[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-unstable-504-g78581ad
simo
idra at samba.org
Wed Dec 5 22:59:43 GMT 2007
This set of patches introduce a new helper program that we are using to
develop kerberos support in cifs.ko
It is not compete yet, but it is a very good start and works with the
cifs.ko code that is going into the newest kernels.
Requires keyutils.h (available only in very recent kernels) to build.
Thanks very much to Igor Mammedov (main author) and Jeff Layton.
Simo.
On Wed, 2007-12-05 at 16:56 -0600, Simo Sorce wrote:
> The branch, v3-2-test has been updated
> via 78581ad070dd6e1886dd2094cf75ebebbb83d9a6 (commit)
> via 1b133d111596f7fb6a42e526ab69f621df97956a (commit)
> via 05bca093d107609f236928f338e2512a628c2c91 (commit)
> via 705f06a0315df83071b799fc77ecf20510a5a1ac (commit)
> via f802db70b8675df43fba892986203bbeac2d02f8 (commit)
> from 66e7e30b13bc6904f20a1b4277143c63f8beec83 (commit)
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
>
>
> - Log -----------------------------------------------------------------
> commit 78581ad070dd6e1886dd2094cf75ebebbb83d9a6
> Merge: 1b133d111596f7fb6a42e526ab69f621df97956a 66e7e30b13bc6904f20a1b4277143c63f8beec83
> Author: Simo Sorce <idra at samba.org>
> Date: Wed Dec 5 17:55:50 2007 -0500
>
> Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-simo
>
> commit 1b133d111596f7fb6a42e526ab69f621df97956a
> Merge: 05bca093d107609f236928f338e2512a628c2c91 71770b4c1d021d829deeb53a6ea3b747fce55c84
> Author: Simo Sorce <idra at samba.org>
> Date: Wed Dec 5 17:54:50 2007 -0500
>
> Merge commit 'origin/v3-2-test' into v3-2-simo
>
> commit 05bca093d107609f236928f338e2512a628c2c91
> Author: Simo Sorce <idra at samba.org>
> Date: Wed Dec 5 17:54:09 2007 -0500
>
> Fix warning
>
> commit 705f06a0315df83071b799fc77ecf20510a5a1ac
> Author: Igor Mammedov <niallain at gmail.com>
> Date: Wed Dec 5 18:23:39 2007 +0300
>
> * helper source for handling cifs kernel module upcall for kerberos
>
> authorization
> * Added -c option to set service prefix to "cifs" in service principal by
> default service prefix "host" is used
> * replaced malloc/free/srtncpy with replacements from samba project
>
> Signed-off-by: Igor Mammedov <niallain at gmail.com>
>
> commit f802db70b8675df43fba892986203bbeac2d02f8
> Author: Igor Mammedov <niallain at gmail.com>
> Date: Wed Dec 5 18:21:29 2007 +0300
>
> * Adds support for cifs.spnego helper into configure and Makefile.in
>
> * Added checks for spnego prereq keyutils.h and kerberos in configure.in
>
> Signed-off-by: Igor Mammedov <niallain at gmail.com>
>
> -----------------------------------------------------------------------
>
> Summary of changes:
> source/Makefile.in | 20 +++-
> source/client/cifs.spnego.c | 301 +++++++++++++++++++++++++++++++++++++++++++
> source/client/cifs_spnego.h | 46 +++++++
> source/configure.in | 42 ++++++
> 4 files changed, 406 insertions(+), 3 deletions(-)
> create mode 100644 source/client/cifs.spnego.c
> create mode 100644 source/client/cifs_spnego.h
>
>
> Changeset truncated at 500 lines:
>
> diff --git a/source/Makefile.in b/source/Makefile.in
> index 532290c..a204ee7 100644
> --- a/source/Makefile.in
> +++ b/source/Makefile.in
> @@ -170,7 +170,7 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \
>
> SBIN_PROGS = bin/smbd at EXEEXT@ bin/nmbd at EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@
>
> -ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@
> +ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@ @CIFSSPNEGO_PROGS@
>
> BIN_PROGS1 = bin/smbclient at EXEEXT@ bin/net at EXEEXT@ bin/smbspool at EXEEXT@ \
> bin/testparm at EXEEXT@ bin/smbstatus at EXEEXT@ bin/smbget at EXEEXT@
> @@ -745,6 +745,8 @@ CIFS_MOUNT_OBJ = client/mount.cifs.o
>
> CIFS_UMOUNT_OBJ = client/umount.cifs.o
>
> +CIFS_SPNEGO_OBJ = client/cifs.spnego.o
> +
> NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) \
> $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ)
