Control: tag -1 patch Control: forwarded -1 https://gitlab.com/samba-team/samba/-/merge_requests/3021
Hi,
My investigation has reveald that the built in version of Heimdall is
perfectly(?) capable of supporting KEYRING ccache. However it needs to
be properly configured. The configuration code is there in
autoconf/automake files of Heimdal but is missing from samba wscript*
files.
I am attaching a patch I've made against debian/2%4.17.7+dfsg-1_bpo11+1.
With this patch applied and LD_LIBRARY_PATH set to
LD_LIBRARY_PATH=${HOME}/src/debian/samba/samba/debian/tmp/usr/lib/x86_64-linux-gnu/samba
smbclient from the original debian package (2:4.17.7+dfsg-1~bpo11+1) is
capable of using KEYRING ccache. The patch applies cleanly to master too
(e437c9288a3c as of now).
--
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
From d76344ee0cefcf8adb42928537ba031dd585f797 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Stelmach?= <l.stelm...@samsung.com>
Date: Mon, 3 Apr 2023 10:07:30 +0200
Subject: [PATCH] Configure builtin heimdal to support KEYRING ccache
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Samsung R&D Institute Poland
Signed-off-by: Åukasz Stelmach <l.stelm...@samsung.com>
---
third_party/heimdal_build/wscript_build | 8 ++++++--
third_party/heimdal_build/wscript_configure | 2 ++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build
index 1518afe9ef4..8aea52b55f5 100644
--- a/third_party/heimdal_build/wscript_build
+++ b/third_party/heimdal_build/wscript_build
@@ -710,7 +710,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"):
get_port.c init_creds.c init_creds_pw.c
kcm.c keyblock.c keytab.c keytab_any.c
keytab_file.c keytab_memory.c
- keytab_keyfile.c krbhst.c log.c
+ keytab_keyfile.c krbhst.c krcache.c log.c
mcache.c misc.c mk_error.c mk_priv.c
mk_rep.c mk_req.c mk_req_ext.c
mit_glue.c net_read.c net_write.c n-fold.c padata.c pkinit.c pkinit-ec.c
@@ -726,10 +726,14 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"):
mk_cred.c kx509_err.c
k524_err.c krb_err.c k5e1_err.c''')] + ["../heimdal_build/krb5-glue.c"]
+ krb5_keyutils_dep = ''
+ if bld.CONFIG_SET('HAVE_KEYCTL_GET_PERSISTENT'):
+ krb5_keyutils_dep = ' keyutils'
+
HEIMDAL_LIBRARY('krb5', KRB5_SOURCE,
version_script='lib/krb5/version-script.map',
includes='../heimdal/lib/krb5 ../heimdal/lib/asn1 ../heimdal/include',
- deps='roken wind asn1 hx509 HEIMDAL_KX509_ASN1 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT KRB5_CRYPTO',
+ deps='roken wind asn1 hx509 HEIMDAL_KX509_ASN1 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT KRB5_CRYPTO' + krb5_keyutils_dep,
cflags=['-DLOCALSTATEDIR="/2"'] + bld.dynconfig_cflags(),
)
KRB5_PROTO_SOURCE = KRB5_SOURCE + ['lib/krb5/expand_path.c', 'lib/krb5/plugin.c', 'lib/krb5/context.c', 'lib/krb5/crypto.c']
diff --git a/third_party/heimdal_build/wscript_configure b/third_party/heimdal_build/wscript_configure
index a97a1b9baa8..36ba02d25ad 100644
--- a/third_party/heimdal_build/wscript_configure
+++ b/third_party/heimdal_build/wscript_configure
@@ -65,6 +65,8 @@ conf.DEFINE('HAVE_KRB5',1)
conf.CHECK_FUNCS('dirfd', headers='dirent.h')
conf.CHECK_DECLS('dirfd', reverse=True, headers='dirent.h')
conf.CHECK_STRUCTURE_MEMBER('DIR', 'dd_fd', define='HAVE_DIR_DD_FD', headers='dirent.h')
+conf.CHECK_FUNCS_IN('add_key keyctl_get_persistent', 'keyutils', headers='keyutils.h')
+conf.CHECK_SIZEOF('key_serial_t', headers='keyutils.h')
heimdal_no_error_flags = ['-Wno-error=discarded-qualifiers',
'-Wno-error=cast-qual',
--
2.30.2
signature.asc
Description: PGP signature
