[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Thu Mar 12 18:01:04 MDT 2015
The branch, master has been updated
via 07330d2 replace: Remove superfluous check for gcrypt header.
via 733435f backupkey: Explicitly link to gnutls and gcrypt
via 61d962b lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt
from f0a6935 s3:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 07330d248bd3feb3c9748174dac407fca592638e
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 12 22:12:43 2015 +0100
replace: Remove superfluous check for gcrypt header.
We only need to check for the header if we need gnutls with gcrypt
support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Mar 13 01:00:27 CET 2015 on sn-devel-104
commit 733435f8582adf7925ea0c93e2cdf411fb89624b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 12 17:05:50 2015 +1300
backupkey: Explicitly link to gnutls and gcrypt
The gcrypt link will be disabled if gnutls is > 3.0.0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 61d962bdfdb9ca13e5f31e726ae84823c6f68fc6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 12 17:01:05 2015 +1300
lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt
We no longer link against gcrypt if gnutls > 3.0.0 is found, as these
versions use libnettle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/replace/wscript | 2 +-
source4/lib/tls/tlscert.c | 4 ++--
source4/lib/tls/wscript | 22 +++++++++++++++++-----
source4/rpc_server/backupkey/dcesrv_backupkey.c | 4 ++--
source4/rpc_server/wscript_build | 2 +-
5 files changed, 23 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/wscript b/lib/replace/wscript
index f8a0179..1949448 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -53,7 +53,7 @@ def configure(conf):
conf.CHECK_HEADERS('sys/uio.h ifaddrs.h direct.h dirent.h')
conf.CHECK_HEADERS('windows.h winsock2.h ws2tcpip.h')
conf.CHECK_HEADERS('errno.h')
- conf.CHECK_HEADERS('gcrypt.h getopt.h iconv.h')
+ conf.CHECK_HEADERS('getopt.h iconv.h')
conf.CHECK_HEADERS('memory.h nss.h sasl/sasl.h')
conf.CHECK_FUNCS_IN('inotify_init', 'inotify', checklibc=True,
diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c
index 8a19e0a..b44d46b 100644
--- a/source4/lib/tls/tlscert.c
+++ b/source4/lib/tls/tlscert.c
@@ -24,7 +24,7 @@
#if ENABLE_GNUTLS
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
-#if HAVE_GCRYPT_H
+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
#include <gcrypt.h>
#endif
@@ -69,7 +69,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n",
hostname));
-#ifdef HAVE_GCRYPT_H
+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#endif
diff --git a/source4/lib/tls/wscript b/source4/lib/tls/wscript
index ae96395..cbba87d 100644
--- a/source4/lib/tls/wscript
+++ b/source4/lib/tls/wscript
@@ -17,11 +17,18 @@ def configure(conf):
conf.SET_TARGET_TYPE('gnutls', 'DISABLED')
conf.SET_TARGET_TYPE('gcrypt', 'DISABLED')
conf.SET_TARGET_TYPE('gpg-error', 'DISABLED')
+ if 'AD_DC_BUILD_IS_ENABLED' in conf.env:
+ conf.fatal("--disable-gnutls given: Building the AD DC requires GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol")
return
- conf.check_cfg(package='gnutls',
- args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs',
- msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False)
+ if conf.check_cfg(package='gnutls',
+ args='"gnutls >= 3.0.0" --cflags --libs',
+ msg='Checking for gnutls >= 3.0.0s', mandatory=False):
+ conf.DEFINE('HAVE_GNUTLS3', 1)
+ else:
+ conf.check_cfg(package='gnutls',
+ args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs',
+ msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False)
if 'HAVE_GNUTLS' in conf.env:
conf.DEFINE('ENABLE_GNUTLS', 1)
@@ -45,8 +52,13 @@ def configure(conf):
conf.CHECK_TYPES('gnutls_datum gnutls_datum_t',
headers='gnutls/gnutls.h', lib='gnutls')
- conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h')
- conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error')
+ # GnuTLS3 moved to libnettle, so only do this in the < 3.0 case
+ if not 'HAVE_GNUTLS3' in conf.env:
+ conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h')
+ conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error')
+ else:
+ conf.SET_TARGET_TYPE('gcrypt', 'DISABLED')
+ conf.SET_TARGET_TYPE('gpg-error', 'DISABLED')
def build(bld):
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 04308bc..749e48b 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -43,7 +43,7 @@
#include "lib/crypto/arcfour.h"
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
-#if HAVE_GCRYPT_H
+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
#include <gcrypt.h>
#endif
@@ -809,7 +809,7 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx,
*rsa = NULL;
gnutls_global_init();
-#ifdef HAVE_GCRYPT_H
+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#endif
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index c79c1827..55f45c7 100755
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -115,7 +115,7 @@ bld.SAMBA_MODULE('dcerpc_backupkey',
autoproto='backupkey/proto.h',
subsystem='dcerpc_server',
init_function='dcerpc_server_backupkey_init',
- deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY krb5 hx509 hcrypto'
+ deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY krb5 hx509 hcrypto gnutls gcrypt'
)
--
Samba Shared Repository
More information about the samba-cvs
mailing list