URL: https://github.com/freeipa/freeipa/pull/657 Author: sumit-bose Title: #657: configure: fix --disable-server with certauth plugin Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/657/head:pr657 git checkout pr657
From cb688e60671f8deeb89904d0e5852530f90e0cfc Mon Sep 17 00:00:00 2001 From: Sumit Bose <[email protected]> Date: Mon, 27 Mar 2017 12:18:53 +0200 Subject: [PATCH 1/2] configure: fix --disable-server with certauth plugin Resolves https://pagure.io/freeipa/issue/6816 --- configure.ac | 12 ++++++++++++ server.m4 | 5 ----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 7a67ec0..68340c8 100644 --- a/configure.ac +++ b/configure.ac @@ -225,6 +225,18 @@ AM_COND_IF([ENABLE_SERVER], [ ]) dnl --------------------------------------------------------------------------- +dnl - Check if IPA certauth plugin can be build +dnl --------------------------------------------------------------------------- + +AM_CONDITIONAL([BUILD_IPA_CERTAUTH_PLUGIN], + [test x$have_certauth_plugin = xyes -a x"$SSSCERTMAP_LIBS" != x]) +AM_COND_IF([BUILD_IPA_CERTAUTH_PLUGIN], [ + AM_COND_IF([ENABLE_SERVER], + [AC_MSG_NOTICE([Build IPA KDB certauth plugin])], + [AC_MSG_WARN([Cannot build IPA KDB certauth plugin])]) +]) + +dnl --------------------------------------------------------------------------- dnl - Check for program paths dnl --------------------------------------------------------------------------- AC_PATH_PROG(UNLINK, unlink, [AC_MSG_ERROR([unlink not found])]) diff --git a/server.m4 b/server.m4 index 7b2e94d..a4c9919 100644 --- a/server.m4 +++ b/server.m4 @@ -37,11 +37,6 @@ PKG_CHECK_EXISTS([sss_certmap], AC_CHECK_HEADER([krb5/certauth_plugin.h], [have_certauth_plugin=yes], [have_certauth_plugin=no]) -AM_CONDITIONAL([BUILD_IPA_CERTAUTH_PLUGIN], - [test x$have_certauth_plugin = xyes -a x"$SSSCERTMAP_LIBS" != x]) -AM_COND_IF([BUILD_IPA_CERTAUTH_PLUGIN], - [AC_MSG_NOTICE([Build IPA KDB certauth plugin])], - [AC_MSG_WARN([Cannot build IPA KDB certauth plugin])]) dnl --------------------------------------------------------------------------- dnl - Check for KRB5 krad From 3b4f9f382bf31a192cf2721d9a1e8423573f833b Mon Sep 17 00:00:00 2001 From: Sumit Bose <[email protected]> Date: Mon, 27 Mar 2017 13:19:57 +0200 Subject: [PATCH 2/2] ipa-kdb: do not depend on certauth_plugin.h Related to https://pagure.io/freeipa/issue/4905 --- configure.ac | 2 ++ daemons/ipa-kdb/ipa_kdb.c | 2 ++ daemons/ipa-kdb/ipa_kdb.h | 8 ++++++++ 3 files changed, 12 insertions(+) diff --git a/configure.ac b/configure.ac index 68340c8..f5c5270 100644 --- a/configure.ac +++ b/configure.ac @@ -231,6 +231,8 @@ dnl --------------------------------------------------------------------------- AM_CONDITIONAL([BUILD_IPA_CERTAUTH_PLUGIN], [test x$have_certauth_plugin = xyes -a x"$SSSCERTMAP_LIBS" != x]) AM_COND_IF([BUILD_IPA_CERTAUTH_PLUGIN], [ + AC_DEFINE([HAVE_KRB5_CERTAUTH_PLUGIN], [1], + [MIT Kerberos version supports certauth plugin]) AM_COND_IF([ENABLE_SERVER], [AC_MSG_NOTICE([Build IPA KDB certauth plugin])], [AC_MSG_WARN([Cannot build IPA KDB certauth plugin])]) diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index a961e4e..050bfc9 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -67,7 +67,9 @@ static void ipadb_context_free(krb5_context kcontext, } free(cfg->authz_data); +#ifdef HAVE_KRB5_CERTAUTH_PLUGIN ipa_certauth_free_moddata(&((*ctx)->certauth_moddata)); +#endif free(*ctx); *ctx = NULL; diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index 632c197..72573a6 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -30,6 +30,8 @@ * filtering purposes */ #define SECURID 1 +#include "config.h" + #include <errno.h> #include <kdb.h> #include <ldap.h> @@ -40,7 +42,9 @@ #include <arpa/inet.h> #include <endian.h> #include <unistd.h> +#ifdef HAVE_KRB5_CERTAUTH_PLUGIN #include <krb5/certauth_plugin.h> +#endif #include "ipa_krb5.h" #include "ipa_pwd.h" @@ -112,7 +116,9 @@ struct ipadb_context { krb5_key_salt_tuple *def_encs; int n_def_encs; struct ipadb_mspac *mspac; +#ifdef HAVE_KRB5_CERTAUTH_PLUGIN krb5_certauth_moddata certauth_moddata; +#endif /* Don't access this directly, use ipadb_get_global_config(). */ struct ipadb_global_config config; @@ -334,5 +340,7 @@ int ipadb_get_enc_salt_types(struct ipadb_context *ipactx, LDAPMessage *entry, char *attr, krb5_key_salt_tuple **enc_salt_types, int *n_enc_salt_types); +#ifdef HAVE_KRB5_CERTAUTH_PLUGIN /* CERTAUTH PLUGIN */ void ipa_certauth_free_moddata(krb5_certauth_moddata *moddata); +#endif
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
