From 8daa83a594a2e98f39d764422bfbdbc62c9efd44 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 19:20:00 +0200 Subject: Adding upstream version 2:4.20.0+dfsg. Signed-off-by: Daniel Baumann --- third_party/heimdal_build/asn1_compile_wrapper.sh | 59 ++ third_party/heimdal_build/asn1parse.h | 1 + third_party/heimdal_build/config.h | 69 ++ third_party/heimdal_build/crypto-headers.h | 19 + third_party/heimdal_build/et_compile_wrapper.sh | 54 + third_party/heimdal_build/gssapi-glue.c | 32 + third_party/heimdal_build/hdb-glue.c | 29 + third_party/heimdal_build/ifaddrs.hin | 1 + third_party/heimdal_build/include/krb5-types.h | 56 + third_party/heimdal_build/kafs.h | 32 + third_party/heimdal_build/krb5-glue.c | 27 + third_party/heimdal_build/krb5/kdc-plugin.h | 1 + third_party/heimdal_build/parse.h | 1 + third_party/heimdal_build/perl_path_wrapper.sh | 7 + third_party/heimdal_build/print_version.h | 1 + third_party/heimdal_build/replace.c | 94 ++ third_party/heimdal_build/roken.h | 170 +++ third_party/heimdal_build/sel-gram.h | 1 + third_party/heimdal_build/version.c | 27 + third_party/heimdal_build/vis.h | 15 + third_party/heimdal_build/wscript_build | 1148 +++++++++++++++++++++ third_party/heimdal_build/wscript_configure | 220 ++++ 22 files changed, 2064 insertions(+) create mode 100755 third_party/heimdal_build/asn1_compile_wrapper.sh create mode 100644 third_party/heimdal_build/asn1parse.h create mode 100644 third_party/heimdal_build/config.h create mode 100644 third_party/heimdal_build/crypto-headers.h create mode 100755 third_party/heimdal_build/et_compile_wrapper.sh create mode 100644 third_party/heimdal_build/gssapi-glue.c create mode 100644 third_party/heimdal_build/hdb-glue.c create mode 100644 third_party/heimdal_build/ifaddrs.hin create mode 100644 third_party/heimdal_build/include/krb5-types.h create mode 100644 third_party/heimdal_build/kafs.h create mode 100644 third_party/heimdal_build/krb5-glue.c create mode 100644 third_party/heimdal_build/krb5/kdc-plugin.h create mode 100644 third_party/heimdal_build/parse.h create mode 100755 third_party/heimdal_build/perl_path_wrapper.sh create mode 100644 third_party/heimdal_build/print_version.h create mode 100644 third_party/heimdal_build/replace.c create mode 100644 third_party/heimdal_build/roken.h create mode 100644 third_party/heimdal_build/sel-gram.h create mode 100644 third_party/heimdal_build/version.c create mode 100644 third_party/heimdal_build/vis.h create mode 100644 third_party/heimdal_build/wscript_build create mode 100644 third_party/heimdal_build/wscript_configure (limited to 'third_party/heimdal_build') diff --git a/third_party/heimdal_build/asn1_compile_wrapper.sh b/third_party/heimdal_build/asn1_compile_wrapper.sh new file mode 100755 index 0000000..c449bf8 --- /dev/null +++ b/third_party/heimdal_build/asn1_compile_wrapper.sh @@ -0,0 +1,59 @@ +#!/bin/sh +# + +SELF=$0 +SELFDIR=`dirname ${SELF}` + +BUILDDIR=$1 +DESTDIR=$2 + +CMD=$3 +FILE=$4 +NAME=$5 +shift 5 +OPTIONS="$@" + +test -z "${BUILDDIR}" && { + echo "${SELF}:BUILDDIR: '${BUILDDIR}'" >&2; + exit 1; +} + +test -z "${DESTDIR}" && { + echo "${SELF}:DESTDIR: '${DESTDIR}'" >&2; + exit 1; +} + +test -z "${CMD}" && { + echo "${SELF}:CMD: '${CMD}'" >&2; + exit 1; +} + +test -z "${FILE}" && { + echo "${SELF}:FILE: '${FILE}'" >&2; + exit 1; +} + +test -z "${NAME}" && { + echo "${SELF}:NAME: '${NAME}'" >&2; + exit 1; +} + +CURDIR=`pwd` + +cd ${BUILDDIR} && { + ABS_BUILDDIR=`pwd` + cd ${CURDIR} +} || { + echo "${SELF}:cannot cd into '${BUILDDIR}'" >&2; + exit 1; +} + +cd ${DESTDIR} && { + ${ABS_BUILDDIR}/${CMD} ${OPTIONS} ${FILE} ${NAME} >&2 || exit 1; + cd ${CURDIR} +} || { + echo "${SELF}:cannot cd into '${BUILDDIR}'" >&2; + exit 1; +} + +exit 0; diff --git a/third_party/heimdal_build/asn1parse.h b/third_party/heimdal_build/asn1parse.h new file mode 100644 index 0000000..9e43df3 --- /dev/null +++ b/third_party/heimdal_build/asn1parse.h @@ -0,0 +1 @@ +#include "asn1parse.tab.h" diff --git a/third_party/heimdal_build/config.h b/third_party/heimdal_build/config.h new file mode 100644 index 0000000..7a43970 --- /dev/null +++ b/third_party/heimdal_build/config.h @@ -0,0 +1,69 @@ +/* + this is a replacement config.h for building the heimdal parts of the + Samba source tree +*/ + +#ifndef HAVE_HEIMDAL_CONFIG_H +#define HAVE_HEIMDAL_CONFIG_H + +#include "include/config.h" +#include "../replace/replace.h" +#include "../lib/util/attr.h" + +#define VERSIONLIST {"Lorikeet-Heimdal, Modified for Samba4"} + +#define VERSION "Samba" + +#define PACKAGE VERSION +#define PACKAGE_BUGREPORT "https://bugzilla.samba.org/" +#define PACKAGE_VERSION VERSION + +#define RCSID(msg) struct __rcsid { int __rcsdi; } +#define KRB5 + +/* This needs to be defined for roken too */ +#ifdef VOID_RETSIGTYPE +#define SIGRETURN(x) return +#else +#define SIGRETURN(x) return (RETSIGTYPE)(x) +#endif + +#define HDB_DB_DIR "" + +#undef HAVE_KRB5_ENCRYPT_BLOCK + +/* Because it can't be defined in roken.h */ +#ifndef USE_HCRYPTO_IMATH +#define USE_HCRYPTO_IMATH +#endif + +/*Workaround for heimdal define vs samba define*/ +#if defined(HAVE_LIBINTL_H) && defined(HAVE_BINDTEXTDOMAIN) &&\ + defined(HAVE_TEXTDOMAIN) +#define LIBINTL +#endif + +/* heimdal now wants some atomic ops - ask for the non-atomic ones for Samba */ +#define HEIM_BASE_NON_ATOMIC 1 + +/* lib/replace provides an XSI Compatible strerror_r so use that */ +#define STRERROR_R_PROTO_COMPATIBLE + +/* lib/replace provides a closefrom */ +#ifndef HAVE_CLOSEFROM +#define HAVE_CLOSEFROM 1 +#endif + +/* lib/replace provides a getprogname */ +#ifndef HAVE_GETPROGNAME +#define HAVE_GETPROGNAME 1 +#endif + +/* lib/replace provides a strsep */ +#ifndef HAVE_STRSEP +#define HAVE_STRSEP 1 +#endif + +#define HEIM_FALLTHROUGH FALL_THROUGH + +#endif diff --git a/third_party/heimdal_build/crypto-headers.h b/third_party/heimdal_build/crypto-headers.h new file mode 100644 index 0000000..6220498 --- /dev/null +++ b/third_party/heimdal_build/crypto-headers.h @@ -0,0 +1,19 @@ +#ifndef __crypto_headers_h__ +#define __crypto_headers_h__ +#ifdef KRB5 +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif /* __crypto_headers_h__ */ diff --git a/third_party/heimdal_build/et_compile_wrapper.sh b/third_party/heimdal_build/et_compile_wrapper.sh new file mode 100755 index 0000000..939b434 --- /dev/null +++ b/third_party/heimdal_build/et_compile_wrapper.sh @@ -0,0 +1,54 @@ +#!/bin/sh +# + +SELF="$0" +SELFDIR=`dirname "${SELF}"` + +DESTDIR="$1" +CMD="$2" +FILE="$3" +SOURCE="$4" +shift 4 + +test -z "${DESTDIR}" && { + echo "${SELF}:DESTDIR: '${DESTDIR}'" >&2; + exit 1; +} + +test -z "${CMD}" && { + echo "${SELF}:CMD: '${CMD}'" >&2; + exit 1; +} + +test -z "${FILE}" && { + echo "${SELF}:FILE: '${FILE}'" >&2; + exit 1; +} + +test -z "${SOURCE}" && { + echo "${SELF}:SOURCE: '${SOURCE}'" >&2; + exit 1; +} + +CURDIR="`pwd`" + +cd "${DESTDIR}" && { + # Remove older copies beforehand - MIT's compile_et uses odd permissions for these + # files, which makes Heimdal's compile_et fail mysteriously when writing to them. + rm -f `basename "${FILE}" .et`.c + rm -f `basename "${FILE}" .et`.h + "${CMD}" "${FILE}" >&2 || exit 1; + cd "${CURDIR}" + TMP="${SOURCE}.$$" + mv "${SOURCE}" "${TMP}" && { + echo "#include \"config.h\"" > "${SOURCE}" && { + cat "${TMP}" >> "${SOURCE}" + } + } + rm -f "${TMP}" +} || { + echo "${SELF}:cannot cd into '${DESTDIR}'" >&2; + exit 1; +} + +exit 0; diff --git a/third_party/heimdal_build/gssapi-glue.c b/third_party/heimdal_build/gssapi-glue.c new file mode 100644 index 0000000..3e30247 --- /dev/null +++ b/third_party/heimdal_build/gssapi-glue.c @@ -0,0 +1,32 @@ +/* + Unix SMB/CIFS implementation. + + provide glue functions between heimdal and samba + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "../replace/replace.h" +#include "../heimdal/lib/gssapi/gssapi_mech.h" + +gssapi_mech_interface __gss_ntlm_initialize(void) +{ + return NULL; +} +gssapi_mech_interface __gss_sanon_initialize(void) +{ + return NULL; +} diff --git a/third_party/heimdal_build/hdb-glue.c b/third_party/heimdal_build/hdb-glue.c new file mode 100644 index 0000000..405874f --- /dev/null +++ b/third_party/heimdal_build/hdb-glue.c @@ -0,0 +1,29 @@ +/* + Unix SMB/CIFS implementation. + + provide glue functions between heimdal and samba + + Copyright (C) Andrew Bartlett 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "../heimdal/lib/hdb/hdb_locl.h" + +krb5_error_code +hdb_sqlite_create(krb5_context context, HDB **db, const char *argument) +{ + return EINVAL; +} + diff --git a/third_party/heimdal_build/ifaddrs.hin b/third_party/heimdal_build/ifaddrs.hin new file mode 100644 index 0000000..a50b033 --- /dev/null +++ b/third_party/heimdal_build/ifaddrs.hin @@ -0,0 +1 @@ +#include "system/network.h" diff --git a/third_party/heimdal_build/include/krb5-types.h b/third_party/heimdal_build/include/krb5-types.h new file mode 100644 index 0000000..62a54dd --- /dev/null +++ b/third_party/heimdal_build/include/krb5-types.h @@ -0,0 +1,56 @@ +/* krb5-types.h -- this file was generated for i686-pc-linux-gnu by + $Id: bits.c,v 1.23 2005/01/05 15:22:02 lha Exp $ */ + +#ifndef __samba_krb5_types_h__ +#define __samba_krb5_types_h__ + +#include "replace.h" +#include "system/network.h" +#include "lib/util/attr.h" + +#if defined USING_SYSTEM_KRB5 && defined HEIMDAL_KRB5_TYPES_PATH +#include HEIMDAL_KRB5_TYPES_PATH +#else +typedef socklen_t krb5_socklen_t; +typedef int krb5_socket_t; +typedef ssize_t krb5_ssize_t; +#endif + + +#ifndef HEIMDAL_DEPRECATED +#define HEIMDAL_DEPRECATED _DEPRECATED_ +#endif + +#ifndef HEIMDAL_PRINTF_ATTRIBUTE +#ifdef HAVE_ATTRIBUTE_PRINTF +#define HEIMDAL_PRINTF_ATTRIBUTE(x) __attribute__((format x)) +#else +#define HEIMDAL_PRINTF_ATTRIBUTE(x) +#endif +#endif + +#ifndef HEIMDAL_NORETURN_ATTRIBUTE +#ifdef HAVE___ATTRIBUTE__ +#define HEIMDAL_NORETURN_ATTRIBUTE __attribute__((noreturn)) +#else +#define HEIMDAL_NORETURN_ATTRIBUTE +#endif +#endif + +#ifndef HEIMDAL_UNUSED_ATTRIBUTE +#ifdef HAVE___ATTRIBUTE__ +#define HEIMDAL_UNUSED_ATTRIBUTE __attribute__((unused)) +#else +#define HEIMDAL_UNUSED_ATTRIBUTE +#endif +#endif + +#ifndef HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE +#ifdef HAVE___ATTRIBUTE__ +#define HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE _WARN_UNUSED_RESULT_ +#else +#define HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE +#endif +#endif + +#endif /* __samb_krb5_types_h__ */ diff --git a/third_party/heimdal_build/kafs.h b/third_party/heimdal_build/kafs.h new file mode 100644 index 0000000..bf2e028 --- /dev/null +++ b/third_party/heimdal_build/kafs.h @@ -0,0 +1,32 @@ +int k_hasafs (void); + +int k_hasafs (void) { + return 0; +}; + +int krb_afslog (const char *cell, const char *realm); + +int krb_afslog (const char *cell, const char *realm) { + return 0; +}; +int k_unlog (void); + +int k_unlog (void) { + return 0; +}; +int k_setpag (void); + +int k_setpag (void) { + return 0; +}; +krb5_error_code krb5_afslog (krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm); + +krb5_error_code krb5_afslog (krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm) { + return 0; +}; diff --git a/third_party/heimdal_build/krb5-glue.c b/third_party/heimdal_build/krb5-glue.c new file mode 100644 index 0000000..b2143ac --- /dev/null +++ b/third_party/heimdal_build/krb5-glue.c @@ -0,0 +1,27 @@ +/* + Unix SMB/CIFS implementation. + + provide glue functions between heimdal and samba + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "../heimdal/lib/krb5/krb5_locl.h" + +const krb5_cc_ops krb5_scc_ops = { + .version = KRB5_CC_OPS_VERSION_2, + .prefix = "_NOTSUPPORTED_SDB", +}; diff --git a/third_party/heimdal_build/krb5/kdc-plugin.h b/third_party/heimdal_build/krb5/kdc-plugin.h new file mode 100644 index 0000000..1b99a8d --- /dev/null +++ b/third_party/heimdal_build/krb5/kdc-plugin.h @@ -0,0 +1 @@ +#include "../../heimdal/kdc/kdc-plugin.h" diff --git a/third_party/heimdal_build/parse.h b/third_party/heimdal_build/parse.h new file mode 100644 index 0000000..1456fe0 --- /dev/null +++ b/third_party/heimdal_build/parse.h @@ -0,0 +1 @@ +#include "parse.tab.h" diff --git a/third_party/heimdal_build/perl_path_wrapper.sh b/third_party/heimdal_build/perl_path_wrapper.sh new file mode 100755 index 0000000..f739171 --- /dev/null +++ b/third_party/heimdal_build/perl_path_wrapper.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# + +SELF=$0 +DIR=`dirname $SELF` + +$PERL $DIR/$@ diff --git a/third_party/heimdal_build/print_version.h b/third_party/heimdal_build/print_version.h new file mode 100644 index 0000000..e4790c5 --- /dev/null +++ b/third_party/heimdal_build/print_version.h @@ -0,0 +1 @@ +/* this should be empty */ diff --git a/third_party/heimdal_build/replace.c b/third_party/heimdal_build/replace.c new file mode 100644 index 0000000..3e43f3f --- /dev/null +++ b/third_party/heimdal_build/replace.c @@ -0,0 +1,94 @@ +/* + Unix SMB/CIFS implementation. + + some replacement functions for parts of roken that don't fit easily into + our build system + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "config.h" +#include "err.h" +#include "roken.h" +#include "system/filesys.h" + +#ifndef HAVE_ERR + void err(int eval, const char *format, ...) +{ + va_list ap; + va_start(ap, format); + vfprintf(stderr, format, ap); + perror(""); + va_end(ap); + exit(eval); +} +#endif + +#ifndef HAVE_ERRX + void errx(int eval, const char *format, ...) +{ + va_list ap; + va_start(ap, format); + vfprintf(stderr, format, ap); + va_end(ap); + exit(eval); +} +#endif + +#ifndef HAVE_WARNX + void warnx(const char *format, ...) +{ + va_list ap; + va_start(ap, format); + vfprintf(stderr, format, ap); + va_end(ap); +} +#endif + +#ifndef HAVE_FLOCK + int flock(int fd, int op) +{ +#undef flock + struct flock lock; + lock.l_whence = 0; + lock.l_start = 0; + lock.l_len = 0; + lock.l_pid = 0; + + switch (op & (LOCK_UN|LOCK_SH|LOCK_EX)) { + case LOCK_UN: + lock.l_type = F_UNLCK; + return fcntl(fd, F_SETLK, &lock); + case LOCK_SH: + lock.l_type = F_RDLCK; + return fcntl(fd, (op&LOCK_NB)?F_SETLK:F_SETLKW, &lock); + case LOCK_EX: + lock.l_type = F_WRLCK; + return fcntl(fd, (op&LOCK_NB)?F_SETLK:F_SETLKW, &lock); + } + errno = EINVAL; + return -1; +} +#endif + +#ifndef HAVE_SETPROGNAME + +/* We don't want to use a setprogname reimplementation */ +void setprogname(const char *argv0) +{ +} + +#endif /* HAVE_SETPROGNAME */ diff --git a/third_party/heimdal_build/roken.h b/third_party/heimdal_build/roken.h new file mode 100644 index 0000000..3870609 --- /dev/null +++ b/third_party/heimdal_build/roken.h @@ -0,0 +1,170 @@ +/* + a wrapper to override some of the defines that the heimdal roken system looks at + */ +#ifndef _ROKEN_H_ +#define _ROKEN_H_ + +#include "config.h" + +/* path to sysconf - should we force this to samba LIBDIR ? */ +#define SYSCONFDIR "/etc" + +#define rk_PATH_DELIM '/' + +#define HEIMDAL_LOCALEDIR "/usr/heimdal/locale" + +/* Maximum values on all known systems */ +#define MaxHostNameLen (64+4) +#define MaxPathLen (1024+4) + +/* We want PKINIT */ +#define PKINIT 1 + +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL +#define ROKEN_LIB_VARIABLE +#define GETHOSTBYADDR_PROTO_COMPATIBLE +#define GETSERVBYNAME_PROTO_COMPATIBLE +#define OPENLOG_PROTO_COMPATIBLE +#define GETSOCKNAME_PROTO_COMPATIBLE + +/* even if we do have dlopen, we don't want heimdal using it */ +#undef HAVE_DLOPEN + +/* even if we have LMDB, we don't want heimdal using it */ +#undef HAVE_LMDB + +/* we need to tell roken about the functions that Samba replaces in lib/replace */ +#ifndef HAVE_SETEUID +#define HAVE_SETEUID 1 +#endif + +#ifndef HAVE_STRNLEN +#define HAVE_STRNLEN +#endif + +#ifndef HAVE_STRNDUP +#define HAVE_STRNDUP +#endif + +#ifndef HAVE_STRLCPY +#define HAVE_STRLCPY +#endif + +#ifndef HAVE_STRLCAT +#define HAVE_STRLCAT +#endif + +#ifndef HAVE_STRCASECMP +#define HAVE_STRCASECMP +#endif + +#ifndef HAVE_ASPRINTF +#define HAVE_ASPRINTF +#endif + +#ifndef HAVE_VASPRINTF +#define HAVE_VASPRINTF +#endif + +#ifndef HAVE_MKSTEMP +#define HAVE_MKSTEMP +#endif + +#ifndef HAVE_SETENV +#define HAVE_SETENV +#endif + +#ifndef HAVE_UNSETENV +#define HAVE_UNSETENV +#endif + +#ifndef HAVE_VSYSLOG +#define HAVE_VSYSLOG +#endif + +#ifndef HAVE_SSIZE_T +#define HAVE_SSIZE_T +#endif + +#ifndef HAVE_STRPTIME +#define HAVE_STRPTIME +#endif + +#ifndef HAVE_TIMEGM +#define HAVE_TIMEGM +#endif + +#ifndef HAVE_INNETGR +#define HAVE_INNETGR +#endif + +#ifndef HAVE_INET_ATON +#define HAVE_INET_ATON +#endif + +#ifndef HAVE_INET_NTOP +#define HAVE_INET_NTOP +#endif + +#ifndef HAVE_INET_PTON +#define HAVE_INET_PTON +#endif + +#ifndef HAVE_GETTIMEOFDAY +#define HAVE_GETTIMEOFDAY +#endif + +#ifndef HAVE_SETEGID +#define HAVE_SETEGID +#endif + +#ifndef HAVE_SETEUID +#define HAVE_SETEUID +#endif + +#ifndef HAVE_MEMSET_S +#define HAVE_MEMSET_S +#endif + +#ifndef HAVE_DIRFD +#ifdef HAVE_DIR_DD_FD +#define dirfd(x) ((x)->dd_fd) +#else +#define dirfd(d) (-1) +#endif +#define HAVE_DIRFD 1 +#endif + + +/* we lie about having pidfile() so that NetBSD5 can compile. Nothing + in the parts of heimdal we use actually uses pidfile(), and we + don't use it in Samba, so this works, although its ugly */ +#ifndef HAVE_PIDFILE +#define HAVE_PIDFILE +#endif + +#if (__GNUC__ >= 3) && (__GNUC_MINOR__ >= 1 ) +#ifndef HAVE___ATTRIBUTE__ +#define HAVE___ATTRIBUTE__ +#endif +#endif + +#include "system/network.h" + +/* + * we don't want that roken.h.in includes socket_wrapper + * we include socket_wrapper via "system/network.h" + */ +#undef SOCKET_WRAPPER_REPLACE +#include "../heimdal/lib/roken/roken.h.in" + +extern const char *const heimdal_version; +extern const char *const heimdal_long_version; + +/* we do not want any __APPLE__ magic */ +#ifdef __APPLE__ +#undef __APPLE__ +#endif + +#endif diff --git a/third_party/heimdal_build/sel-gram.h b/third_party/heimdal_build/sel-gram.h new file mode 100644 index 0000000..bae5fc0 --- /dev/null +++ b/third_party/heimdal_build/sel-gram.h @@ -0,0 +1 @@ +#include "sel-gram.tab.h" diff --git a/third_party/heimdal_build/version.c b/third_party/heimdal_build/version.c new file mode 100644 index 0000000..8cceff1 --- /dev/null +++ b/third_party/heimdal_build/version.c @@ -0,0 +1,27 @@ +/* + Unix SMB/CIFS implementation. + + some replacement functions for parts of roken that don't fit easily into + our build system + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "config.h" + +const char *heimdal_version = "samba-internal-heimdal"; +const char *heimdal_long_version = "samba-interal-heimdal"; + diff --git a/third_party/heimdal_build/vis.h b/third_party/heimdal_build/vis.h new file mode 100644 index 0000000..b6e6f6b --- /dev/null +++ b/third_party/heimdal_build/vis.h @@ -0,0 +1,15 @@ +#ifndef _HEIMDAL_BUILD_VIS_H +#define _HEIMDAL_BUILD_VIS_H + +#include "system/locale.h" + +#ifndef __BEGIN_DECLS +#define __BEGIN_DECLS +#endif + +#ifndef __END_DECLS +#define __END_DECLS +#endif + +#include "../heimdal/lib/roken/vis.hin" +#endif diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build new file mode 100644 index 0000000..59fb275 --- /dev/null +++ b/third_party/heimdal_build/wscript_build @@ -0,0 +1,1148 @@ +#!/usr/bin/env python + +import os +from samba_utils import SET_TARGET_TYPE +from samba_autoconf import CURRENT_CFLAGS +from samba_utils import LOAD_ENVIRONMENT, TO_LIST + +def heimdal_path(p, absolute=False): + hpath = os.path.join("../heimdal", p) + if not absolute: + return hpath + return os.path.normpath(os.path.join(bld.path.abspath(), hpath)) + +def heimdal_paths(ps): + return [heimdal_path(p) for p in TO_LIST(ps)] + +# waf build tool for building .et files with compile_et +def HEIMDAL_ASN1(name, source, + options='', + directory='', + option_file=None, + includes='', + template=True): + '''Build a ASN1 file using the asn1 compiler. + This will produce 2 output files''' + source = heimdal_path(source) + bname = os.path.basename(source)[0:-5] + dname = os.path.dirname(source) + asn1name = "%s_asn1" % bname + + if option_file: + option_file = heimdal_path(option_file) + + if not SET_TARGET_TYPE(bld, name, 'ASN1'): + return + + # for ASN1 compilation, I always put it in build_source, as it doesn't make + # sense elsewhere + bld.set_group('build_source') + + out_files = heimdal_paths([ + "%s/asn1_%s_asn1.c" % (directory, bname), + "%s/%s_asn1.h" % (directory, bname), + "%s/%s_asn1-priv.h" % (directory, bname), + "%s/%s_asn1_oids.c" % (directory, bname), + ]) + + # the ${TGT[0].parent.abspath(env)} expression gives us the parent directory of + # the first target in the build directory + # SRC[0].abspath(env) gives the absolute path to the source directory for the first + # source file. Note that in the case of a option_file, we have more than + # one source file + cd_rule = 'cd "${TGT[0].parent.abspath(env)}" &&' + env = LOAD_ENVIRONMENT() + if env.ADDRESS_SANITIZER: + # If address sanitizer is enabled, we need to suppress leak checking + # in the asn1 tool. + no_leak_check = " ASAN_OPTIONS=detect_leaks=0" + else: + no_leak_check = "" + + if template: + template_str = " --template " + else: + template_str = "" + + asn1_rule = cd_rule + \ + no_leak_check + \ + ' "${ASN1_COMPILE}" ${OPTION_FILE} ${ASN1OPTIONS} ' \ + + template_str \ + + ' --one-code-file "${SRC[0].abspath(env)}" ${ASN1NAME}' + + source = TO_LIST(source) + + if option_file is not None: + source.append(option_file) + + deps = '' + if not bld.CONFIG_SET('USING_SYSTEM_ASN1_COMPILE'): + deps = 'asn1_compile' + + t = bld(rule=asn1_rule, + ext_out = '.c', + before = 'c', + update_outputs = True, + shell = True, + source = source, + target = out_files, + depends_on = deps, + name=name + '_ASN1') + + t.env.ASN1NAME = asn1name + t.env.ASN1OPTIONS = options + t.env.BLDBIN = os.path.normpath(os.path.join(bld.srcnode.abspath(bld.env), '..')) + if option_file is not None: + t.env.OPTION_FILE = "--option-file='%s'" % \ + os.path.normpath(os.path.join(bld.path.abspath(), option_file)) + + cfile = out_files[0] + hfile = out_files[1] + hpriv = out_files[2] + + bld.set_group('main') + + includes = TO_LIST(includes) + includes.append(os.path.dirname(out_files[0])) + + cflags=[] + if not template: + cflags = bld.env.HEIMDAL_UNPICKY_WNO_FREE_NOHEAP_OBJECT_CFLAGS + + t = bld(features = 'c', + source = cfile, + target = name, + samba_cflags = CURRENT_CFLAGS(bld, name, cflags), + depends_on = '', + samba_deps = TO_LIST('roken replace heimbase ' + 'HEIMDAL_HEIM_ASN1'), + samba_includes = includes, + local_include = True) + + +def HEIMDAL_ERRTABLE(name, source): + '''Build a heimdal errtable from a .et file''' + + source = heimdal_path(source) + + bname = source[0:-3] # strip off the .et suffix + + if not SET_TARGET_TYPE(bld, name, 'ET'): + return + + bld.set_group('hostcc_build_source') + + out_files = [] + out_files.append('%s.c' % bname) + out_files.append('%s.h' % bname) + + sources = [source, 'et_compile_wrapper.sh'] + + deps = '' + if not bld.CONFIG_SET('USING_SYSTEM_COMPILE_ET'): + deps = 'compile_et' + + t = bld(rule='"${SRC[1].abspath(env)}" "${TGT[0].parent.abspath(env)}" "${COMPILE_ET}" "${SRC[0].abspath(env)}" ${TGT[0].bldpath(env)}', + ext_out = '.c', + before = 'c', + update_outputs = True, + shell = True, + source = sources, + target = out_files, + depends_on = deps, + name = name) + +def HEIMDAL_AUTOPROTO(header, source, options=None, group='prototypes'): + '''rule for heimdal prototype generation''' + header = heimdal_path(header) + bld.set_group(group) + if options is None: + options='-q -P comment -o' + SET_TARGET_TYPE(bld, header, 'PROTOTYPE') + source = heimdal_paths(source) + t = bld(rule='${PERL} "${HEIMDAL}/cf/make-proto.pl" ${OPTIONS} "${TGT[0].abspath(env)}" ${SRC}', + source=source, + target=header, + update_outputs=True, + ext_out='.c', + before='c') + t.env.HEIMDAL = os.path.join(bld.srcnode.abspath(), 'third_party/heimdal') + t.env.OPTIONS = options + + +def HEIMDAL_AUTOPROTO_PRIVATE(header, source): + '''rule for private heimdal prototype generation''' + HEIMDAL_AUTOPROTO(header, source, options='-q -P comment -p') + + +def HEIMDAL_GENERATOR(name, rule, source='', target='', + group='generators'): + '''A generic source generator target''' + + if not SET_TARGET_TYPE(bld, name, 'GENERATOR'): + return + + bld.set_group(group) + return bld( + rule=rule, + source=source, + target=target, + shell=isinstance(rule, str), + update_outputs=True, + before='c', + ext_out='.c', + vars=[rule], + samba_type='GENERATOR', + name=name) + + +def HEIMDAL_LIBRARY(libname, source, deps, version_script=None, includes='', cflags=''): + '''define a Heimdal library''' + + cflags, cflags_end, allow_warnings = HEIMDAL_CFLAGS(use_hostcc=False, + extra_cflags=cflags) + source = heimdal_paths(source) + if version_script is not None: + orig_vscript_map = heimdal_path(version_script, absolute=False) + else: + orig_vscript_map = None + bld.SAMBA_LIBRARY(libname, source, + deps=deps, + includes=includes, + cflags=cflags, + cflags_end=cflags_end, + allow_warnings=allow_warnings, + private_library=True, + orig_vscript_map=orig_vscript_map) + +def HEIMDAL_CFLAGS(use_hostcc=False, extra_cflags=[]): + cflags_unpicky=[] + + if bld.env.allow_heimdal_warnings: + cflags_unpicky += bld.env.HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS + cflags_unpicky += bld.env.HEIMDAL_UNPICKY_WNO_MAYBE_UNINITIALIZED_CFLAGS + # old compilers on centos7 or ubuntu1604 need this + + allow_warnings = bld.env.allow_heimdal_warnings + cflags_picky = bld.env.HEIMDAL_NO_ERROR_CFLAGS + extra_cflags=TO_LIST(extra_cflags) + + cflags = '' + cflags_end = cflags_picky + cflags_unpicky + extra_cflags + return (cflags, cflags_end, allow_warnings) + +def HEIMDAL_SUBSYSTEM(modname, source, + deps='', + includes='', + cflags='', + group='main', + use_hostcc=False, + use_global_deps=True): + '''define a Heimdal subsystem''' + + cflags, cflags_end, allow_warnings = HEIMDAL_CFLAGS(use_hostcc=use_hostcc, + extra_cflags=cflags) + source = heimdal_paths(source) + + bld.SAMBA_SUBSYSTEM(modname, + source = source, + deps = deps, + includes = includes, + cflags = cflags, + cflags_end = cflags_end, + allow_warnings = allow_warnings, + group = group, + use_hostcc = use_hostcc, + use_global_deps= use_global_deps) + +def HEIMDAL_BINARY(binname, source, + deps='', + includes='', + cflags='', + use_hostcc=False, + use_global_deps=True, + compiler=None, + group='main', + install=True, + install_path=None): + '''define a Samba binary''' + + cflags, cflags_end, allow_warnings = HEIMDAL_CFLAGS(use_hostcc=use_hostcc, + extra_cflags=cflags) + source = heimdal_paths(source) + + obj_target = binname + '.heimdal.objlist' + + HEIMDAL_SUBSYSTEM(obj_target, + source = source, + deps = deps, + includes = includes, + cflags = cflags, + group = group, + use_hostcc = use_hostcc, + use_global_deps= use_global_deps) + + bld.SAMBA_BINARY(binname, + source = '', + deps = obj_target, + includes = includes, + cflags = cflags, + cflags_end = cflags_end, + allow_warnings = allow_warnings, + group = group, + use_hostcc = use_hostcc, + use_global_deps= use_global_deps, + install_path = None, + install = install) + + +if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'): + + if not bld.CONFIG_SET('HAVE_IFADDRS_H'): + HEIMDAL_GENERATOR( + name="HEIMDAL_IFADDRS_H", + rule="rm -f ${TGT} && ln ${SRC} ${TGT}", + source = 'ifaddrs.hin', + target = 'ifaddrs.h', + ) + + if not bld.CONFIG_SET('HAVE_ERR_H'): + HEIMDAL_GENERATOR( + group='hostcc_base_build_source', + name="HEIMDAL_ERR_H", + rule="rm -f ${TGT} && ln ${SRC} ${TGT}", + source = '../heimdal/lib/roken/err.hin', + target = '../heimdal/lib/roken/err.h', + ) + + ROKEN_COMMON_SOURCE = ''' + lib/roken/base64.c + lib/roken/ct.c + lib/roken/hex.c + lib/roken/bswap.c + lib/roken/dumpdata.c + lib/roken/emalloc.c + lib/roken/ecalloc.c + lib/roken/getarg.c + lib/roken/getauxval.c + lib/roken/get_window_size.c + lib/roken/getdtablesize.c + lib/roken/h_errno.c + lib/roken/issuid.c + lib/roken/net_read.c + lib/roken/net_write.c + lib/roken/parse_time.c + lib/roken/parse_units.c + lib/roken/vis.c + lib/roken/strlwr.c + lib/roken/strsep_copy.c + lib/roken/strsep.c + lib/roken/strupr.c + lib/roken/strpool.c + lib/roken/estrdup.c + lib/roken/erealloc.c + lib/roken/secure_getenv.c + lib/roken/simple_exec.c + lib/roken/strcollect.c + lib/roken/rtbl.c + lib/roken/rand.c + lib/roken/cloexec.c + lib/roken/clz.c + lib/roken/xfree.c + lib/roken/timeval.c + lib/roken/mergesort.c + lib/roken/mergesort_r.c + ../heimdal_build/replace.c + ''' + + ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE + + ROKEN_SOURCE = ROKEN_COMMON_SOURCE + ''' + lib/roken/resolve.c + lib/roken/socket.c + lib/roken/roken_gethostby.c + lib/roken/mkostemp.c + lib/roken/getuserinfo.c + ''' + + HEIMDAL_LIBRARY('roken', + ROKEN_SOURCE, + includes='../heimdal/lib/roken ../heimdal/include ../heimdal_build/include', + deps='resolv util replace', + version_script='lib/roken/version-script.map', + ) + + HEIMDAL_SUBSYSTEM('ROKEN_HOSTCC', + ROKEN_HOSTCC_SOURCE, + use_hostcc=True, + use_global_deps=False, + includes='../heimdal/lib/roken ../heimdal/include ../heimdal_build/include', + group='hostcc_base_build_main', + deps='LIBREPLACE_HOSTCC', + ) + +if not bld.CONFIG_SET("USING_SYSTEM_KDC"): + HEIMDAL_LIB_GSS_PREAUTH_SOURCE = ''' + lib/gss_preauth/pa_client.c + lib/gss_preauth/pa_common.c + ''' + + HEIMDAL_LIBRARY('gss_preauth', + source=HEIMDAL_LIB_GSS_PREAUTH_SOURCE, + includes='../heimdal/lib/gss_preauth', + deps='roken gssapi') + HEIMDAL_AUTOPROTO('lib/gss_preauth/gss-preauth-private.h', + HEIMDAL_LIB_GSS_PREAUTH_SOURCE, + options='-q -P remove -p') + HEIMDAL_AUTOPROTO('lib/gss_preauth/gss-preauth-protos.h', + HEIMDAL_LIB_GSS_PREAUTH_SOURCE, + options='-E KRB5_LIB -q -P remove -o') + + HEIMDAL_ASN1('HEIMDAL_KX509_ASN1', + 'lib/asn1/kx509.asn1', + directory='lib/asn1' + ) + HEIMDAL_ASN1('HEIMDAL_DIGEST_ASN1', + 'lib/asn1/digest.asn1', + directory='lib/asn1' + ) + + KDC_SOURCE='kdc/default_config.c kdc/fast.c kdc/kerberos5.c kdc/krb5tgs.c kdc/pkinit.c kdc/pkinit-ec.c kdc/mssfu.c kdc/log.c kdc/misc.c kdc/digest.c kdc/process.c kdc/kdc-plugin.c kdc/kx509.c kdc/gss_preauth.c' + + HEIMDAL_LIBRARY('kdc', source=KDC_SOURCE, + includes='../heimdal/kdc', + deps='roken krb5 hdb asn1 HEIMDAL_DIGEST_ASN1 HEIMDAL_KX509_ASN1 heimntlm hcrypto com_err wind heimbase gssapi gss_preauth', + version_script='kdc/version-script.map') + HEIMDAL_AUTOPROTO('kdc/kdc-protos.h', KDC_SOURCE, options='-E KDC_LIB -q -P comment -o') + HEIMDAL_AUTOPROTO_PRIVATE('kdc/kdc-private.h', KDC_SOURCE) + +if not bld.CONFIG_SET("USING_SYSTEM_HEIMNTLM"): + HEIMDAL_ERRTABLE('HEIMNTLM_ET', + 'lib/ntlm/ntlm_err.et') + + HEIMNTLM_SOURCE = 'lib/ntlm/ntlm.c' + HEIMDAL_LIBRARY('heimntlm', + source=HEIMNTLM_SOURCE, + includes='../heimdal/lib/ntlm', + deps='roken hcrypto krb5', + version_script='lib/ntlm/version-script.map', + ) + HEIMDAL_AUTOPROTO('lib/ntlm/heimntlm-protos.h', HEIMNTLM_SOURCE) + +if not bld.CONFIG_SET("USING_SYSTEM_HDB"): + HEIMDAL_ASN1('HEIMDAL_HDB_ASN1', 'lib/hdb/hdb.asn1', + directory='lib/asn1', + option_file="lib/hdb/hdb.opt", + template=False, + includes='../heimdal/lib/asn1') + + HDB_KEYS_SOURCE = 'lib/hdb/keys.c' + + HEIMDAL_SUBSYSTEM('HEIMDAL_HDB_KEYS', + HDB_KEYS_SOURCE, + includes='../heimdal/lib/hdb', + deps='roken hcrypto krb5 HEIMDAL_HDB_ASN1', + ) + + HEIMDAL_ERRTABLE('HEIMDAL_HDB_ERR_ET', 'lib/hdb/hdb_err.et') + + HDB_SOURCE = '''lib/hdb/db.c lib/hdb/dbinfo.c lib/hdb/hdb.c + lib/hdb/ext.c lib/hdb/keytab.c lib/hdb/hdb-keytab.c + lib/hdb/mkey.c lib/hdb/ndbm.c lib/hdb/hdb_err.c + lib/hdb/common.c + ../heimdal_build/hdb-glue.c''' + + HEIMDAL_LIBRARY('hdb', + version_script='lib/hdb/version-script.map', + source=HDB_SOURCE, + includes='../heimdal/lib/hdb', + deps='krb5 HEIMDAL_HDB_KEYS roken hcrypto com_err HEIMDAL_HDB_ASN1 wind', + ) + HEIMDAL_AUTOPROTO('lib/hdb/hdb-protos.h', HDB_SOURCE + " " + HDB_KEYS_SOURCE) + HEIMDAL_AUTOPROTO_PRIVATE('lib/hdb/hdb-private.h', HDB_SOURCE + " " + HDB_KEYS_SOURCE) + + +if not bld.CONFIG_SET("USING_SYSTEM_GSSAPI"): + HEIMDAL_ERRTABLE('HEIMDAL_NEGOEX_ERR_ET', 'lib/gssapi/spnego/negoex_err.et') + HEIMDAL_ERRTABLE('HEIMDAL_GKRB5_ERR_ET', 'lib/gssapi/krb5/gkrb5_err.et') + + HEIMDAL_ASN1('HEIMDAL_GSSAPI_ASN1', + 'lib/gssapi/mech/gssapi.asn1', + includes='../heimdal/lib/asn1', + template=False, + directory='lib/gssapi' + ) + + HEIMDAL_ASN1('HEIMDAL_SPNEGO_ASN1', + source='lib/gssapi/spnego/spnego.asn1', + options='--sequence=MechTypeList', + includes='../heimdal/lib/asn1', + template=False, + directory='lib/gssapi' + ) + + HEIMDAL_GSSAPI_SPNEGO_SOURCE = ''' + lib/gssapi/spnego/init_sec_context.c + lib/gssapi/spnego/external.c + lib/gssapi/spnego/compat.c + lib/gssapi/spnego/context_stubs.c + lib/gssapi/spnego/context_storage.c + lib/gssapi/spnego/accept_sec_context.c + lib/gssapi/spnego/negoex_ctx.c + lib/gssapi/spnego/negoex_err.c + lib/gssapi/spnego/negoex_util.c + ''' + + HEIMDAL_AUTOPROTO_PRIVATE('lib/gssapi/spnego/spnego-private.h', + HEIMDAL_GSSAPI_SPNEGO_SOURCE) + + HEIMDAL_GSSAPI_KRB5_SOURCE = ''' + lib/gssapi/krb5/copy_ccache.c + lib/gssapi/krb5/delete_sec_context.c + lib/gssapi/krb5/duplicate_cred.c + lib/gssapi/krb5/init_sec_context.c + lib/gssapi/krb5/context_time.c + lib/gssapi/krb5/init.c + lib/gssapi/krb5/address_to_krb5addr.c + lib/gssapi/krb5/get_mic.c + lib/gssapi/krb5/inquire_context.c + lib/gssapi/krb5/add_cred.c + lib/gssapi/krb5/inquire_cred.c + lib/gssapi/krb5/inquire_cred_by_oid.c + lib/gssapi/krb5/inquire_cred_by_mech.c + lib/gssapi/krb5/inquire_mechs_for_name.c + lib/gssapi/krb5/inquire_names_for_mech.c + lib/gssapi/krb5/indicate_mechs.c + lib/gssapi/krb5/inquire_sec_context_by_oid.c + lib/gssapi/krb5/name_attrs.c + lib/gssapi/krb5/export_sec_context.c + lib/gssapi/krb5/import_sec_context.c + lib/gssapi/krb5/duplicate_name.c + lib/gssapi/krb5/import_name.c + lib/gssapi/krb5/compare_name.c + lib/gssapi/krb5/export_name.c + lib/gssapi/krb5/canonicalize_name.c + lib/gssapi/krb5/unwrap.c + lib/gssapi/krb5/wrap.c + lib/gssapi/krb5/release_name.c + lib/gssapi/krb5/cfx.c + lib/gssapi/krb5/8003.c + lib/gssapi/krb5/arcfour.c + lib/gssapi/krb5/encapsulate.c + lib/gssapi/krb5/display_name.c + lib/gssapi/krb5/sequence.c + lib/gssapi/krb5/display_status.c + lib/gssapi/krb5/release_buffer.c + lib/gssapi/krb5/external.c + lib/gssapi/krb5/compat.c + lib/gssapi/krb5/creds.c + lib/gssapi/krb5/ccache_name.c + lib/gssapi/krb5/acquire_cred.c + lib/gssapi/krb5/release_cred.c + lib/gssapi/krb5/store_cred.c + lib/gssapi/krb5/set_cred_option.c + lib/gssapi/krb5/decapsulate.c + lib/gssapi/krb5/verify_mic.c + lib/gssapi/krb5/accept_sec_context.c + lib/gssapi/krb5/set_sec_context_option.c + lib/gssapi/krb5/process_context_token.c + lib/gssapi/krb5/prf.c + lib/gssapi/krb5/aeap.c + lib/gssapi/krb5/pname_to_uid.c + lib/gssapi/krb5/authorize_localname.c + lib/gssapi/krb5/gkrb5_err.c + ''' + + HEIMDAL_AUTOPROTO_PRIVATE('lib/gssapi/krb5/gsskrb5-private.h', + HEIMDAL_GSSAPI_KRB5_SOURCE) + + HEIMDAL_GSSAPI_MECH_SOURCE = ''' + lib/gssapi/mech/cred.c + lib/gssapi/mech/context.c + lib/gssapi/mech/gss_krb5.c + lib/gssapi/mech/gss_mech_switch.c + lib/gssapi/mech/gss_process_context_token.c + lib/gssapi/mech/gss_buffer_set.c + lib/gssapi/mech/gss_aeap.c + lib/gssapi/mech/gss_add_cred.c + lib/gssapi/mech/gss_add_cred_from.c + lib/gssapi/mech/gss_acquire_cred_from.c + lib/gssapi/mech/gss_cred.c + lib/gssapi/mech/gss_store_cred_into.c + lib/gssapi/mech/gss_add_oid_set_member.c + lib/gssapi/mech/gss_compare_name.c + lib/gssapi/mech/gss_release_oid_set.c + lib/gssapi/mech/gss_create_empty_oid_set.c + lib/gssapi/mech/gss_duplicate_oid_set.c + lib/gssapi/mech/gss_decapsulate_token.c + lib/gssapi/mech/gss_inquire_cred_by_oid.c + lib/gssapi/mech/gss_canonicalize_name.c + lib/gssapi/mech/gss_inquire_sec_context_by_oid.c + lib/gssapi/mech/gss_inquire_names_for_mech.c + lib/gssapi/mech/gss_inquire_mechs_for_name.c + lib/gssapi/mech/gss_wrap_size_limit.c + lib/gssapi/mech/gss_names.c + lib/gssapi/mech/gss_verify.c + lib/gssapi/mech/gss_display_name.c + lib/gssapi/mech/gss_duplicate_oid.c + lib/gssapi/mech/gss_duplicate_cred.c + lib/gssapi/mech/gss_display_status.c + lib/gssapi/mech/gss_release_buffer.c + lib/gssapi/mech/gss_release_oid.c + lib/gssapi/mech/gss_test_oid_set_member.c + lib/gssapi/mech/gss_release_cred.c + lib/gssapi/mech/gss_set_sec_context_option.c + lib/gssapi/mech/gss_export_name.c + lib/gssapi/mech/gss_seal.c + lib/gssapi/mech/gss_acquire_cred.c + lib/gssapi/mech/gss_unseal.c + lib/gssapi/mech/gss_verify_mic.c + lib/gssapi/mech/gss_accept_sec_context.c + lib/gssapi/mech/gss_inquire_cred_by_mech.c + lib/gssapi/mech/gss_indicate_mechs.c + lib/gssapi/mech/gss_get_neg_mechs.c + lib/gssapi/mech/gss_delete_sec_context.c + lib/gssapi/mech/gss_sign.c + lib/gssapi/mech/gss_utils.c + lib/gssapi/mech/gss_init_sec_context.c + lib/gssapi/mech/gss_oid_equal.c + lib/gssapi/mech/gss_oid.c + lib/gssapi/mech/gss_oid_to_str.c + lib/gssapi/mech/gss_mo.c + lib/gssapi/mech/gss_context_time.c + lib/gssapi/mech/gss_encapsulate_token.c + lib/gssapi/mech/gss_get_mic.c + lib/gssapi/mech/gss_import_sec_context.c + lib/gssapi/mech/gss_inquire_cred.c + lib/gssapi/mech/gss_wrap.c + lib/gssapi/mech/gss_import_name.c + lib/gssapi/mech/gss_duplicate_name.c + lib/gssapi/mech/gss_unwrap.c + lib/gssapi/mech/gss_export_sec_context.c + lib/gssapi/mech/gss_export_name_composite.c + lib/gssapi/mech/gss_inquire_context.c + lib/gssapi/mech/gss_release_name.c + lib/gssapi/mech/gss_set_cred_option.c + lib/gssapi/mech/gss_pseudo_random.c + lib/gssapi/mech/gss_authorize_localname.c + lib/gssapi/mech/gss_get_name_attribute.c + lib/gssapi/mech/gssspi_exchange_meta_data.c + lib/gssapi/mech/gssspi_query_mechanism_info.c + lib/gssapi/mech/gssspi_query_meta_data.c + ../heimdal_build/gssapi-glue.c + ''' + + HEIMDAL_SUBSYSTEM('gssapi-subsystem', + HEIMDAL_GSSAPI_SPNEGO_SOURCE + + HEIMDAL_GSSAPI_KRB5_SOURCE + + HEIMDAL_GSSAPI_MECH_SOURCE, + includes='../heimdal/lib/gssapi/gssapi ../heimdal/lib/gssapi/spnego ../heimdal/lib/gssapi/krb5 ../heimdal/lib/gssapi/mech ../heimdal/lib/ntlm', + deps='hcrypto asn1 HEIMDAL_SPNEGO_ASN1 HEIMDAL_GSSAPI_ASN1 roken krb5 com_err wind heimbase', + cflags=bld.env.HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS, + ) + + HEIMDAL_LIBRARY('gssapi', + '', + includes='../heimdal/lib/gssapi/gssapi ../heimdal/lib/gssapi/spnego ../heimdal/lib/gssapi/krb5 ../heimdal/lib/gssapi/mech ../heimdal/lib/ntlm', + deps='gssapi-subsystem', + version_script='lib/gssapi/version-script.map', + ) + +if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): + # expand_path.c needs some of the install paths + HEIMDAL_SUBSYSTEM('HEIMDAL_CONFIG', + 'lib/krb5/expand_path.c lib/krb5/plugin.c lib/krb5/context.c', + includes='../heimdal/lib/krb5 ../heimdal/lib/asn1 ../heimdal/include', + cflags=bld.dynconfig_cflags('LIBDIR BINDIR LIBEXECDIR SBINDIR'), + deps='hcrypto heimbase wind hx509 com_err' + ) + + HEIMDAL_SUBSYSTEM('HEIMDAL_IPC_CLIENT', + [os.path.join('lib/ipc', x) for x in TO_LIST( + '''client.c common.c''')], + includes='../heimdal/include ../heimdal/lib/asn1 ../heimdal/lib/ipc', + deps='roken heimbase') + + HEIMDAL_ERRTABLE('HEIMDAL_KRB5_ERR_ET', 'lib/krb5/krb5_err.et') + + HEIMDAL_ERRTABLE('HEIMDAL_KRB_ERR_ET', 'lib/krb5/krb_err.et') + + HEIMDAL_ERRTABLE('HEIMDAL_K524_ERR_ET', 'lib/krb5/k524_err.et') + + HEIMDAL_ERRTABLE('HEIMDAL_K5E1_ERR_ET', 'lib/krb5/k5e1_err.et') + + HEIMDAL_ERRTABLE('HEIMDAL_KX509_ERR_ET', 'lib/krb5/kx509_err.et') + + HEIMDAL_ERRTABLE('HEIMDAL_HEIM_ERR_ET', 'lib/base/heim_err.et') + + krb5_crypto_cflags = [] + if bld.CONFIG_SET('HAVE_WUSE_AFTER_FREE_1'): + krb5_crypto_cflags.append('-Werror=use-after-free=1') + + + HEIMDAL_SUBSYSTEM('KRB5_CRYPTO', + 'lib/krb5/crypto.c', + includes='../heimdal/lib/krb5 ../heimdal/include', + deps='wind hcrypto', + cflags=krb5_crypto_cflags) + + KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in TO_LIST( + '''acache.c add_et_list.c + addr_families.c appdefault.c + asn1_glue.c auth_context.c authdata.c + build_ap_req.c build_auth.c cache.c + changepw.c codec.c config_file.c + constants.c convert_creds.c + copy_host_realm.c crc.c creds.c + crypto-aes-sha1.c crypto-aes-sha2.c crypto-algs.c + crypto-arcfour.c crypto-des3.c crypto-des.c + crypto-des-common.c crypto-evp.c + crypto-null.c crypto-pk.c crypto-rand.c + data.c dcache.c db_plugin.c deprecated.c eai_to_heim_errno.c enomem.c + error_string.c expand_hostname.c + fast.c fcache.c free.c free_host_realm.c + generate_seq_number.c generate_subkey.c + get_addrs.c get_cred.c + get_default_principal.c + get_default_realm.c get_for_creds.c + get_host_realm.c get_in_tkt.c + get_port.c init_creds.c init_creds_pw.c + kcm.c keyblock.c keytab.c keytab_any.c + keytab_file.c keytab_memory.c + keytab_keyfile.c krbhst.c krcache.c log.c + mcache.c misc.c mk_error.c mk_priv.c + mk_rep.c mk_req.c mk_req_ext.c + mit_glue.c net_read.c net_write.c n-fold.c padata.c pkinit.c pkinit-ec.c + principal.c prog_setup.c pac.c + pcache.c prompter_posix.c rd_cred.c rd_error.c + rd_priv.c rd_rep.c rd_req.c replay.c + salt.c salt-aes-sha1.c salt-aes-sha2.c salt-arcfour.c salt-des3.c salt-des.c + send_to_kdc.c set_default_realm.c + store.c store-int.c store_emem.c store_fd.c + store_mem.c store_stdio.c ticket.c time.c transited.c + version.c warn.c krb5_err.c sp800-108-kdf.c + aname_to_localname.c kuserok.c kx509.c + mk_cred.c kx509_err.c + k524_err.c krb_err.c k5e1_err.c''')] + ["../heimdal_build/krb5-glue.c"] + + krb5_keyutils_dep = '' + if bld.CONFIG_SET('HAVE_KEYCTL_GET_PERSISTENT'): + krb5_keyutils_dep = ' keyutils' + + HEIMDAL_LIBRARY('krb5', KRB5_SOURCE, + version_script='lib/krb5/version-script.map', + includes='../heimdal/lib/krb5 ../heimdal/lib/asn1 ../heimdal/include', + deps='roken wind asn1 hx509 HEIMDAL_KX509_ASN1 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT KRB5_CRYPTO' + krb5_keyutils_dep, + cflags=['-DLOCALSTATEDIR="/2"'] + bld.dynconfig_cflags(), + ) + KRB5_PROTO_SOURCE = KRB5_SOURCE + ['lib/krb5/expand_path.c', 'lib/krb5/plugin.c', 'lib/krb5/context.c', 'lib/krb5/crypto.c'] + + HEIMDAL_AUTOPROTO_PRIVATE('lib/krb5/krb5-private.h', KRB5_PROTO_SOURCE) + HEIMDAL_AUTOPROTO('lib/krb5/krb5-protos.h', KRB5_PROTO_SOURCE, + options='-E KRB5_LIB -q -P comment -o') + +if not bld.CONFIG_SET("USING_SYSTEM_ASN1"): + HEIMDAL_HEIM_ASN1_SOURCE = ''' + lib/asn1/der_get.c + lib/asn1/der_put.c + lib/asn1/der_free.c + lib/asn1/der_format.c + lib/asn1/der_length.c + lib/asn1/der_copy.c + lib/asn1/der_cmp.c + lib/asn1/der_print.c + lib/asn1/extra.c + lib/asn1/timegm.c + lib/asn1/template.c + lib/asn1/oid_resolution.c + ''' + + HEIMDAL_AUTOPROTO('lib/asn1/der-protos.h', + HEIMDAL_HEIM_ASN1_SOURCE, + group='hostcc_build_source', + options="-q -P comment -o") + + + HEIMDAL_AUTOPROTO('lib/asn1/der-private.h', + HEIMDAL_HEIM_ASN1_SOURCE, + group='hostcc_build_source', + options="-q -P comment -p") + + HEIMDAL_ERRTABLE('HEIMDAL_ASN1_ERR_ET', 'lib/asn1/asn1_err.et') + + heimdal_heim_asn1_cflags = '' + if bld.CONFIG_SET('HAVE_WNO_FORMAT_TRUNCATION'): + heimdal_heim_asn1_cflags = '-Wno-format-truncation' + + HEIMDAL_SUBSYSTEM('HEIMDAL_HEIM_ASN1', + HEIMDAL_HEIM_ASN1_SOURCE + 'lib/asn1/asn1_err.c', + includes='../heimdal/lib/asn1', + cflags=heimdal_heim_asn1_cflags, + deps='''roken com_err + HEIMDAL_CMS_ASN1 + HEIMDAL_DIGEST_ASN1 + HEIMDAL_KRB5_ASN1 + HEIMDAL_KX509_ASN1 + HEIMDAL_OCSP_ASN1 + HEIMDAL_PKCS10_ASN1 + HEIMDAL_PKCS12_ASN1 + HEIMDAL_PKCS8_ASN1 + HEIMDAL_PKCS9_ASN1 + HEIMDAL_PKINIT_ASN1 + HEIMDAL_RFC2459_ASN1 + HEIMDAL_RFC4108_ASN1 + ''' + ) + + HEIMDAL_ASN1('HEIMDAL_CRMF_ASN1', + 'lib/asn1/crmf.asn1', + option_file='lib/asn1/crmf.opt', + directory='lib/asn1', + template=False + ) + + HEIMDAL_ASN1('HEIMDAL_RFC2459_ASN1', + 'lib/asn1/rfc2459.asn1', + option_file='lib/asn1/rfc2459.opt', + directory='lib/asn1' + ) + + HEIMDAL_ASN1('HEIMDAL_RFC4108_ASN1', + 'lib/asn1/rfc4108.asn1', + directory='lib/asn1' + ) + + HEIMDAL_ASN1('HEIMDAL_KRB5_ASN1', + 'lib/asn1/krb5.asn1', + option_file='lib/asn1/krb5.opt', + directory='lib/asn1' + ) + + HEIMDAL_ASN1('HEIMDAL_PKINIT_ASN1', + 'lib/asn1/pkinit.asn1', + directory='lib/asn1' + ) + + HEIMDAL_ASN1('HEIMDAL_CMS_ASN1', + 'lib/asn1/cms.asn1', + option_file='lib/asn1/cms.opt', + directory='lib/asn1' + ) + + HEIMDAL_LIBRARY('asn1', + version_script='lib/asn1/version-script.map', + deps="HEIMDAL_HEIM_ASN1 HEIMDAL_RFC2459_ASN1 HEIMDAL_KRB5_ASN1 HEIMDAL_PKINIT_ASN1 HEIMDAL_CMS_ASN1", + source='') + +if not bld.CONFIG_SET('USING_SYSTEM_HCRYPTO'): + if not bld.CONFIG_SET("USING_SYSTEM_TOMMATH"): + # As directly listed in lib/hcrypto/libtommath/makefile.shared + libtommath_o = "\ +bn_cutoffs.o bn_deprecated.o bn_mp_2expt.o bn_mp_abs.o bn_mp_add.o bn_mp_add_d.o bn_mp_addmod.o \ +bn_mp_and.o bn_mp_clamp.o bn_mp_clear.o bn_mp_clear_multi.o bn_mp_cmp.o bn_mp_cmp_d.o bn_mp_cmp_mag.o \ +bn_mp_cnt_lsb.o bn_mp_complement.o bn_mp_copy.o bn_mp_count_bits.o bn_mp_decr.o bn_mp_div.o bn_mp_div_2.o \ +bn_mp_div_2d.o bn_mp_div_3.o bn_mp_div_d.o bn_mp_dr_is_modulus.o bn_mp_dr_reduce.o bn_mp_dr_setup.o \ +bn_mp_error_to_string.o bn_mp_exch.o bn_mp_expt_u32.o bn_mp_exptmod.o bn_mp_exteuclid.o bn_mp_fread.o \ +bn_mp_from_sbin.o bn_mp_from_ubin.o bn_mp_fwrite.o bn_mp_gcd.o bn_mp_get_double.o bn_mp_get_i32.o \ +bn_mp_get_i64.o bn_mp_get_l.o bn_mp_get_ll.o bn_mp_get_mag_u32.o bn_mp_get_mag_u64.o bn_mp_get_mag_ul.o \ +bn_mp_get_mag_ull.o bn_mp_grow.o bn_mp_incr.o bn_mp_init.o bn_mp_init_copy.o bn_mp_init_i32.o \ +bn_mp_init_i64.o bn_mp_init_l.o bn_mp_init_ll.o bn_mp_init_multi.o bn_mp_init_set.o bn_mp_init_size.o \ +bn_mp_init_u32.o bn_mp_init_u64.o bn_mp_init_ul.o bn_mp_init_ull.o bn_mp_invmod.o bn_mp_is_square.o \ +bn_mp_iseven.o bn_mp_isodd.o bn_mp_kronecker.o bn_mp_lcm.o bn_mp_log_u32.o bn_mp_lshd.o bn_mp_mod.o \ +bn_mp_mod_2d.o bn_mp_mod_d.o bn_mp_montgomery_calc_normalization.o bn_mp_montgomery_reduce.o \ +bn_mp_montgomery_setup.o bn_mp_mul.o bn_mp_mul_2.o bn_mp_mul_2d.o bn_mp_mul_d.o bn_mp_mulmod.o bn_mp_neg.o \ +bn_mp_or.o bn_mp_pack.o bn_mp_pack_count.o bn_mp_prime_fermat.o bn_mp_prime_frobenius_underwood.o \ +bn_mp_prime_is_prime.o bn_mp_prime_miller_rabin.o bn_mp_prime_next_prime.o \ +bn_mp_prime_rabin_miller_trials.o bn_mp_prime_rand.o bn_mp_prime_strong_lucas_selfridge.o \ +bn_mp_radix_size.o bn_mp_radix_smap.o bn_mp_rand.o bn_mp_read_radix.o bn_mp_reduce.o bn_mp_reduce_2k.o \ +bn_mp_reduce_2k_l.o bn_mp_reduce_2k_setup.o bn_mp_reduce_2k_setup_l.o bn_mp_reduce_is_2k.o \ +bn_mp_reduce_is_2k_l.o bn_mp_reduce_setup.o bn_mp_root_u32.o bn_mp_rshd.o bn_mp_sbin_size.o bn_mp_set.o \ +bn_mp_set_double.o bn_mp_set_i32.o bn_mp_set_i64.o bn_mp_set_l.o bn_mp_set_ll.o bn_mp_set_u32.o \ +bn_mp_set_u64.o bn_mp_set_ul.o bn_mp_set_ull.o bn_mp_shrink.o bn_mp_signed_rsh.o bn_mp_sqr.o \ +bn_mp_sqrmod.o bn_mp_sqrt.o bn_mp_sqrtmod_prime.o bn_mp_sub.o bn_mp_sub_d.o bn_mp_submod.o \ +bn_mp_to_radix.o bn_mp_to_sbin.o bn_mp_to_ubin.o bn_mp_ubin_size.o bn_mp_unpack.o bn_mp_xor.o bn_mp_zero.o \ +bn_prime_tab.o bn_s_mp_add.o bn_s_mp_balance_mul.o bn_s_mp_exptmod.o bn_s_mp_exptmod_fast.o \ +bn_s_mp_get_bit.o bn_s_mp_invmod_fast.o bn_s_mp_invmod_slow.o bn_s_mp_karatsuba_mul.o \ +bn_s_mp_karatsuba_sqr.o bn_s_mp_montgomery_reduce_fast.o bn_s_mp_mul_digs.o bn_s_mp_mul_digs_fast.o \ +bn_s_mp_mul_high_digs.o bn_s_mp_mul_high_digs_fast.o bn_s_mp_prime_is_divisible.o \ +bn_s_mp_rand_jenkins.o bn_s_mp_rand_platform.o bn_s_mp_reverse.o bn_s_mp_sqr.o bn_s_mp_sqr_fast.o \ +bn_s_mp_sub.o bn_s_mp_toom_mul.o bn_s_mp_toom_sqr.o" + + full_path_libtommath_c = \ + [os.path.join('lib/hcrypto/libtommath', + x.split(".o")[0] + ".c") + for x in TO_LIST(libtommath_o)] + + HEIMDAL_SUBSYSTEM('tommath', + full_path_libtommath_c, + includes='../heimdal/lib/hcrypto/libtommath' + ) + + HEIMDAL_LIBRARY('hcrypto', + 'lib/hcrypto/aes.c lib/hcrypto/bn.c lib/hcrypto/dh.c lib/hcrypto/dh-ltm.c lib/hcrypto/des.c lib/hcrypto/dsa.c lib/hcrypto/engine.c lib/hcrypto/md4.c lib/hcrypto/md5.c lib/hcrypto/rsa.c lib/hcrypto/rsa-ltm.c lib/hcrypto/rc2.c lib/hcrypto/rc4.c lib/hcrypto/rijndael-alg-fst.c lib/hcrypto/rnd_keys.c lib/hcrypto/sha.c lib/hcrypto/sha256.c lib/hcrypto/sha512.c lib/hcrypto/ui.c lib/hcrypto/evp.c lib/hcrypto/evp-hcrypto.c lib/hcrypto/pkcs5.c lib/hcrypto/pkcs12.c lib/hcrypto/rand.c lib/hcrypto/rand-unix.c lib/hcrypto/rand-fortuna.c lib/hcrypto/rand-timer.c lib/hcrypto/hmac.c lib/hcrypto/camellia.c lib/hcrypto/camellia-ntt.c lib/hcrypto/common.c lib/hcrypto/validate.c', + includes='../heimdal/lib/hcrypto ../heimdal/lib ../heimdal/include', + deps='roken asn1 tommath replace', + version_script='lib/hcrypto/version-script.map', + ) + +if not bld.CONFIG_SET('USING_SYSTEM_HEIMBASE'): + HEIMBASE_SOURCE_COMMON = ''' + lib/base/array.c + lib/base/bool.c + lib/base/bsearch.c + lib/base/data.c + lib/base/db.c + lib/base/dict.c + lib/base/error.c + lib/base/heimbase.c + lib/base/string.c + lib/base/number.c + lib/base/null.c + lib/base/json.c + lib/base/heim_err.c + ''' + HEIMBASE_SOURCE = HEIMBASE_SOURCE_COMMON + ''' + lib/base/config_file.c + lib/base/context.c + lib/base/error_string.c + lib/base/expand_path.c + lib/base/log.c + lib/base/plugin.c + lib/base/warn.c + ''' + HEIMDAL_AUTOPROTO('lib/base/heimbase-protos.h', + HEIMBASE_SOURCE, + group='hostcc_build_source') + HEIMDAL_LIBRARY('heimbase', + HEIMBASE_SOURCE, + includes='../heimdal/lib/base ../heimdal/include ../heimdal/lib/krb5', + deps='roken replace com_err', + cflags=['-DLOCALSTATEDIR="/2"'] + bld.dynconfig_cflags(), + version_script='lib/base/version-script.map', + ) + + HEIMBASE_HOSTCC_SOURCE = HEIMBASE_SOURCE_COMMON + ''' + lib/com_err/com_err.c + lib/com_err/error.c + ''' + HEIMDAL_SUBSYSTEM('HEIMBASE_HOSTCC', + HEIMBASE_HOSTCC_SOURCE, + use_hostcc=True, + use_global_deps=False, + includes='../heimdal/lib/base ../heimdal/lib/com_err ../heimdal/include ../heimdal/lib/krb5', + group='hostcc_build_main', + deps='ROKEN_HOSTCC LIBREPLACE_HOSTCC', + ) + +if not bld.CONFIG_SET("USING_SYSTEM_HX509"): + HEIMDAL_ASN1('HEIMDAL_OCSP_ASN1', + 'lib/asn1/ocsp.asn1', + options='--preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData', + includes='../heimdal/lib/asn1', + directory='lib/hx509' + ) + + HEIMDAL_ASN1('HEIMDAL_PKCS8_ASN1', + 'lib/asn1/pkcs8.asn1', + directory='lib/asn1' + ) + + + HEIMDAL_ASN1('HEIMDAL_PKCS9_ASN1', + 'lib/asn1/pkcs9.asn1', + directory='lib/asn1' + ) + + + HEIMDAL_ASN1('HEIMDAL_PKCS12_ASN1', + 'lib/asn1/pkcs12.asn1', + directory='lib/asn1' + ) + + HEIMDAL_ASN1('HEIMDAL_PKCS10_ASN1', + 'lib/asn1/pkcs10.asn1', + options='--preserve-binary=CertificationRequestInfo', + includes='../heimdal/lib/asn1', + directory='lib/hx509' + ) + + HEIMDAL_ERRTABLE('HEIMDAL_HX509_ERR_ET', + 'lib/hx509/hx509_err.et') + + HEIMDAL_HX509_OBJH_SOURCE = ''' + lib/hx509/ca.c + lib/hx509/cert.c + lib/hx509/cms.c + lib/hx509/collector.c + lib/hx509/crypto.c + lib/hx509/crypto-ec.c + lib/hx509/error.c + lib/hx509/env.c + lib/hx509/file.c + lib/hx509/keyset.c + lib/hx509/ks_dir.c + lib/hx509/ks_file.c + lib/hx509/ks_keychain.c + lib/hx509/ks_mem.c + lib/hx509/ks_null.c + lib/hx509/ks_p11.c + lib/hx509/ks_p12.c + lib/hx509/lock.c + lib/hx509/name.c + lib/hx509/peer.c + lib/hx509/print.c + lib/hx509/req.c + lib/hx509/revoke.c + lib/hx509/sel.c + lib/hx509/hx509_err.c + ''' + + HEIMDAL_AUTOPROTO('lib/hx509/hx509-protos.h', + HEIMDAL_HX509_OBJH_SOURCE, + options="-R '^(_|^C)' -E HX509_LIB -q -P comment -o") + + HEIMDAL_AUTOPROTO('lib/hx509/hx509-private.h', + HEIMDAL_HX509_OBJH_SOURCE, + options="-q -P comment -p") + + HEIMDAL_LIBRARY('hx509', + HEIMDAL_HX509_OBJH_SOURCE + ' lib/hx509/sel-lex.l lib/hx509/sel-gram.y', + includes='../heimdal/lib/hx509', + deps='roken com_err asn1 hcrypto asn1 HEIMDAL_OCSP_ASN1 HEIMDAL_PKCS8_ASN1 HEIMDAL_PKCS9_ASN1 HEIMDAL_PKCS12_ASN1 HEIMDAL_PKCS10_ASN1 wind heimbase', + cflags=bld.env.HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS, + version_script='lib/hx509/version-script.map', + ) + +if not bld.CONFIG_SET('USING_SYSTEM_WIND'): + HEIMDAL_ERRTABLE('WIND_ERR_ET', + 'lib/wind/wind_err.et') + + HEIMDAL_GENERATOR( + name="HEIMDAL_ERRORLIST", + rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[1].abspath()}' '${SRC[1].parent.abspath(env)}'", + source = '../heimdal/lib/wind/gen-errorlist.py ../heimdal/lib/wind/rfc3454.txt ../heimdal/lib/wind/stringprep.py', + target = '../heimdal/lib/wind/errorlist_table.c ../heimdal/lib/wind/errorlist_table.h' + ) + + + HEIMDAL_GENERATOR( + name = 'HEIMDAL_NORMALIZE_TABLE', + rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[1].abspath()}' '${SRC[2].abspath()}' '${SRC[1].parent.abspath(env)}'", + source = '../heimdal/lib/wind/gen-normalize.py ../heimdal/lib/wind/UnicodeData.txt ../heimdal/lib/wind/CompositionExclusions-3.2.0.txt', + target = '../heimdal/lib/wind/normalize_table.h ../heimdal/lib/wind/normalize_table.c' + ) + + HEIMDAL_GENERATOR( + name = 'HEIMDAL_COMBINING_TABLE', + rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[1].abspath()}' '${SRC[1].parent.abspath(env)}'", + source = '../heimdal/lib/wind/gen-combining.py ../heimdal/lib/wind/UnicodeData.txt', + target = '../heimdal/lib/wind/combining_table.h ../heimdal/lib/wind/combining_table.c' + ) + + HEIMDAL_GENERATOR( + name = 'HEIMDAL_BIDI_TABLE', + rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[1].abspath()}' '${SRC[1].parent.abspath(env)}'", + source = '../heimdal/lib/wind/gen-bidi.py ../heimdal/lib/wind/rfc3454.txt', + target = '../heimdal/lib/wind/bidi_table.h ../heimdal/lib/wind/bidi_table.c' + ) + + + HEIMDAL_GENERATOR( + name = 'HEIMDAL_MAP_TABLE', + rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[2].abspath()}' '${SRC[2].parent.abspath(env)}'", + source = '../heimdal/lib/wind/gen-map.py ../heimdal/lib/wind/stringprep.py ../heimdal/lib/wind/rfc3454.txt', + target = '../heimdal/lib/wind/map_table.h ../heimdal/lib/wind/map_table.c' + ) + + HEIMDAL_LIBRARY('wind', + 'lib/wind/wind_err.c lib/wind/stringprep.c lib/wind/errorlist.c lib/wind/errorlist_table.c lib/wind/normalize.c lib/wind/normalize_table.c lib/wind/combining.c lib/wind/combining_table.c lib/wind/utf8.c lib/wind/bidi.c lib/wind/bidi_table.c lib/wind/ldap.c lib/wind/map.c lib/wind/map_table.c', + includes='../heimdal/lib/wind', + deps='roken com_err', + version_script='lib/wind/version-script.map', + ) + +if not bld.CONFIG_SET('USING_SYSTEM_COM_ERR'): + HEIMDAL_LIBRARY('com_err', + 'lib/com_err/com_err.c lib/com_err/error.c', + includes='../heimdal/lib/com_err', + deps='roken samba_intl', + version_script='lib/com_err/version-script.map', + ) + +HEIMDAL_SUBSYSTEM('HEIMDAL_VERS_HOSTCC', + 'lib/vers/print_version.c ../heimdal_build/version.c', + group='hostcc_base_build_main', + deps='LIBREPLACE_HOSTCC ROKEN_HOSTCC', + use_global_deps=False, + use_hostcc=True) + +HEIMDAL_SUBSYSTEM('HEIMDAL_VERS', + 'lib/vers/print_version.c ../heimdal_build/version.c', + deps='roken replace') + + +if not bld.CONFIG_SET('USING_SYSTEM_ASN1_COMPILE'): + HEIMDAL_SUBSYSTEM('HEIMDAL_ASN1_GEN_HOSTCC', + 'lib/asn1/gen.c', + includes='../heimdal/lib/asn1', + group='hostcc_build_main', + cflags=bld.env.HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS, + deps='ROKEN_HOSTCC HEIMBASE_HOSTCC', + use_global_deps=False, + use_hostcc=True) + + # here is the asn1 compiler build rule + HEIMDAL_BINARY('asn1_compile', + 'lib/asn1/gen_copy.c lib/asn1/gen_print.c ' + 'lib/asn1/gen_decode.c lib/asn1/gen_encode.c lib/asn1/gen_free.c ' + 'lib/asn1/gen_glue.c lib/asn1/gen_length.c lib/asn1/gen_seq.c ' + 'lib/asn1/gen_template.c lib/asn1/hash.c lib/asn1/symbol.c ' + 'lib/asn1/asn1parse.y lib/asn1/lex.l lib/asn1/main.c', + use_hostcc=True, + use_global_deps=False, + includes='../heimdal/lib/asn1', + group='hostcc_build_main', + deps='ROKEN_HOSTCC HEIMBASE_HOSTCC LIBREPLACE_HOSTCC HEIMDAL_VERS_HOSTCC ' + 'HEIMDAL_ASN1_GEN_HOSTCC', + install=False + ) + bld.env['ASN1_COMPILE'] = os.path.join(bld.bldnode.parent.abspath(), 'asn1_compile') + + +if not bld.CONFIG_SET('USING_SYSTEM_COMPILE_ET'): + HEIMDAL_BINARY('compile_et', + 'lib/com_err/parse.y lib/com_err/lex.l lib/com_err/compile_et.c', + use_hostcc=True, + use_global_deps=False, + includes='../heimdal/lib/com_err', + group='hostcc_base_build_main', + deps='ROKEN_HOSTCC LIBREPLACE_HOSTCC HEIMDAL_VERS_HOSTCC', + install=False + ) + bld.env['COMPILE_ET'] = os.path.join(bld.bldnode.parent.abspath(), 'compile_et') + +if bld.CONFIG_SET('USING_EMBEDDED_HEIMDAL'): + HEIMDAL_BINARY('samba4kinit', + 'kuser/kinit.c', + deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto gssapi gss_preauth', + install=False + ) + + HEIMDAL_BINARY('samba4kgetcred', + 'kuser/kgetcred.c', + deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto asn1 gssapi gss_preauth', + install=False + ) + + HEIMDAL_BINARY('samba4kpasswd', + 'kpasswd/kpasswd.c', + deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto', + install=False + ) + +# Alias subsystem to allow common kerberos code that will +# otherwise link against MIT's gssapi_krb5 and k5crypto +# +# Note: that we also need this if we use system heimdal libraries +HEIMDAL_SUBSYSTEM('gssapi_krb5', '', deps='gssapi') +HEIMDAL_SUBSYSTEM('k5crypto', '', deps='krb5') diff --git a/third_party/heimdal_build/wscript_configure b/third_party/heimdal_build/wscript_configure new file mode 100644 index 0000000..db3995b --- /dev/null +++ b/third_party/heimdal_build/wscript_configure @@ -0,0 +1,220 @@ +#!/usr/bin/env python +# Waf build script for Samba 4's bundled Heimdal. + +# Unless explicitly requested by the user (e.g. +# "./configure --bundled-libraries=!asn1_compile") this will always use the +# bundled Heimdal, even if a system heimdal was found. The reason +# for this is that our checks for the system heimdal are not accurate +# enough yet to know if it is usable (some bug fix might be missing, +# compile_et might not generate the expected code, etc). + +from waflib import Logs + +conf.CHECK_TYPE('u_char', 'uint8_t') +conf.CHECK_TYPE('u_int32_t', 'uint32_t') + +conf.CHECK_HEADERS('err.h') + +conf.CHECK_HEADERS('ifaddrs.h') +conf.CHECK_HEADERS('''crypt.h errno.h inttypes.h netdb.h signal.h sys/bswap.h + sys/file.h sys/stropts.h sys/timeb.h sys/times.h sys/uio.h sys/un.h + sys/utsname.h time.h timezone.h ttyname.h netinet/in.h + netinet/in6.h netinet6/in6.h''') + +conf.CHECK_HEADERS('curses.h term.h termcap.h', together=True) + +conf.CHECK_FUNCS('''atexit cgetent getprogname setprogname gethostname + putenv rcmd readv secure_getenv + sendmsg setitimer strlwr strncasecmp mkostemp + strptime strsep strsep_copy strtok_r strupr swab umask uname unsetenv + closefrom err warn errx warnx flock writev''') + +conf.CHECK_FUNCS_IN('hstrerror', 'resolv socket nsl', checklibc=True) +conf.CHECK_FUNCS_IN('''getnameinfo sendmsg socket getipnodebyname gethostent gethostent_r + sethostent endhostent getipnodebyaddr freehostent gethostbyname + gethostbyname_r gethostbyaddr''', + 'socket nsl', + checklibc=True) + +conf.CHECK_FUNCS('iruserok') + +conf.CHECK_FUNCS('bswap16') +conf.CHECK_FUNCS('bswap32') + +conf.CHECK_TYPE('struct winsize', define='HAVE_STRUCT_WINSIZE', headers='sys/termios.h sys/ioctl.h') +conf.CHECK_STRUCTURE_MEMBER('struct winsize', 'ws_xpixel', + define='HAVE_WS_XPIXEL', headers='sys/termios.h sys/ioctl.h') +conf.CHECK_STRUCTURE_MEMBER('struct winsize', 'ws_ypixel', + define='HAVE_WS_YPIXEL', headers='sys/termios.h sys/ioctl.h') +conf.DEFINE('HAVE_KRB_STRUCT_WINSIZE', 1) +conf.DEFINE('VOID_RETSIGTYPE', 1) + +conf.CHECK_VARIABLE('h_errno', headers='netdb.h') + +# strangely enough, we need it with another define too +conf.CHECK_DECLS('h_errno', headers='netdb.h') + +conf.CHECK_FUNCS_IN('res_search res_nsearch res_ndestroy dns_search dn_expand', 'resolv', + checklibc=True, headers='netinet/in.h arpa/nameser.h resolv.h dns.h') +conf.CHECK_VARIABLE('_res', headers='netinet/in.h arpa/nameser.h resolv.h') +conf.CHECK_DECLS('_res', headers='netinet/in.h arpa/nameser.h resolv.h') + +conf.DEFINE('HAVE_KRB5',1) + +conf.CHECK_FUNCS('dirfd', headers='dirent.h') +conf.CHECK_DECLS('dirfd', reverse=True, headers='dirent.h') +conf.CHECK_STRUCTURE_MEMBER('DIR', 'dd_fd', define='HAVE_DIR_DD_FD', headers='dirent.h') + +if conf.env['WITH_KERNEL_KEYRING'] is not False: + require_keyutils = False + if conf.env['WITH_KERNEL_KEYRING'] is True: + require_keyutils = True + conf.CHECK_FUNCS_IN('add_key keyctl_get_persistent', + 'keyutils', headers='keyutils.h', + mandatory=require_keyutils) + conf.CHECK_SIZEOF('key_serial_t', headers='keyutils.h', + critical=require_keyutils) + +heimdal_no_error_flags = ['-Wno-error=cast-qual', + '-Wno-error=discarded-qualifiers', + '-Wno-error=old-style-definition', + '-Wno-error=unused-result', + '-Wno-error=unused-variable' +] +for flag in heimdal_no_error_flags: + conf.ADD_NAMED_CFLAGS('HEIMDAL_NO_ERROR_CFLAGS', + flag, + testflags=True) + +conf.ADD_NAMED_CFLAGS('HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS', + '-Wno-strict-overflow', + testflags=True) + +conf.ADD_NAMED_CFLAGS('HEIMDAL_UNPICKY_WNO_FREE_NOHEAP_OBJECT_CFLAGS', + '-Wno-error=free-nonheap-object', + testflags=True) + +if len(bld.env.HEIMDAL_NO_ERROR_CFLAGS) == len(heimdal_no_error_flags): + Logs.info("Most warnings in Heimdal code will " + "error due to -Werror (good)") +else: + conf.env.allow_heimdal_warnings = True + # Needed on CentOS 7 and Ubuntu 16.04 only for Bison generated + # files when we are not doing strict warnings -> errors + conf.ADD_NAMED_CFLAGS('HEIMDAL_UNPICKY_WNO_MAYBE_UNINITIALIZED_CFLAGS', + '-Wno-error=maybe-uninitialized', + testflags=True) + Logs.info("Allowing warnings in Heimdal code as this compiler does " + "not support enough -Wno-error flags (bad)") + +conf.DEFINE('SAMBA4_USES_HEIMDAL', 1) + +# setup the right defines for a in-tree heimdal build +Logs.info("Using in-tree heimdal kerberos defines") +conf.define('HAVE_GSSAPI_GSSAPI_H', 1) +conf.define('HAVE_GSSAPI_GSSAPI_KRB5_H', 1) +conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1) +conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1) +conf.define('HAVE_KRB5_SET_REAL_TIME', 1) +conf.define('HAVE_COM_ERR_H', 1) +conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1) +conf.define('HAVE_GSS_DISPLAY_STATUS', 1) +conf.define('HAVE_GSS_WRAP_IOV', 1) +conf.define('HAVE_GSS_KRB5_IMPORT_CRED', 1) +conf.define('HAVE_GSS_OID_EQUAL', 1) +conf.define('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID', 1) +conf.define('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT', 1) +conf.define('HAVE_GSSKRB5_GET_SUBKEY', 1) +conf.define('HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT', 1) +conf.define('HAVE_GSS_IMPORT_CRED', 1) +conf.define('HAVE_GSS_EXPORT_CRED', 1) +conf.define('HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X', 1) +conf.define('HAVE_GSSAPI', 1) +conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1) +conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1) +conf.define('HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE', 0) +conf.define('HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER', 0) +conf.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1) +conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1) +conf.define('HAVE_KRB5_ADDRESSES', 1) +conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1) +conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1) +conf.define('HAVE_KRB5_CC_COPY_CACHE', 1) +conf.define('HAVE_KRB5_CREATE_CHECKSUM', 1) +conf.define('HAVE_KRB5_CRYPTO', 1) +conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1) +conf.define('HAVE_KRB5_CRYPTO_INIT', 1) +conf.define('HAVE_KRB5_C_VERIFY_CHECKSUM', 1) +conf.define('HAVE_KRB5_ENCTYPE_TO_STRING', 1) +conf.define('HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', 1) +conf.define('HAVE_KRB5_FREE_ERROR_CONTENTS', 1) +conf.define('HAVE_KRB5_FREE_UNPARSED_NAME', 1) +conf.define('HAVE_KRB5_FREE_HOST_REALM', 1) +conf.define('HAVE_KRB5_FWD_TGT_CREDS', 1) +conf.define('HAVE_KRB5_GET_CREDS', 1) +conf.define('HAVE_KRB5_GET_CREDS_OPT_ALLOC', 1) +conf.define('HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE', 1) +conf.define('HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES', 1) +conf.define('HAVE_KRB5_GET_HOST_REALM', 1) +conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1) +conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1) +conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1) +conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1) +conf.define('HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK', 1) +conf.define('HAVE_KRB5_GET_PW_SALT', 1) +conf.define('HAVE_KRB5_GET_RENEWED_CREDS', 1) +conf.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1) +conf.define('HAVE_KRB5_KEYBLOCK_INIT', 1) +conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1) +conf.define('HAVE_KRB5_KRBHST_GET_ADDRINFO', 1) +conf.define('HAVE_KRB5_KRBHST_INIT', 1) +conf.define('HAVE_KRB5_KT_COMPARE', 1) +conf.define('HAVE_KRB5_KT_FREE_ENTRY', 1) +conf.define('HAVE_KRB5_KU_OTHER_CKSUM', 1) +conf.define('HAVE_KRB5_LOCATE_PLUGIN_H', 1) +conf.define('HAVE_KRB5_MK_REQ_EXTENDED', 1) +conf.define('HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM', 1) +conf.define('HAVE_KRB5_PRINCIPAL_GET_COMP_STRING', 1) +conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1) +conf.define('HAVE_KRB5_MAKE_PRINCIPAL', 1) +conf.define('HAVE_KRB5_REALM_TYPE', 1) +conf.define('HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES', 1) +conf.define('HAVE_KRB5_SET_REAL_TIME', 1) +conf.define('HAVE_KRB5_STRING_TO_KEY', 1) +conf.define('HAVE_KRB5_STRING_TO_KEY_SALT', 1) +conf.define('HAVE_FREE_CHECKSUM', 1) +conf.define('HAVE_LIBKRB5', 1) +conf.define('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', 1) +conf.define('HAVE_ETYPE_IN_ENCRYPTEDDATA', 1) +conf.define('KRB5_PRINC_REALM_RETURNS_REALM', 1) +conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1) +conf.define('HAVE_KRB5_H', 1) +conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1) +conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', 1) +conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5_56', 1) +conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC', 1) +conf.define('HAVE_KRB5_PDU_NONE_DECL', 1) +conf.define('HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96', 1) +conf.define('HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96', 1) +conf.define('HAVE_KRB5_PRINCIPAL_GET_NUM_COMP', 1) +conf.define('HAVE_GSSAPI_GSSAPI_SPNEGO_H', 1) +conf.define('HAVE_FLAGS_IN_KRB5_CREDS', 1) +conf.define('HAVE_KRB5_CONFIG_GET_BOOL_DEFAULT', 1) +conf.define('HAVE_KRB5_DATA_COPY', 1) +conf.define('HAVE_KRB5_PRINCIPAL_SET_REALM', 1) +conf.define('HAVE_KRB5_PRINCIPAL_SET_TYPE', 1) +conf.define('HAVE_KRB5_PRINCIPAL_GET_TYPE', 1) +conf.define('HAVE_KRB5_WARNX', 1) +conf.define('HAVE_KRB5_PROMPT_TYPE', 1) + +if conf.CONFIG_SET('USING_EMBEDDED_HEIMDAL'): + conf.define('HAVE_KRB5_ADDLOG_FUNC_NEED_CONTEXT', 1) + conf.define('HAVE_KRB5_CONST_PAC', 1) + conf.define('KRB5_CONST_PAC_GET_BUFFER', 1) + conf.define('HAVE_KRB5_PAC_IS_TRUSTED', 1) + conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_CCACHE', 1) + conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_FLAGS', 1) +else: + pass # TODO + +conf.CHECK_SIGN('time_t') -- cgit v1.2.3