>
> @@ -1202,6 +1204,11 @@ bin/umount.cifs at EXEEXT@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ)
> @echo Linking $@
> @$(CC) $(FLAGS) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS)
>
> +bin/cifs.spnego at EXEEXT@: $(BINARY_PREREQS) $(CIFS_SPNEGO_OBJ) $(LIBSMBCLIENT_OBJ)
> + @echo Linking $@
> + @$(CC) $(FLAGS) -o $@ $(CIFS_SPNEGO_OBJ) $(DYNEXP) $(LDFLAGS) -lkeyutils $(LIBS) \
> + $(LIBSMBCLIENT_OBJ) $(KRB5LIBS) $(LDAP_LIBS)
> +
> bin/testparm at EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@
> @echo Linking $@
> @$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(LDAP_LIBS) @POPTLIBS@
> @@ -1729,7 +1736,7 @@ bin/timelimit at EXEEXT@: script/tests/timelimit.o
> @echo Linking $@
> @$(CC) $(FLAGS) -o $@ $(DYNEXP) script/tests/timelimit.o
>
> -install: installservers installbin @INSTALL_CIFSMOUNT@ installman installscripts installdat installmodules @SWAT_INSTALL_TARGETS@ @INSTALL_LIBSMBCLIENT@ @INSTALL_PAM_MODULES@ @INSTALL_LIBSMBSHAREMODES@
> +install: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSSPNEGO@ installman installscripts installdat installmodules @SWAT_INSTALL_TARGETS@ @INSTALL_LIBSMBCLIENT@ @INSTALL_PAM_MODULES@ @INSTALL_LIBSMBSHAREMODES@
>
>
> install-everything: install installmodules
> @@ -1755,6 +1762,10 @@ installcifsmount: @CIFSMOUNT_PROGS@
> @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(ROOTSBINDIR)
> @$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@
>
> +installcifsspnego: @CIFSSPNEGO_PROGS@
> + @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(ROOTSBINDIR)
> + @$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSSPNEGO_PROGS@
> +
> # Some symlinks are required for the 'probing' of modules.
> # This mechanism should go at some point..
> installmodules: modules installdirs
> @@ -1838,7 +1849,7 @@ showlayout:
> @echo " swatdir: $(SWATDIR)"
>
>
> -uninstall: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ uninstallscripts uninstalldat uninstallswat uninstallmodules @UNINSTALL_LIBSMBCLIENT@ @UNINSTALL_PAM_MODULES@ @UNINSTALL_LIBSMBSHAREMODES@
> +uninstall: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSSPNEGO@ uninstallscripts uninstalldat uninstallswat uninstallmodules @UNINSTALL_LIBSMBCLIENT@ @UNINSTALL_PAM_MODULES@ @UNINSTALL_LIBSMBSHAREMODES@
>
> uninstallman:
> @$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(MANDIR) $(srcdir) C
> @@ -1852,6 +1863,9 @@ uninstallbin:
> uninstallcifsmount:
> @$(SHELL) script/uninstallbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@
>
> +uninstallcifsspnego:
> + @$(SHELL) script/uninstallbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSSPNEGO_PROGS@
> +
> uninstallmodules:
> @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(VFSLIBDIR) $(VFS_MODULES)
> @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(PDBLIBDIR) $(PDB_MODULES)
> diff --git a/source/client/cifs.spnego.c b/source/client/cifs.spnego.c
> new file mode 100644
> index 0000000..caa2227
> --- /dev/null
> +++ b/source/client/cifs.spnego.c
> @@ -0,0 +1,301 @@
> +/*
> +* CIFS SPNEGO user-space helper.
> +* Copyright (C) Igor Mammedov (niallain at gmail.com) 2007
> +*
> +* Used by /sbin/request-key for handling
> +* cifs upcall for kerberos authorization of access to share.
> +* You should have keyutils installed and add following line to
> +* /etc/request-key.conf file
> +
> +create cifs.spnego * * /usr/local/sbin/cifs.spnego [-v][-c] %k
> +
> +* This program is free software; you can redistribute it and/or modify
> +* it under the terms of the GNU General Public License as published by
> +* the Free Software Foundation; either version 2 of the License, or
> +* (at your option) any later version.
> +* This program is distributed in the hope that it will be useful,
> +* but WITHOUT ANY WARRANTY; without even the implied warranty of
> +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +* GNU General Public License for more details.
> +* You should have received a copy of the GNU General Public License
> +* along with this program; if not, write to the Free Software
> +* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> +*/
> +
> +#include "includes.h"
> +#include <keyutils.h>
> +
> +#include "cifs_spnego.h"
> +
> +const char* CIFSSPNEGO_VERSION="1.0";
> +static const char *prog = "cifs.spnego";
> +typedef enum _secType {
> + KRB5,
> + MS_KRB5
> +} secType_t;
> +
> +/*
> + * Prepares AP-REQ data for mechToken and gets session key
> + * Uses credentials from cache. It will not ask for password
> + * you should receive credentials for yuor name manually using
> + * kinit or whatever you wish.
> + *
> + * in:
> + * oid - string with OID/ Could be OID_KERBEROS5
> + * or OID_KERBEROS5_OLD
> + * principal - Service name.
> + * Could be "cifs/FQDN" for KRB5 OID
> + * or for MS_KRB5 OID style server principal
> + * like "pdc$@YOUR.REALM.NAME"
> + *
> + * out:
> + * secblob - pointer for spnego wrapped AP-REQ data to be stored
> + * sess_key- pointer for SessionKey data to be stored
> + *
> + * ret: 0 - success, others - failure
> +*/
> +int handle_krb5_mech(const char *oid, const char *principal,
> + DATA_BLOB * secblob, DATA_BLOB * sess_key)
> +{
> + int retval;
> + DATA_BLOB tkt, tkt_wrapped;
> +
> + /* get a kerberos ticket for the service and extract the session key */
> + retval = cli_krb5_get_ticket(principal, 0,
> + &tkt, sess_key, 0, NULL, NULL);
> +
> + if (retval)
> + return retval;
> +
> + /* wrap that up in a nice GSS-API wrapping */
> + tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
> +
> + /* and wrap that in a shiny SPNEGO wrapper */
> + *secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
> +
> + data_blob_free(&tkt_wrapped);
> + data_blob_free(&tkt);
> + return retval;
> +}
> +
> +#define DKD_HAVE_HOSTNAME 1
> +#define DKD_HAVE_VERSION 2
> +#define DKD_HAVE_SEC 4
> +#define DKD_HAVE_IPV4 8
> +#define DKD_HAVE_IPV6 16
> +#define DKD_HAVE_UID 32
> +#define DKD_MUSTHAVE_SET (DKD_HAVE_HOSTNAME|DKD_HAVE_VERSION|DKD_HAVE_SEC)
> +
> +int decode_key_description(const char *desc, int *ver, secType_t * sec,
> + char **hostname, uid_t * uid)
> +{
> + int retval = 0;
> + char *pos;
> + const char *tkn = desc;
> +
> + do {
> + pos = index(tkn, ';');
> + if (strncmp(tkn, "host=", 5) == 0) {
> + int len;
> +
> + if (pos == NULL) {
> + len = strlen(tkn);
> + } else {
> + len = pos - tkn;
> + }
> + len -= 4;
> + SAFE_FREE(*hostname);
> + *hostname = SMB_XMALLOC_ARRAY(char, len);
> + strlcpy(*hostname, tkn + 5, len);
> + retval |= DKD_HAVE_HOSTNAME;
> + } else if (strncmp(tkn, "ipv4=", 5) == 0) {
> + /* BB: do we need it if we have hostname already? */
> + } else if (strncmp(tkn, "ipv6=", 5) == 0) {
> + /* BB: do we need it if we have hostname already? */
> + } else if (strncmp(tkn, "sec=", 4) == 0) {
> + if (strncmp(tkn + 4, "krb5", 4) == 0) {
> + retval |= DKD_HAVE_SEC;
> + *sec = KRB5;
> + }
> + } else if (strncmp(tkn, "uid=", 4) == 0) {
> + errno = 0;
> + *uid = strtol(tkn + 4, NULL, 16);
> + if (errno != 0) {
> + syslog(LOG_WARNING, "Invalid uid format: %s",
> + strerror(errno));
> + return 1;
> + } else {
> + retval |= DKD_HAVE_UID;
> + }
> + } else if (strncmp(tkn, "ver=", 4) == 0) { /* if version */
> + errno = 0;
> + *ver = strtol(tkn + 4, NULL, 16);
> + if (errno != 0) {
> + syslog(LOG_WARNING,
> + "Invalid version format: %s",
> + strerror(errno));
> + return 1;
> + } else {
> + retval |= DKD_HAVE_VERSION;
> + }
> + }
> + if (pos == NULL)
> + break;
> + tkn = pos + 1;
> + } while (tkn);
> + return retval;
> +}
> +
> +int main(const int argc, char *const argv[])
> +{
> + struct cifs_spnego_msg *keydata = NULL;
> + DATA_BLOB secblob = data_blob_null;
> + DATA_BLOB sess_key = data_blob_null;
> + secType_t sectype;
> + key_serial_t key;
> + size_t datalen;
> + long rc = 1;
> + uid_t uid;
