The Samba-Bugzilla – Attachment 15617 Details for
Bug 14179
Build with heimdal system library broke with waf update in Samba 4.10
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for 4.10
bug-14179-patches-for-4.10 (text/plain), 18.99 KB, created by
Christof Schmitt
on 2019-11-13 21:30:08 UTC
(
hide
)
Description:
Patches for 4.10
Filename:
MIME Type:
Creator:
Christof Schmitt
Created:
2019-11-13 21:30:08 UTC
Size:
18.99 KB
patch
obsolete
>From 4cec18b9129391b938d4584175f68798aa0410a4 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 24 Jan 2019 02:31:10 +0100 >Subject: [PATCH 1/6] wscript: separate embedded_heimdal from system_heimdal > >This allows to default (embedded_heimdal) to build even with a >broken krb5-config file from Heimdal. > >In the system_heimdal case we parse the content of krb5-config >instead of just executing it. This fails on FreeBSD 12 as >krb5-config contains iso-8859-1 characters, which can't be parsed >as unicode python buffers when using python3. > >Fixing the system_heimdal case is a task for another day, >I guess it will only work once we imported a current heimdal version >and actually tested the system_heimdal case. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 8061983d4882f3ba3f12da71443b035d7b672eec) >--- > source4/heimdal_build/wscript_configure | 94 ----------------------- > wscript | 11 +-- > wscript_configure_embedded_heimdal | 1 + > wscript_configure_system_heimdal | 99 +++++++++++++++++++++++++ > 4 files changed, 104 insertions(+), 101 deletions(-) > create mode 100644 wscript_configure_embedded_heimdal > create mode 100644 wscript_configure_system_heimdal > >diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure >index 4d4e6a0cff9..903fb5139db 100644 >--- a/source4/heimdal_build/wscript_configure >+++ b/source4/heimdal_build/wscript_configure >@@ -164,97 +164,3 @@ conf.define('HAVE_KRB5_PRINCIPAL_GET_TYPE', 1) > conf.define('HAVE_KRB5_WARNX', 1) > conf.define('HAVE_KRB5_PROMPT_TYPE', 1) > >-heimdal_includedirs = [] >-heimdal_libdirs = [] >-krb5_config = conf.find_program("krb5-config.heimdal", var="HEIMDAL_KRB5_CONFIG") >-if not krb5_config: >- krb5_config = conf.find_program("krb5-config", var="HEIMDAL_KRB5_CONFIG") >-if krb5_config: >- # Not ideal, but seems like the best way to get at these paths: >- f = open(krb5_config[0], 'r') >- try: >- for l in f: >- if l.startswith("libdir="): >- heimdal_libdirs.append(l.strip()[len("libdir="):]) >- elif l.startswith("includedir="): >- include_path = l.strip()[len("includedir="):] >- heimdal_includedirs.append(include_path) >- conf.define('HEIMDAL_KRB5_TYPES_PATH', >- include_path + "/krb5-types.h") >- finally: >- f.close() >- >-def check_system_heimdal_lib(name, functions='', headers='', onlyif=None): >- # Only use system library if the user requested the bundled one not be >- # used. >- if conf.LIB_MAY_BE_BUNDLED(name): >- return False >- setattr(conf.env, "CPPPATH_%s" % name.upper(), heimdal_includedirs) >- setattr(conf.env, "LIBPATH_%s" % name.upper(), heimdal_libdirs) >- if not conf.CHECK_BUNDLED_SYSTEM(name, checkfunctions=functions, headers=headers, >- onlyif=onlyif): >- return False >- conf.define('USING_SYSTEM_%s' % name.upper(), 1) >- return True >- >-def check_system_heimdal_binary(name): >- if conf.LIB_MAY_BE_BUNDLED(name): >- return False >- if not conf.find_program(name, var=name.upper()): >- return False >- conf.define('USING_SYSTEM_%s' % name.upper(), 1) >- return True >- >-check_system_heimdal_lib("com_err", "com_right_r com_err", "com_err.h") >- >-if check_system_heimdal_lib("roken", "rk_socket_set_reuseaddr", "roken.h"): >- conf.env.CPPPATH_ROKEN_HOSTCC = conf.env.CPPPATH_ROKEN >- conf.env.LIBPATH_ROKEN_HOSTCC = conf.env.LIBPATH_ROKEN >- conf.env.LIB_ROKEN_HOSTCC = "roken" >- conf.SET_TARGET_TYPE("ROKEN_HOSTCC", 'SYSLIB') >- >-# Make sure HAVE_CONFIG_H is unset, as the system Heimdal headers use it >-# and include config.h if it is set, resulting in failure (since config.h >-# doesn't yet exist) >- >-DEFINES = list(conf.env.DEFINES) >-conf.undefine("HAVE_CONFIG_H") >-while "HAVE_CONFIG_H=1" in conf.env.DEFINES: >- conf.env.DEFINES.remove("HAVE_CONFIG_H=1") >-try: >- check_system_heimdal_lib("wind", "wind_stringprep", "wind.h", onlyif="roken") >- check_system_heimdal_lib("hx509", "hx509_bitstring_print", "hx509.h", onlyif="roken wind") >- check_system_heimdal_lib("asn1", "initialize_asn1_error_table", "asn1_err.h", onlyif="roken com_err") >- check_system_heimdal_lib("heimbase", "heim_cmp", "heimbase.h", onlyif="roken") >- check_system_heimdal_lib("hcrypto", "MD4_Init", "hcrypto/md4.h", >- onlyif="asn1 roken com_err") >- if check_system_heimdal_lib("krb5", "krb5_anyaddr", "krb5.h", >- onlyif="roken wind asn1 hx509 hcrypto com_err heimbase"): >- conf.CHECK_FUNCS_IN('krb5_free_unparsed_name', 'krb5', headers="krb5.h") >- check_system_heimdal_lib("gssapi", "gss_oid_to_name", "gssapi.h", >- onlyif="hcrypto asn1 roken krb5 com_err wind") >- check_system_heimdal_lib("heimntlm", "heim_ntlm_ntlmv2_key", "heimntlm.h", >- onlyif="roken hcrypto krb5") >- if check_system_heimdal_lib("hdb", "hdb_db_dir", "krb5.h hdb.h", >- onlyif="roken krb5 hcrypto com_err wind"): >- conf.CHECK_CODE(''' >- #include <hdb.h> >- int main(void) { hdb_enctype2key(NULL, NULL, NULL, 0, NULL); } >- ''', >- define='HDB_ENCTYPE2KEY_TAKES_KEYSET', >- addmain=False, >- lib='hdb', >- msg='Checking whether hdb_enctype2key takes a keyset argument', >- local_include=False) >- >- check_system_heimdal_lib("kdc", "kdc_log", "kdc.h", >- onlyif="roken krb5 hdb asn1 heimntlm hcrypto com_err wind heimbase") >-finally: >- conf.env.DEFINES = DEFINES >- >-# With the proper checks in place we should be able to build against the system libtommath. >-#if conf.CHECK_BUNDLED_SYSTEM('tommath', checkfunctions='mp_init', headers='tommath.h'): >-# conf.define('USING_SYSTEM_TOMMATH', 1) >- >-check_system_heimdal_binary("compile_et") >-check_system_heimdal_binary("asn1_compile") >diff --git a/wscript b/wscript >index e38a8e9aecf..4a5fc421baa 100644 >--- a/wscript >+++ b/wscript >@@ -246,14 +246,11 @@ def configure(conf): > 'hx509', 'wind', 'gssapi', 'hcrypto', > 'krb5', 'heimbase', 'asn1_compile', > 'compile_et', 'kdc', 'hdb', 'heimntlm') >+ conf.PROCESS_SEPARATE_RULE('system_heimdal') >+ >+ if not conf.CONFIG_GET('KRB5_VENDOR'): >+ conf.PROCESS_SEPARATE_RULE('embedded_heimdal') > >- # Only process heimdal_build for non-MIT KRB5 builds >- # When MIT KRB5 checks are done as above, conf.env.KRB5_VENDOR will be set >- # to the lowcased output of 'krb5-config --vendor'. >- # If it is not set or the output is 'heimdal', we are dealing with >- # system-provided or embedded Heimdal build >- if conf.CONFIG_GET('KRB5_VENDOR') in (None, 'heimdal'): >- conf.RECURSE('source4/heimdal_build') > conf.RECURSE('source4/lib/tls') > conf.RECURSE('source4/dsdb/samdb/ldb_modules') > conf.RECURSE('source4/ntvfs/sysdep') >diff --git a/wscript_configure_embedded_heimdal b/wscript_configure_embedded_heimdal >new file mode 100644 >index 00000000000..8c55ae2a938 >--- /dev/null >+++ b/wscript_configure_embedded_heimdal >@@ -0,0 +1 @@ >+conf.RECURSE('source4/heimdal_build') >diff --git a/wscript_configure_system_heimdal b/wscript_configure_system_heimdal >new file mode 100644 >index 