))) {
DEBUG(1,("krb5_get_permitted_enctypes failed (%s)\n",
error_message(ret)));
return NT_STATUS_LOGON_FAILURE;
}
+#endif /* HAVE_HEIMDAL */
/* we need to setup a auth context with each possible encoding type in turn */
for (i=0;enctypes[i];i++) {
+#ifndef XAD
+#ifdef HAVE_HEIMDAL
+ ret = krb5_string_to_key_salt(context, enctypes[i], password_s, salt,
+key);
+ if (ret) {
+ DEBUG(1,("krb5_string_to_key failed (%s)\n",
+error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+ krb5_auth_con_setkey(context, auth_context, key);
+#else
krb5_use_enctype(context, &eblock, enctypes[i]);
-
ret = krb5_string_to_key(context, &eblock, key, &password, &salt);
if (ret) {
continue;
}
krb5_auth_con_setuseruserkey(context, auth_context, key);
-
+#endif /* HAVE_HEIMDAL */
+#endif /* XAD */
packet.length = ticket->length;
packet.data = (krb5_pointer)ticket->data;
if (!(ret = krb5_rd_req(context, &auth_context, &packet,
NULL, keytab, NULL, &tkt))) {
+#ifdef HAVE_HEIMDAL
+ free(enctypes);
+#else
krb5_free_ktypes(context, enctypes);
+#endif /* HAVE_HEIMDAL */
break;
}
}
@@ -135,16 +193,25 @@
return NT_STATUS_LOGON_FAILURE;
}
+#ifdef HAVE_HEIMDAL
+ if (tkt->ticket.authorization_data && tkt->ticket.authorization_data->len) {
+ *auth_data =
+data_blob(tkt->ticket.authorization_data->val->ad_data.data,
+
+tkt->ticket.authorization_data->val->ad_data.length);
+ }
+ if ((ret = krb5_unparse_name(context, tkt->client, principal))) {
+ DEBUG(3,("krb5_unparse_name failed (%s)\n",
+ error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+#else
#if 0
file_save("/tmp/ticket.dat", ticket->data, ticket->length);
#endif
-
if (tkt->enc_part2) {
*auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
tkt->enc_part2->authorization_data[0]->length);
}
-
#if 0
if (tkt->enc_part2) {
file_save("/tmp/authdata.dat",
@@ -158,6 +225,7 @@
error_message(ret)));
return NT_STATUS_LOGON_FAILURE;
}
+#endif /* HAVE_HEIMDAL */
return NT_STATUS_OK;
}
--- source/libads/krb5_setpw.c 28 Sep 2002 14:42:32 -0000 1.9
+++ source/libads/krb5_setpw.c 9 Oct 2002 07:51:54 -0000
@@ -172,10 +172,10 @@
p = packet->data;
- if (packet->data[0] == 0x7e || packet->data[0] == 0x5e) {
+ if (((char *)packet->data)[0] == 0x7e || ((char *)packet->data)[0] == 0x5e) {
/* it's an error packet. We should parse it ... */
DEBUG(1,("Got error packet 0x%x from kpasswd server\n",
- packet->data[0]));
+ ((char *)packet->data)[0]));
return KRB5KRB_AP_ERR_MODIFIED;
}
@@ -196,7 +196,7 @@
ap_rep.length = RSVAL(p, 0); p += 2;
- if (p + ap_rep.length >= packet->data + packet->length) {
+ if (p + ap_rep.length >= (char *)packet->data + packet->length) {
DEBUG(1,("ptr beyond end of packet from kpasswd server\n"));
return KRB5KRB_AP_ERR_MODIFIED;
}
@@ -219,7 +219,7 @@
krb5_free_ap_rep_enc_part(context, ap_rep_enc);
cipherresult.data = p;
- cipherresult.length = (packet->data + packet->length) - p;
+ cipherresult.length = ((char*)packet->data + packet->length) - p;
ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
&replay);