> + int kernel_upcall_version;
> + int c, use_cifs_service_prefix = 0;
> + char *buf, *hostname = NULL;
> +
> + openlog(prog, 0, LOG_DAEMON);
> + if (argc < 1) {
> + syslog(LOG_WARNING, "Usage: %s [-c] key_serial", prog);
> + goto out;
> + }
> +
> + while ((c = getopt(argc, argv, "cv")) != -1) {
> + switch (c) {
> + case 'c':{
> + use_cifs_service_prefix = 1;
> + break;
> + }
> + case 'v':{
> + syslog(LOG_WARNING, "version: %s", CIFSSPNEGO_VERSION);
> + fprintf(stderr, "version: %s", CIFSSPNEGO_VERSION);
> + break;
> + }
> + default:{
> + syslog(LOG_WARNING, "unknow option: %c", c);
> + goto out;
> + }
> + }
> + }
> + /* get key and keyring values */
> + errno = 0;
> + key = strtol(argv[optind], NULL, 10);
> + if (errno != 0) {
> + syslog(LOG_WARNING, "Invalid key format: %s", strerror(errno));
> + goto out;
> + }
> +
> + rc = keyctl_describe_alloc(key, &buf);
> + if (rc == -1) {
> + syslog(LOG_WARNING, "keyctl_describe_alloc failed: %s",
> + strerror(errno));
> + rc = 1;
> + goto out;
> + }
> +
> + rc = decode_key_description(buf, &kernel_upcall_version, §ype,
> + &hostname, &uid);
> + if ((rc & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
> + syslog(LOG_WARNING,
> + "unable to get from description necessary params");
> + rc = 1;
> + SAFE_FREE(buf);
> + goto out;
> + }
> + SAFE_FREE(buf);
> +
> + if (kernel_upcall_version != CIFS_SPNEGO_UPCALL_VERSION) {
> + syslog(LOG_WARNING,
> + "incompatible kernel upcall version: 0x%x",
> + kernel_upcall_version);
> + rc = 1;
> + goto out;
> + }
> +
> + if (rc & DKD_HAVE_UID) {
> + rc = setuid(uid);
> + if (rc == -1) {
> + syslog(LOG_WARNING, "setuid: %s", strerror(errno));
> + goto out;
> + }
> + }
> +
> + /* BB: someday upcall SPNEGO blob could be checked here to decide
> + * what mech to use */
> +
> + // do mech specific authorization
> + switch (sectype) {
> + case KRB5:{
> + char *princ;
> + size_t len;
> +
> + /* for "cifs/" service name + terminating 0 */
> + len = strlen(hostname) + 5 + 1;
> + princ = SMB_XMALLOC_ARRAY(char, len);
> + if (!princ) {
> + rc = 1;
> + break;
> + }
> + if (use_cifs_service_prefix) {
> + strlcpy(princ, "cifs/", len);
> + } else {
> + strlcpy(princ, "host/", len);
> + }
> + strlcpy(princ + 5, hostname, len - 5);
> +
> + rc = handle_krb5_mech(OID_KERBEROS5, princ,
> + &secblob, &sess_key);
> + SAFE_FREE(princ);
> + break;
> + }
> + default:{
> + syslog(LOG_WARNING, "sectype: %d is not implemented",
> + sectype);
> + rc = 1;
> + break;
> + }
> + }
> +
> + if (rc) {
> + goto out;
> + }
> +
> + /* pack SecurityBLob and SessionKey into downcall packet */
> + datalen =
> + sizeof(struct cifs_spnego_msg) + secblob.length + sess_key.length;
> + keydata = (struct cifs_spnego_msg*)SMB_XMALLOC_ARRAY(char, datalen);
> + if (!keydata) {
> + rc = 1;
> + goto out;
> + }
> + keydata->version = CIFS_SPNEGO_UPCALL_VERSION;
> + keydata->flags = 0;
> + keydata->sesskey_len = sess_key.length;
> + keydata->secblob_len = secblob.length;
> + memcpy(&(keydata->data), sess_key.data, sess_key.length);
> + memcpy(&(keydata->data) + keydata->sesskey_len,
> + secblob.data, secblob.length);
> +
> + /* setup key */
> + rc = keyctl_instantiate(key, keydata, datalen, 0);
> + if (rc == -1) {
> + syslog(LOG_WARNING, "keyctl_instantiate: %s", strerror(errno));
> + goto out;
> + }
> +
> + /* BB: maybe we need use timeout for key: for example no more then
> + * ticket lifietime? */
> + /* keyctl_set_timeout( key, 60); */
> + out:
> + data_blob_free(&secblob);
> + data_blob_free(&sess_key);
> + SAFE_FREE(hostname);
> + SAFE_FREE(keydata);
> + return rc;
> +}
> diff --git a/source/client/cifs_spnego.h b/source/client/cifs_spnego.h
> new file mode 100644
> index 0000000..13909dd
> --- /dev/null
> +++ b/source/client/cifs_spnego.h
> @@ -0,0 +1,46 @@
> +/*
> + * fs/cifs/cifs_spnego.h -- SPNEGO upcall management for CIFS
> + *
> + * Copyright (c) 2007 Red Hat, Inc.