00000000000..0ff6dad2f55 >--- /dev/null >+++ b/wscript_configure_system_heimdal >@@ -0,0 +1,99 @@ >+import sys >+from waflib import Logs >+ >+conf.RECURSE('source4/heimdal_build') >+ >+heimdal_includedirs = [] >+heimdal_libdirs = [] >+krb5_config = conf.find_program("krb5-config.heimdal", var="HEIMDAL_KRB5_CONFIG") >+if not krb5_config: >+ krb5_config = conf.find_program("krb5-config", var="HEIMDAL_KRB5_CONFIG") >+if krb5_config: >+ # Not ideal, but seems like the best way to get at these paths: >+ f = open(krb5_config[0], 'r') >+ try: >+ for l in f: >+ if l.startswith("libdir="): >+ heimdal_libdirs.append(l.strip()[len("libdir="):]) >+ elif l.startswith("includedir="): >+ include_path = l.strip()[len("includedir="):] >+ heimdal_includedirs.append(include_path) >+ conf.define('HEIMDAL_KRB5_TYPES_PATH', >+ include_path + "/krb5-types.h") >+ finally: >+ f.close() >+ >+def check_system_heimdal_lib(name, functions='', headers='', onlyif=None): >+ # Only use system library if the user requested the bundled one not be >+ # used. >+ if conf.LIB_MAY_BE_BUNDLED(name): >+ return False >+ setattr(conf.env, "CPPPATH_%s" % name.upper(), heimdal_includedirs) >+ setattr(conf.env, "LIBPATH_%s" % name.upper(), heimdal_libdirs) >+ if not conf.CHECK_BUNDLED_SYSTEM(name, checkfunctions=functions, headers=headers, >+ onlyif=onlyif): >+ return False >+ conf.define('USING_SYSTEM_%s' % name.upper(), 1) >+ return True >+ >+def check_system_heimdal_binary(name): >+ if conf.LIB_MAY_BE_BUNDLED(name): >+ return False >+ if not conf.find_program(name, var=name.upper()): >+ return False >+ conf.define('USING_SYSTEM_%s' % name.upper(), 1) >+ return True >+ >+check_system_heimdal_lib("com_err", "com_right_r com_err", "com_err.h") >+ >+if check_system_heimdal_lib("roken", "rk_socket_set_reuseaddr", "roken.h"): >+ conf.env.CPPPATH_ROKEN_HOSTCC = conf.env.CPPPATH_ROKEN >+ conf.env.LIBPATH_ROKEN_HOSTCC = conf.env.LIBPATH_ROKEN >+ conf.env.LIB_ROKEN_HOSTCC = "roken" >+ conf.SET_TARGET_TYPE("ROKEN_HOSTCC", 'SYSLIB') >+ >+# Make sure HAVE_CONFIG_H is unset, as the system Heimdal headers use it >+# and include config.h if it is set, resulting in failure (since config.h >+# doesn't yet exist) >+ >+DEFINES = list(conf.env.DEFINES) >+conf.undefine("HAVE_CONFIG_H") >+while "HAVE_CONFIG_H=1" in conf.env.DEFINES: >+ conf.env.DEFINES.remove("HAVE_CONFIG_H=1") >+try: >+ check_system_heimdal_lib("wind", "wind_stringprep", "wind.h", onlyif="roken") >+ check_system_heimdal_lib("hx509", "hx509_bitstring_print", "hx509.h", onlyif="roken wind") >+ check_system_heimdal_lib("asn1", "initialize_asn1_error_table", "asn1_err.h", onlyif="roken com_err") >+ check_system_heimdal_lib("heimbase", "heim_cmp", "heimbase.h", onlyif="roken") >+ check_system_heimdal_lib("hcrypto", "MD4_Init", "hcrypto/md4.h", >+ onlyif="asn1 roken com_err") >+ if check_system_heimdal_lib("krb5", "krb5_anyaddr", "krb5.h", >+ onlyif="roken wind asn1 hx509 hcrypto com_err heimbase"): >+ conf.CHECK_FUNCS_IN('krb5_free_unparsed_name', 'krb5', headers="krb5.h") >+ check_system_heimdal_lib("gssapi", "gss_oid_to_name", "gssapi.h", >+ onlyif="hcrypto asn1 roken krb5 com_err wind") >+ check_system_heimdal_lib("heimntlm", "heim_ntlm_ntlmv2_key", "heimntlm.h", >+ onlyif="roken hcrypto krb5") >+ if check_system_heimdal_lib("hdb", "hdb_db_dir", "krb5.h hdb.h", >+ onlyif="roken krb5 hcrypto com_err wind"): >+ conf.CHECK_CODE(''' >+ #include <hdb.h> >+ int main(void) { hdb_enctype2key(NULL, NULL, NULL, 0, NULL); } >+ ''', >+ define='HDB_ENCTYPE2KEY_TAKES_KEYSET', >+ addmain=False, >+ lib='hdb', >+ msg='Checking whether hdb_enctype2key takes a keyset argument', >+ local_include=False) >+ >+ check_system_heimdal_lib("kdc", "kdc_log", "kdc.h", >+ onlyif="roken krb5 hdb asn1 heimntlm hcrypto com_err wind heimbase") >+finally: >+ conf.env.DEFINES = DEFINES >+ >+# With the proper checks in place we should be able to build against the system libtommath. >+#if conf.CHECK_BUNDLED_SYSTEM('tommath', checkfunctions='mp_init', headers='tommath.h'): >+# conf.define('USING_SYSTEM_TOMMATH', 1) >+ >+check_system_heimdal_binary("compile_et") >+check_system_heimdal_binary("asn1_compile") >-- >2.17.0 > > >From ad44a0e91606b6f5520eee303386e14592fb6fcf Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Wed, 30 Oct 2019 13:15:48 -0700 >Subject: [PATCH 2/6] wscript: Fix build with system heimdal > >Ubuntu has heimdal include files in /usr/include/heimdal. As the >kerberos include files are pulled into many files through indirect >includes, add the discovered include paths to EXTRA_INCLUDES to >always have them available. > >Also set USING_SYSTEM_KRB5 when enabling the system heimdal build, >to correctly handle the inclusion of the krb5-types.h file. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit be2d90b60d19eca408b60fe4e1b49f9b418f1b97) >--- > wscript_configure_system_heimdal | 3 +++ > 1 file changed, 3 insertions(+) > >diff --git a/wscript_configure_system_heimdal b/wscript_configure_system_heimdal >index 0ff6dad2f55..235fa1912b7 100644 >--- a/wscript_configure_system_heimdal >+++ b/wscript_configure_system_heimdal >@@ -18,6 +18,7 @@ if krb5_config: > elif l.startswith("includedir="): > include_path = l.strip()[len("includedir="):] > heimdal_includedirs.append(include_path) >+ conf.ADD_EXTRA_INCLUDES(include_path) > conf.define('HEIMDAL_KRB5_TYPES_PATH', > include_path + "/krb5-types.h") > finally: >@@ -97,3 +98,5 @@ finally: > > check_system_heimdal_binary("compile_et") > check_system_heimdal_binary("asn1_compile") >+ >+conf.define('USING_SYSTEM_KRB5', 1) >-- >2.17.0 > > >From 8d4c6c502c9213080ef2058ed27e59e37295009b Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@samba.org> >Date: Sat, 9 Nov 2019 15:36:32 +0000 >Subject: [PATCH 3/6] selftest: system-heimdal: workaround upstream "host" > canon bug > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179 > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 15ddd95d94688ed742a2965c4b269d7c84e2d858) >--- > selftest/target/Samba.pm | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm >index 3fe53f94a2c..3b47a9f9589 100644 >--- a/selftest/target/Samba.pm >+++ b/selftest/target/Samba.pm >@@ -240,6 +240,7 @@ sub mk_krb5_conf($$) > $ctx->{dnsname}, > $ctx->{domain}, > $ctx->{kdc_ipv4}); >+ my $lc_domain = lc($ctx->{domain}); > print KRB5CONF " > #Generated krb5.conf for $ctx->{realm} > >@@ -254,6 +255,12 @@ sub mk_krb5_conf($$) > # This is especially required by samba3.raw.session krb5 and > # reauth tests > clockskew = 5 >+ >+ name_canon_rules=as-is:realm=$ctx->{realm} >+ name_canon_rules=as-is:realm=$ctx->{dnsname} >+ name_canon_rules=as-is:realm=$ctx->{domain} >+ name_canon_rules=as-is:realm=$lc_domain >+ > # We are running on the same machine, do not correct > # system clock differences > kdc_timesync = 0 >-- >2.17.0 > > >From 5b9d0e3ae4563bd04ab82882ec0fc5f851a657d7 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Nov 2019 13:08:28 -0700 >Subject: [PATCH 4/6] krb5_plugin: Use C99 initializer > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 1aef796e302058ad3327613964fa89abaf940c1c) >--- > nsswitch/krb5_plugin/winbind_krb5_locator.