@@ -352,13 +352,21 @@
getpeername(sock, &remote_addr, &addr_len);
addr_len = sizeof(local_addr);
getsockname(sock, &local_addr, &addr_len);
-
- remote_kaddr.addrtype = ADDRTYPE_INET;
- remote_kaddr.length = sizeof(((struct sockaddr_in *)&remote_addr)->sin_addr);
- remote_kaddr.contents = (char *)&(((struct sockaddr_in
*)&remote_addr)->sin_addr);
- local_kaddr.addrtype = ADDRTYPE_INET;
- local_kaddr.length = sizeof(((struct sockaddr_in *)&local_addr)->sin_addr);
- local_kaddr.contents = (char *)&(((struct sockaddr_in
*)&local_addr)->sin_addr);
+
+#ifdef HAVE_HEIMDAL
+ remote_kaddr.addr_type = KRB5_ADDRESS_INET;
+#else
+ remote_kaddr.addr_type = ADDRTYPE_INET;
+#endif
+ remote_kaddr.address.length = sizeof(((struct sockaddr_in
+*)&remote_addr)->sin_addr);
+ remote_kaddr.address.data = (char *)&(((struct sockaddr_in
+*)&remote_addr)->sin_addr);
+#ifdef HAVE_HEIMDAL
+ local_kaddr.addr_type = KRB5_ADDRESS_INET;
+#else
+ local_kaddr.addr_type = ADDRTYPE_INET;
+#endif
+ local_kaddr.address.length = sizeof(((struct sockaddr_in
+*)&local_addr)->sin_addr);
+ local_kaddr.address.data = (char *)&(((struct sockaddr_in
+*)&local_addr)->sin_addr);
ret = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL);
if (ret) {
--- source/libads/sasl.c 28 Sep 2002 14:42:32 -0000 1.10
+++ source/libads/sasl.c 9 Oct 2002 07:51:54 -0000
@@ -243,7 +243,11 @@
servers realm, regardless of our realm */
asprintf(&sname, "ldap/%s@%s", ads->config.ldap_server_name,
ads->config.realm);
krb5_init_context(&ctx);
+#ifdef HAVE_HEIMDAL
+ krb5_set_default_in_tkt_etypes(ctx, enc_types);
+#else
krb5_set_default_tgs_ktypes(ctx, enc_types);
+#endif
krb5_parse_name(ctx, sname, &principal);
free(sname);
krb5_free_context(ctx);
--- source/libsmb/clikrb5.c 18 Sep 2002 01:40:13 -0000 1.19
+++ source/libsmb/clikrb5.c 9 Oct 2002 07:51:54 -0000
@@ -126,11 +126,19 @@
goto failed;
}
+#ifdef HAVE_HEIMDAL
+ if ((retval = krb5_set_default_in_tkt_etypes(context, enc_types))) {
+ DEBUG(1,("krb5_set_default_tgs_ktypes failed (%s)\n",
+ error_message(retval)));
+ goto failed;
+ }
+#else
if ((retval = krb5_set_default_tgs_ktypes(context, enc_types))) {
DEBUG(1,("krb5_set_default_tgs_ktypes failed (%s)\n",
error_message(retval)));
goto failed;
}
+#endif
if ((retval = krb5_mk_req2(context,
&auth_context,
--- source/utils/net_lookup.c 5 Aug 2002 02:47:46 -0000 1.6
+++ source/utils/net_lookup.c 9 Oct 2002 07:51:54 -0000
@@ -175,6 +175,10 @@
int num_kdcs,i;
krb5_data realm;
char **realms;
+#ifdef HAVE_HEIMDAL
+ krb5_krbhst_handle handle;
+ krb5_krbhst_info *hinfo;
+#endif /* HAVE_HEIMDAL */
rc = krb5_init_context(&ctx);
if (rc) {
@@ -200,6 +204,20 @@
realm.length = strlen(realm.data);
}
+#ifdef HAVE_HEIMDAL
+ rc = krb5_krbhst_init(ctx, realm.data, KRB5_KRBHST_KDC, &handle);
+ if (rc) {
+ DEBUG(1, ("krb5_krbhst_init failed (%s)\n", error_message(rc)));
+ return -1;
+ }
+ while ((rc = krb5_krbhst_next(ctx, handle, &hinfo) == 0)) {
+ if (hinfo->ai->ai_family == AF_INET) {
+ struct in_addr in;
+ memcpy(&in, hinfo->ai->ai_addr, MIN(sizeof(in),
+hinfo->ai->ai_addrlen));
+ d_printf("%s:%hd\n", inet_ntoa(in), hinfo->port);
+ }
+ }
+#else
rc = krb5_locate_kdc(ctx, &realm, &addrs, &num_kdcs, 0);
if (rc) {
DEBUG(1, ("krb5_locate_kdc failed (%s)\n", error_message(rc)));
@@ -209,6 +227,7 @@
if (addrs[i].sin_family == AF_INET)
d_printf("%s:%hd\n", inet_ntoa(addrs[i].sin_addr),
ntohs(addrs[i].sin_port));
+#endif /* HAVE_HEIMDAL */
return 0;
#endif
--- source/Makefile.in Wed Oct 9 23:53:40 2002
+++ source/Makefile.in Wed Oct 9 23:55:19 2002
@@ -303,7 +303,7 @@
nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o
NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
- $(PROFILE_OBJ) $(LIB_OBJ) $(SECRETS_OBJ)
+ $(PROFILE_OBJ) $(LIB_OBJ) $(SECRETS_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
WREPL_OBJ1 = wrepld/server.o wrepld/process.o wrepld/parser.o wrepld/socket.o \
wrepld/partners.o
@@ -316,7 +316,8 @@
SWAT_OBJ = $(SWAT_OBJ1) $(PRINTING_OBJ) $(LIBSMB_OBJ) $(LOCKING_OBJ) \
$(PARAM_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
@@ -331,7 +332,8 @@
$(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) printing/notify.o
SMBTREE_OBJ = utils/smbtree.o $(LOCKING_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ)
+ $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
TESTPARM_OBJ = utils/testparm.o \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
@@ -341,13 +343,15 @@
SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(SECRETS_OBJ) \
$(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\
- $(UBIQX_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
SMBGROUPEDIT_OBJ = utils/smbgroupedit.o $(GROUPDB_OBJ) $(PARAM_OBJ) \
- $(LIBSMB_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(LIBSMB_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \
rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \
@@ -359,7 +363,7 @@
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
$(READLINE_OBJ) $(GROUPDB_OBJ) \
- $(LIBADS_OBJ) $(SECRETS_OBJ)
+ $(LIBADS_OBJ) $(SECRETS_OBJ) $(LIBADS_SERVER_OBJ)
PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po lib/snprintf.po
@@ -382,7 +386,7 @@
CLIENT_OBJ1 = client/client.o client/clitar.o
CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
- $(READLINE_OBJ)
+ $(READLINE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \
utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
@@ -395,10 +399,12 @@
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
-CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
MOUNT_OBJ = client/smbmount.o \
- $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
MNT_OBJ = client/smbmnt.o
@@ -406,34 +412,41 @@
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(UBIQX_OBJ) \
- $(LIBSMB_OBJ) $(LIB_OBJ)
+ $(LIBSMB_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o
\
torture/denytest.o torture/mangle_test.o
SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) \
- $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