> + * Author(s): Jeff Layton (jlayton at redhat.com)
> + * Steve French (sfrench at us.ibm.com)
> + *
> + * This library is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU Lesser General Public License as published
> + * by the Free Software Foundation; either version 2.1 of the License, or
> + * (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
> + * the GNU Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this library; if not, write to the Free Software
> + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> + */
> +
> +#ifndef _CIFS_SPNEGO_H
> +#define _CIFS_SPNEGO_H
> +
> +#define CIFS_SPNEGO_UPCALL_VERSION 1
> +
> +/*
> + * The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION.
> + * The flags field is for future use. The request-key callout should set
> + * sesskey_len and secblob_len, and then concatenate the SessKey+SecBlob
> + * and stuff it in the data field.
> + */
> +struct cifs_spnego_msg {
> + uint32_t version;
> + uint32_t flags;
> + uint32_t sesskey_len;
> + uint32_t secblob_len;
> + uint8_t data[1];
> +};
> +
> +#ifdef __KERNEL__
> +extern struct key_type cifs_spnego_key_type;
> +#endif /* KERNEL */
> +
> +#endif /* _CIFS_SPNEGO_H */
> diff --git a/source/configure.in b/source/configure.in
> index 8a945a2..4eea331 100644
> --- a/source/configure.in
> +++ b/source/configure.in
> @@ -343,6 +343,9 @@ AC_SUBST(SMBMOUNT_PROGS)
> AC_SUBST(CIFSMOUNT_PROGS)
> AC_SUBST(INSTALL_CIFSMOUNT)
> AC_SUBST(UNINSTALL_CIFSMOUNT)
> +AC_SUBST(CIFSSPNEGO_PROGS)
> +AC_SUBST(INSTALL_CIFSSPNEGO)
> +AC_SUBST(UNINSTALL_CIFSSPNEGO)
> AC_SUBST(EXTRA_SBIN_PROGS)
> AC_SUBST(EXTRA_ALL_TARGETS)
> AC_SUBST(CONFIG_LIBS)
> @@ -4457,6 +4460,45 @@ AC_ARG_WITH(cifsmount,
> esac ]
> )
>
> +#################################################
> +# check for cifs.spnego support
> +AC_CHECK_HEADERS([keyutils.h], [HAVE_KEYUTILS_H=1], [HAVE_KEYUTILS_H=0])
> +CIFSSPNEGO_PROGS=""
> +INSTALL_CIFSSPNEGO=""
> +UNINSTALL_CIFSSPNEGO=""
> +AC_MSG_CHECKING(whether to build cifs.spnego)
> +AC_ARG_WITH(cifsspnego,
> +[ --with-cifsspnego Include cifs.spnego (Linux only) support (default=no)],
> +[ case "$withval" in
> + no)
> + AC_MSG_RESULT(no)
> + ;;
> + *)
> + case "$host_os" in
> + *linux*)
> + if test x"$use_ads" != x"yes"; then
> + AC_MSG_ERROR(ADS support should be enabled for building cifs.spnego)
> + elif test x"$HAVE_KEYUTILS_H" != "x1"; then
> + AC_MSG_ERROR(keyutils package is required for cifs.spnego)
> + else
> + AC_MSG_RESULT(yes)
> + AC_DEFINE(WITH_CIFSSPNEGO,1,[whether to build cifs.spnego])
> + CIFSSPNEGO_PROGS="bin/cifs.spnego"
> + INSTALL_CIFSSPNEGO="installcifsspnego"
> + UNINSTALL_CIFSSPNEGO="uninstallcifsspnego"
> + fi
> + ;;
> + *)
> + AC_MSG_ERROR(not on a linux system!)
> + ;;
> + esac
> + ;;
> + esac ],
> +[
> + AC_MSG_RESULT(no)
> + ]
> +)
> +
>
> #################################################
> # Check for a PAM clear-text auth, accounts, password
>
>
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the samba-technical
mailing list