[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Thu Mar 12 18:01:04 MDT 2015 

The branch, master has been updated
       via  07330d2 replace: Remove superfluous check for gcrypt header.
       via  733435f backupkey: Explicitly link to gnutls and gcrypt
       via  61d962b lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt
      from  f0a6935 s3:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 07330d248bd3feb3c9748174dac407fca592638e
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Mar 12 22:12:43 2015 +0100

    replace: Remove superfluous check for gcrypt header.
    
    We only need to check for the header if we need gnutls with gcrypt
    support.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Fri Mar 13 01:00:27 CET 2015 on sn-devel-104

commit 733435f8582adf7925ea0c93e2cdf411fb89624b
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Mar 12 17:05:50 2015 +1300

    backupkey: Explicitly link to gnutls and gcrypt
    
    The gcrypt link will be disabled if gnutls is > 3.0.0
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 61d962bdfdb9ca13e5f31e726ae84823c6f68fc6
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Mar 12 17:01:05 2015 +1300

    lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt
    
    We no longer link against gcrypt if gnutls > 3.0.0 is found, as these
    versions use libnettle.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/replace/wscript                             |  2 +-
 source4/lib/tls/tlscert.c                       |  4 ++--
 source4/lib/tls/wscript                         | 22 +++++++++++++++++-----
 source4/rpc_server/backupkey/dcesrv_backupkey.c |  4 ++--
 source4/rpc_server/wscript_build                |  2 +-
 5 files changed, 23 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/replace/wscript b/lib/replace/wscript
index f8a0179..1949448 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -53,7 +53,7 @@ def configure(conf):
     conf.CHECK_HEADERS('sys/uio.h ifaddrs.h direct.h dirent.h')
     conf.CHECK_HEADERS('windows.h winsock2.h ws2tcpip.h')
     conf.CHECK_HEADERS('errno.h')
-    conf.CHECK_HEADERS('gcrypt.h getopt.h iconv.h')
+    conf.CHECK_HEADERS('getopt.h iconv.h')
     conf.CHECK_HEADERS('memory.h nss.h sasl/sasl.h')
 
     conf.CHECK_FUNCS_IN('inotify_init', 'inotify', checklibc=True,
diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c
index 8a19e0a..b44d46b 100644
--- a/source4/lib/tls/tlscert.c
+++ b/source4/lib/tls/tlscert.c
@@ -24,7 +24,7 @@
 #if ENABLE_GNUTLS
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
-#if HAVE_GCRYPT_H
+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
 #include <gcrypt.h>
 #endif
 
@@ -69,7 +69,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
 	DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n", 
 		 hostname));
 	
-#ifdef HAVE_GCRYPT_H
+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
 	DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
 	gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
 #endif
diff --git a/source4/lib/tls/wscript b/source4/lib/tls/wscript
index ae96395..cbba87d 100644
--- a/source4/lib/tls/wscript
+++ b/source4/lib/tls/wscript
@@ -17,11 +17,18 @@ def configure(conf):
         conf.SET_TARGET_TYPE('gnutls', 'DISABLED')
         conf.SET_TARGET_TYPE('gcrypt', 'DISABLED')
         conf.SET_TARGET_TYPE('gpg-error', 'DISABLED')
+        if 'AD_DC_BUILD_IS_ENABLED' in conf.env:
+            conf.fatal("--disable-gnutls given: Building the AD DC requires GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol")
         return
 
-    conf.check_cfg(package='gnutls',
-                   args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs',
-                   msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False)
+    if conf.check_cfg(package='gnutls',
+                      args='"gnutls >= 3.0.0" --cflags --libs',
+                      msg='Checking for gnutls >= 3.0.0s', mandatory=False):
+        conf.DEFINE('HAVE_GNUTLS3', 1)
+    else:
+        conf.check_cfg(package='gnutls',
+                       args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs',
+                       msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False)
 
     if 'HAVE_GNUTLS' in conf.env:
         conf.DEFINE('ENABLE_GNUTLS', 1)
@@ -45,8 +52,13 @@ def configure(conf):
     conf.CHECK_TYPES('gnutls_datum gnutls_datum_t',
                      headers='gnutls/gnutls.h', lib='gnutls')
 
-    conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h')
-    conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error')
+    # GnuTLS3 moved to libnettle, so only do this in the < 3.0 case
+    if not 'HAVE_GNUTLS3' in conf.env:
+        conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h')
+        conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error')
+    else:
+        conf.SET_TARGET_TYPE('gcrypt', 'DISABLED')
+        conf.SET_TARGET_TYPE('gpg-error', 'DISABLED')
 
 
 def build(bld):
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 04308bc..749e48b 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -43,7 +43,7 @@
 #include "lib/crypto/arcfour.h"
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
-#if HAVE_GCRYPT_H
+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
 #include <gcrypt.h>
 #endif
 
@@ -809,7 +809,7 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx,
 	*rsa = NULL;
 
 	gnutls_global_init();
-#ifdef HAVE_GCRYPT_H
+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
 	DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
 	gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
 #endif
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index c79c1827..55f45c7 100755
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -115,7 +115,7 @@ bld.SAMBA_MODULE('dcerpc_backupkey',
 	autoproto='backupkey/proto.h',
 	subsystem='dcerpc_server',
 	init_function='dcerpc_server_backupkey_init',
-	deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY krb5 hx509 hcrypto'
+	deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY krb5 hx509 hcrypto gnutls gcrypt'
 	)
 
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list