krb5: Detect support for krb5_const_pac type

We can't unconditionally assume (as we did in
third_party/heimdal_build/wscript_configure) that Heimdal has this type,
since we may have an older system Heimdal that lacks it. We must also
check whether krb5_pac_get_buffer() is usable with krb5_const_pac, and
declare krb5_const_pac as a non-const typedef if not.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 93a010323bf3d8850feec5f646154a61241668d6..79178ac80082df1e3e425a7463568086d7f3a53b 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -135,7 +135,18 @@ typedef struct {
 #endif /* HAVE_E_DATA_POINTER_IN_KRB5_ERROR */
 
 #ifndef HAVE_KRB5_CONST_PAC
-typedef krb5_pac krb5_const_pac;
+#ifdef KRB5_CONST_PAC_GET_BUFFER
+typedef const struct krb5_pac_data *krb5_const_pac;
+#else
+/*
+ * Certain Heimdal versions include a version of krb5_pac_get_buffer() that is
+ * unusable in certain cases, taking a krb5_pac when a krb5_const_pac may be all
+ * that we can supply. Furthermore, MIT Kerberos doesn't declare krb5_const_pac
+ * at all. In such cases, we must declare krb5_const_pac as a non-const typedef
+ * so that the build can succeed.
+ */
+typedef struct krb5_pac_data *krb5_const_pac;
+#endif
 #endif
 
 krb5_error_code smb_krb5_parse_name(krb5_context context,

diff --git a/lib/krb5_wrap/wscript_configure b/lib/krb5_wrap/wscript_configure
new file mode 100644 (file)
index 0000000..b595eef
--- /dev/null
+++ b/lib/krb5_wrap/wscript_configure
@@ -0,0 +1,18 @@
+#!/usr/bin/env python
+
+# Check whether we have the krb5_const_pac type, if we aren't sure already.
+if conf.CONFIG_SET('HAVE_KRB5_CONST_PAC') or (
+        conf.CHECK_TYPE('krb5_const_pac',
+                        headers='krb5.h',
+                        lib='krb5')):
+    # If the type is available, check whether krb5_pac_get_buffer() accepts it
+    # as its second parameter, or whether it takes krb5_pac instead.
+    conf.CHECK_C_PROTOTYPE('krb5_pac_get_buffer',
+                           'krb5_error_code krb5_pac_get_buffer('
+                           '    krb5_context context,'
+                           '    krb5_const_pac p,'
+                           '    uint32_t type,'
+                           '    krb5_data *data)',
+                           define='KRB5_CONST_PAC_GET_BUFFER',
+                           headers='krb5.h',
+                           lib='krb5')

diff --git a/third_party/heimdal_build/wscript_configure b/third_party/heimdal_build/wscript_configure
index ee58f7c218218dd218d3feb833ca183eb117a731..a97a1b9baa8edd71cf9b0635fcc3ff02a22a0e05 100644 (file)
--- a/third_party/heimdal_build/wscript_configure
+++ b/third_party/heimdal_build/wscript_configure
@@ -131,7 +131,6 @@ conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1)
 conf.define('HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE', 0)
 conf.define('HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER', 0)
 conf.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1)
-conf.define('HAVE_KRB5_CONST_PAC', 1)
 conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
 conf.define('HAVE_KRB5_ADDRESSES', 1)
 conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
@@ -206,6 +205,8 @@ conf.define('HAVE_KRB5_PROMPT_TYPE', 1)
 
 if conf.CONFIG_SET('USING_EMBEDDED_HEIMDAL'):
     conf.define('HAVE_KRB5_ADDLOG_FUNC_NEED_CONTEXT', 1)
+    conf.define('HAVE_KRB5_CONST_PAC', 1)
+    conf.define('KRB5_CONST_PAC_GET_BUFFER', 1)
 else:
     pass # TODO
 

diff --git a/wscript b/wscript
index 5e775ebd2dd0783e32876d0d5ab411967eb4d8fa..b556aa0cbe2c0fc6a821ae59def346c94cf48944 100644 (file)
--- a/wscript
+++ b/wscript
@@ -354,6 +354,7 @@ def configure(conf):
     conf.RECURSE('lib/socket')
     conf.RECURSE('lib/mscat')
     conf.RECURSE('packaging')
+    conf.RECURSE('lib/krb5_wrap')
 
     conf.SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS()