[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed May 30 06:58:04 MDT 2012
The branch, master has been updated
via 3e92bff s4-provision: Use the s3fs file server by default in migrations
via c8000ca s3-build: Fix configure checks for Heimdal
via a49e771 build: Make gss_wrap_iov mandatory for krb5 build
via 65bd5eb lib/krb5_wrap: Move krb5_princ_size helper to source4 as it is only used there
from 9cae92b s3:utils: use cli_tree_connect() instead of cli_tcon_andx()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3e92bff13df47943d180bdef96f2a3d4815f8472
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 30 16:40:03 2012 +1000
s4-provision: Use the s3fs file server by default in migrations
This covers both migrations from s3 and joining a domain as a new DC.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Wed May 30 14:57:22 CEST 2012 on sn-devel-104
commit c8000cad5598831b11be7788e4356122beb39491
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 30 17:44:42 2012 +1000
s3-build: Fix configure checks for Heimdal
A series of small errors meant that all Heimdal versions became
unsupported, when for the autoconf build, some versions have what we
need.
Andrew Bartlett
commit a49e771a93d54b0f3475242d5e74e09c130c3fac
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 30 19:21:12 2012 +1000
build: Make gss_wrap_iov mandatory for krb5 build
This isn't in Heimdal 1.1, so we still fail on that version, but at
least we fail for the right reasons.
Andrew Bartlett
commit 65bd5eb04bcd426833ba4a5cf424af9710f03f2e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 30 17:41:51 2012 +1000
lib/krb5_wrap: Move krb5_princ_size helper to source4 as it is only used there
This is also where the related krb5_princ_component is declared.
Also fix the configure check to use the correct name
This helps the autoconf build on Heimdal.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
lib/krb5_wrap/krb5_samba.h | 8 ----
source3/configure.in | 35 +++++++++++--------
source4/auth/kerberos/kerberos.h | 8 ++++
source4/heimdal_build/wscript_configure | 2 +-
.../scripting/python/samba/provision/__init__.py | 2 +-
5 files changed, 30 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 8d55a32..bd34879 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -64,14 +64,6 @@
#define AP_OPTS_USE_SUBKEY 0
#endif
-#ifndef krb5_princ_size
-#if defined(HAVE_KRB5_KRB5_PRINCIPAL_GET_NUM_COMP)
-#define krb5_princ_size krb5_principal_get_num_comp
-#else
-#error krb5_princ_size unavailable
-#endif
-#endif
-
typedef struct {
#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
krb5_address **addrs;
diff --git a/source3/configure.in b/source3/configure.in
index 989b617..ea89fa2 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3542,6 +3542,12 @@ if test x"$with_ads_support" != x"no"; then
AC_DEFINE(HAVE_GSSAPI, , [Whether the platform has GSSAPI support])
fi
+ # This is for FreeBSD (and possibly others). gss_mech_krb5 is a
+ # #define to GSS_KRB5_MECHANISM, which is defined in -lgssapi_krb5
+ # Also, gsskrb5_extract_authz_data_from_sec_context is in -lgssapi_krb5
+ AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS, GSS_KRB5_MECHANISM,
+ [KRB5_LIBS="$KRB5_LIBS -lgssapi_krb5"])
+
AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_set_default_in_tkt_etypes, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_set_default_tgs_enctypes, $KRB5_LIBS)
@@ -3567,6 +3573,7 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_principal_compare_any_realm, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_parse_name_norealm, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_princ_size, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_make_principal, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_principal_get_num_comp, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_set_pac_request, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_renewed_creds, $KRB5_LIBS)
@@ -3598,11 +3605,6 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(gss_inquire_sec_context_by_oid, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_wrap_iov, $KRB5_LIBS)
- # This is for FreeBSD (and possibly others). gss_mech_krb5 is a
- # #define to GSS_KRB5_MECHANISM, which is defined in -lgssapi_krb5
- AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS, GSS_KRB5_MECHANISM,
- [KRB5_LIBS="$KRB5_LIBS -lgssapi_krb5"])
-
# MIT krb5 1.8 does not expose this call (yet)
AC_CHECK_DECLS(krb5_get_credentials_for_user, [], [], [#include <krb5.h>])
@@ -4068,17 +4070,15 @@ if test x"$with_ads_support" != x"no"; then
use_ads=no
fi
- if test x"$ac_cv_func_ext_krb5_c_string_to_key" != x"yes"
+ if test x"$ac_cv_func_ext_krb5_principal2salt" != x"yes" -o \
+ x"$ac_cv_func_ext_krb5_c_string_to_key" != x"yes"
then
- AC_MSG_WARN(krb5_c_string_to_key not found in -lkrb5)
- use_ads=no
- fi
-
- if test x"$ac_cv_func_ext_krb5_principal2salt" != x"yes" -a \
- x"$ac_cv_func_ext_krb5_get_pw_salt" != x"yes"
- then
- AC_MSG_WARN(no CREATE_KEY_FUNCTIONS detected)
- use_ads=no
+ if test x"$ac_cv_func_ext_krb5_get_pw_salt" != x"yes" -o \
+ x"$ac_cv_func_ext_krb5_string_to_key_salt" != x"yes"
+ then
+ AC_MSG_WARN(no CREATE_KEY_FUNCTIONS detected)
+ use_ads=no
+ fi
fi
if test x"$ac_cv_func_ext_krb5_get_permitted_enctypes" != x"yes" -a \
@@ -4101,6 +4101,11 @@ if test x"$with_ads_support" != x"no"; then
use_ads=no
fi
+ if test x"$ac_cv_func_ext_gss_wrap_iov" != x"yes" ; then
+ AC_MSG_WARN(gss_wrap_iov not found in -lgssapi)
+ use_ads=no
+ fi
+
if test x"$ac_cv_func_ext_gss_get_name_attribute" != x"yes" ; then
if test x"$ac_cv_func_ext_gsskrb5_extract_authz_data_from_sec_context" != x"yes" -o \
x"$ac_cv_func_ext_gss_inquire_sec_context_by_oid" != x"yes"
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index 0be6d74..707426d 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -74,6 +74,14 @@ krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_con
const krb5_data *krb5_princ_component(krb5_context context, krb5_principal principal, int i );
#endif
+#ifndef krb5_princ_size
+#if defined(HAVE_KRB5_PRINCIPAL_GET_NUM_COMP)
+#define krb5_princ_size krb5_principal_get_num_comp
+#else
+#error krb5_princ_size unavailable
+#endif
+#endif
+
/* Samba wrapper function for krb5 functionality. */
NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
DATA_BLOB blob,
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 31e0c5c..e8dab68 100755
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -154,7 +154,7 @@ conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC', 1)
conf.define('HAVE_KRB5_PDU_NONE_DECL', 1)
conf.define('HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96', 1)
conf.define('HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96', 1)
-conf.define('HAVE_KRB5_KRB5_PRINCIPAL_GET_NUM_COMP', 1)
+conf.define('HAVE_KRB5_PRINCIPAL_GET_NUM_COMP', 1)
conf.define('HAVE_GSSAPI_GSSAPI_SPNEGO_H', 1)
heimdal_includedirs = []
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index db98d51..1dc69a1 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -1604,7 +1604,7 @@ def provision(logger, session_info, credentials, smbconf=None,
backend_type=None, sitename=None,
ol_mmr_urls=None, ol_olc=None, slapd_path=None,
useeadb=False, am_rodc=False,
- lp=None, use_ntvfs=True):
+ lp=None, use_ntvfs=False):
"""Provision samba4
:note: caution, this wipes all existing data!
--
Samba Shared Repository
More information about the samba-cvs
mailing list