krb5: Require gss_get_name_attribute or Heimdal's PAC parsing to build with krb5

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 10 23:23:07 CET 2012 on sn-devel-104

diff --git a/source3/configure.in b/source3/configure.in
index 18c6250361947bebdfcfc63504bb5a3bc823204e..c0ddc27d0e840ae47e925526514aa85e7f0c9555 100644 (file)
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3901,6 +3901,7 @@ if test x"$with_ads_support" != x"no"; then
   AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS)
+  AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_mech_krb5, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_oid_equal, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_inquire_sec_context_by_oid, $KRB5_LIBS)
@@ -4516,6 +4517,15 @@ if test x"$with_ads_support" != x"no"; then
 
   fi
 
+  if test x"$ac_cv_func_ext_gss_get_name_attribute" != x"yes" ; then
+    if test x"$ac_cv_func_ext_gsskrb5_extract_authz_data_from_sec_context" != x"yes" -o \
+    if test x"$ac_cv_func_ext_gss_inquire_sec_context_by_oid" != x"yes"
+    then
+      AC_MSG_WARN(need either gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support)
+      use_ads=no
+    fi
+  fi
+
   if test x"$use_ads" = x"yes"; then
     AC_DEFINE(WITH_ADS,1,[Whether to include Active Directory support])
     AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support])

diff --git a/source3/wscript b/source3/wscript
index 35f2b7902419e0ec51ff99b6a91df916581484a7..3eafc2d78e78fe7d2deba33c6b9e592587ad7e09 100644 (file)
--- a/source3/wscript
+++ b/source3/wscript
@@ -798,6 +798,17 @@ return krb5_kt_resolve(context, "WRFILE:api", &keytab);
             if not conf.CONFIG_SET('HAVE_KRB5_DECODE_AP_REQ'):
                 Logs.warn("no KRB5_AP_REQ_DECODING_FUNCTION detected")
                 use_ads=False
+
+        # We don't actually use
+        # gsskrb5_extract_authz_data_from_sec_context, but it is a
+        # clue that this Heimdal, which does the PAC processing we
+        # need on the standard gss_inquire_sec_context_by_oid
+        if not conf.CONFIG_SET('HAVE_GSS_GET_NAME_ATTRIBUTE') and \
+            not (conf.CONFIG_SET('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT') and \
+                     conf.CONFIG_SET('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID')):
+            Logs.warn("need eiterh gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support")
+            use_ads=False
+
         if use_ads:
             conf.DEFINE('WITH_ADS', '1')
             conf.DEFINE('HAVE_KRB5', '1')