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > >diff --git a/nsswitch/krb5_plugin/winbind_krb5_locator.c b/nsswitch/krb5_plugin/winbind_krb5_locator.c >index 518c871b248..a31c0822370 100644 >--- a/nsswitch/krb5_plugin/winbind_krb5_locator.c >+++ b/nsswitch/krb5_plugin/winbind_krb5_locator.c >@@ -409,10 +409,10 @@ static krb5_error_code smb_krb5_locator_lookup(void *private_data, > #endif > > const krb5plugin_service_locate_ftable SMB_KRB5_LOCATOR_SYMBOL_NAME = { >- 0, /* version */ >- smb_krb5_locator_init, >- smb_krb5_locator_close, >- smb_krb5_locator_lookup, >+ .minor_version = 0, >+ .init = smb_krb5_locator_init, >+ .fini = smb_krb5_locator_close, >+ .lookup = smb_krb5_locator_lookup, > }; > > #endif >-- >2.17.0 > > >From 777ea8033b0a3393d54999bd85546b7787167ff6 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Mon, 11 Nov 2019 13:37:25 -0700 >Subject: [PATCH 5/6] krb5_plugin: Fix developer build with newer heimdal > system library > >Newer heimdal versions provide a different locator plugin interface. The >function pointer for the old method has been renamed. Use an ifdef to >initialize the correct pointer. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 85d23236200dbe013c09a4f23d982ef1baac240d) >--- > nsswitch/krb5_plugin/winbind_krb5_locator.c | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/nsswitch/krb5_plugin/winbind_krb5_locator.c b/nsswitch/krb5_plugin/winbind_krb5_locator.c >index a31c0822370..d08cdf72a59 100644 >--- a/nsswitch/krb5_plugin/winbind_krb5_locator.c >+++ b/nsswitch/krb5_plugin/winbind_krb5_locator.c >@@ -412,7 +412,11 @@ const krb5plugin_service_locate_ftable SMB_KRB5_LOCATOR_SYMBOL_NAME = { > .minor_version = 0, > .init = smb_krb5_locator_init, > .fini = smb_krb5_locator_close, >+#ifdef KRB5_PLUGIN_LOCATE_VERSION_2 >+ .old_lookup = smb_krb5_locator_lookup, >+#else > .lookup = smb_krb5_locator_lookup, >+#endif > }; > > #endif >-- >2.17.0 > > >From c47ceb5f7d4b5fdd7125001fb82709095f87c6cd Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Wed, 30 Oct 2019 13:45:55 -0700 >Subject: [PATCH 6/6] autobuild: Add test for build with system heimdal library > >The configure option --with-system-heimdalkrb5 requires --without-ad-dc. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 7965a204d68196acddf553959bb3407125baf31d) >--- > script/autobuild.py | 11 +++++++++++ > 1 file changed, 11 insertions(+) > >diff --git a/script/autobuild.py b/script/autobuild.py >index 67c18a1aa35..5f55f7a9093 100755 >--- a/script/autobuild.py >+++ b/script/autobuild.py >@@ -40,6 +40,7 @@ builddirs = { > "samba-nt4": ".", > "samba-nt4-py2": ".", > "samba-fileserver": ".", >+ "samba-ktest-heimdal": ".", > "samba-xc": ".", > "samba-o3": ".", > "samba-ctdb": ".", >@@ -144,6 +145,16 @@ tasks = { > "--include-env=fileserver'", "text/plain"), > ("check-clean-tree", "script/clean-source-tree.sh", "text/plain")], > >+ "samba-ktest-heimdal": [ >+ ("random-sleep", "script/random-sleep.sh 60 600", "text/plain"), >+ ("configure", "./configure.developer --without-ad-dc --with-system-heimdalkrb5 --with-selftest-prefix=./bin/ab" + samba_configure_params, "text/plain"), >+ ("make", "make -j", "text/plain"), >+ ("test", "make test FAIL_IMMEDIATELY=1 " >+ "TESTS='${PY3_ONLY}" >+ "--include-env=ktest'", "text/plain"), >+ ("check-clean-tree", "script/clean-source-tree.sh", "text/plain"), >+ ], >+ > # We split out this so the isolated ad_dc tests do not wait for ad_dc_ntvfs tests (which are long) > "samba-ad-dc": [("random-sleep", "script/random-sleep.sh 60 600", "text/plain"), > ("configure", "./configure.developer --with-selftest-prefix=./bin/ab" + samba_configure_params, "text/plain"), >-- >2.17.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14179
:
15617
|
15618
|
15619