MASKTEST_OBJ = torture/masktest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
MSGTEST_OBJ = torture/msgtest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
LOCKTEST_OBJ = torture/locktest.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
NSSTEST_OBJ = torture/nsstest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ)
LOCKTEST2_OBJ = torture/locktest2.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
SMBCACLS_OBJ = utils/smbcacls.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \
- $(LIBMSRPC_OBJ)
+ $(LIBMSRPC_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(SECRETS_OBJ)
TALLOCTORT_OBJ = lib/talloctort.o $(LIB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ)
@@ -501,7 +514,7 @@
$(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
$(PROFILE_OBJ) $(UNIGRP_OBJ) \
- $(SECRETS_OBJ) $(LIBADS_OBJ)
+ $(SECRETS_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o
--- source/include/config.h.in Tue Oct 1 10:14:06 2002
+++ source/include/config.h.in Fri Oct 11 01:28:11 2002
@@ -909,6 +909,9 @@
/* Define if you have the <grp.h> header file. */
#undef HAVE_GRP_H
+/* Define if you have the <gssapi.h> header file. */
+#undef HAVE_GSSAPI_H
+
/* Define if you have the <gssapi/gssapi.h> header file. */
#undef HAVE_GSSAPI_GSSAPI_H
--- source/configure.in Sat Oct 5 11:41:39 2002
+++ source/configure.in Sat Oct 12 23:17:01 2002
@@ -1949,7 +1949,7 @@
AC_MSG_CHECKING([whether to use Active Directory])
AC_ARG_WITH(ads,
-[ --with-ads Active Directory support (default yes)],
+[ --with-ads Active Directory support (default yes)],
[ case "$withval" in
no)
with_ads_support=no
@@ -1965,30 +1965,82 @@
FOUND_KRB5=no
if test x"$with_ads_support" = x"yes"; then
- #################################################
- # check for location of Kerberos 5 install
- AC_MSG_CHECKING(for kerberos 5 install path)
- AC_ARG_WITH(krb5,
- [ --with-krb5=base-dir Locate Kerberos 5 support (default=/usr)],
- [ case "$withval" in
- no)
- AC_MSG_RESULT(no)
- ;;
- *)
- AC_MSG_RESULT(yes)
- LIBS="$LIBS -lkrb5"
- CFLAGS="$CFLAGS -I$withval/include"
- CPPFLAGS="$CPPFLAGS -I$withval/include"
- LDFLAGS="$LDFLAGS -L$withval/lib"
- FOUND_KRB5=yes
- ;;
- esac ],
+
+#################################################
+# check for kerberos 5 implementation
+AC_MSG_CHECKING(for kerberos 5 implementation)
+AC_ARG_WITH(krb5impl,
+[ --with-krb5impl={heimdal,mit} Choose Kerberos 5 implementation (default=mit)],
+[ case "$withval" in
+ heimdal)
+ AC_DEFINE(HAVE_HEIMDAL)
+ AC_MSG_RESULT($withval)
+ #CFLAGS="-DHEIMDAL"
+ KRB5IMPL="heimdal"
+ ;;
+ mit)
+ AC_MSG_RESULT($withval)
+ KRB5IMPL="mit"
+ ;;
+ *)
+ AC_MSG_WARN(--with-krb5impl called without argument - will use default)
+ KRB5IMPL="mit"
+ ;;
+ esac ],
+ AC_MSG_RESULT(no)
+)
+
+#################################################
+# check for location of Kerberos 5 install libs
+AC_MSG_CHECKING(for kerberos 5 libs)
+AC_ARG_WITH(krb5libs,
+[ --with-krb5libs=DIR Locate Kerberos 5 libs (default=/usr)],
+[ case "$withval" in
+ no)
AC_MSG_RESULT(no)
- )
+ ;;
+ *)
+ AC_MSG_RESULT(yes)
+ LIBS="$LIBS -lkrb5"
+ LDFLAGS="$LDFLAGS -L$withval"
+ FOUND_KRB5_LIBS=yes
+ ;;
+ esac ],
+ AC_MSG_RESULT(no)
+)
+
+#################################################
+# check for location of Kerberos 5 install includes
+AC_MSG_CHECKING(for kerberos 5 includes)
+AC_ARG_WITH(krb5includes,
+[ --with-krb5includes=DIR Locate Kerberos 5 includes (default=/usr)],
+[ case "$withval" in
+ no)
+ AC_MSG_RESULT(no)
+ ;;
+ *)
+ AC_MSG_RESULT(yes)
+ CFLAGS="$CFLAGS -I$withval"
+ CPPFLAGS="$CPPFLAGS -I$withval"
+ FOUND_KRB5_INCLUDES=yes
+ ;;
+ esac ],
+ AC_MSG_RESULT(no)
+)
-if test x$FOUND_KRB5 = x"no"; then
#################################################
+# check results
+if test x$FOUND_KRB5_LIBS = x"yes"; then
+ if test x$FOUND_KRB5_INCLUDES = x"yes"; then
+ FOUND_KRB5=yes
+ fi
+fi
+
+
+if test x$FOUND_KRB5 = x"no"; then
+if test x$KRB5IMPL = x"mit"; then
+################################################
# see if this box has the RedHat location for kerberos
AC_MSG_CHECKING(for /usr/kerberos)
if test -d /usr/kerberos; then
@@ -2000,6 +2052,7 @@
AC_MSG_RESULT(no)
fi
fi
+fi
# now check for krb5.h. Some systems have the libraries without the headers!
@@ -2008,8 +2061,8 @@
AC_CHECK_HEADERS(krb5.h)
# now check for gssapi headers. This is also done here to allow for
- # different kerberos include paths
- AC_CHECK_HEADERS(gssapi/gssapi_generic.h gssapi/gssapi.h)
+ # different kerberos include paths (Heimdal included)
+ AC_CHECK_HEADERS(gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h)
##################################################################
# we might need the k5crypto and com_err libraries on some systems
@@ -2024,8 +2077,13 @@
########################################################
# now see if we can find the gssapi libs in standard paths
+ if test x$KRB5IMPL = x"heimdal"; then
+ AC_CHECK_LIB(gssapi, gss_display_status, [LIBS="$LIBS -lgssapi";
+ AC_DEFINE(HAVE_GSSAPI)])
+ else
AC_CHECK_LIB(gssapi_krb5, gss_display_status, [LIBS="$LIBS -lgssapi_krb5";
AC_DEFINE(HAVE_GSSAPI)])
+ fi
fi
########################################################
@@ -2035,7 +2093,7 @@
AC_MSG_CHECKING([whether to use LDAP])
AC_ARG_WITH(ldap,
-[ --with-ldap LDAP support (default yes)],
+[ --with-ldap LDAP support (default yes)],
[ case "$withval" in
no)
with_ldap_support=no
--- source/acconfig.h Tue Oct 1 10:13:23 2002
+++ source/acconfig.h Mon Oct 14 16:01:12 2002
@@ -183,6 +183,8 @@
#undef I18N_DEFAULT_PREF_LANG
#undef HAVE_KRB5
#undef HAVE_GSSAPI
+#undef HAVE_HEIMDAL
+#undef UNIXWARE
#undef BROKEN_REDHAT_7_SYSTEM_HEADERS
#undef HAVE_LDAP
#undef HAVE_STAT_ST_BLOCKS
--- source/include/config.h.in Tue Oct 15 18:18:58 2002
+++ source/include/config.h.in Tue Oct 15 18:19:19 2002
@@ -249,6 +249,8 @@
#undef I18N_DEFAULT_PREF_LANG
#undef HAVE_KRB5
#undef HAVE_GSSAPI
+#undef HAVE_HEIMDAL
+#undef UNIXWARE
#undef BROKEN_REDHAT_7_SYSTEM_HEADERS
#undef HAVE_LDAP
#undef HAVE_STAT_ST_BLOCKS
msg03993/pgp00000.pgp
Description: PGP signature
