Bug 863 - Faulty autoconf check for "memory keytab support"
Faulty autoconf check for "memory keytab support"
Status: RESOLVED DUPLICATE of bug 912
Product: Samba 3.0
Classification: Unclassified
Component: Build environment
3.0.0preX
Other Linux
: P3 normal
: none
Assigned To: Jeremy Allison
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-07 15:40 UTC by Greg Schafer
Modified: 2005-02-07 07:57 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Schafer 2003-12-07 15:40:35 UTC
I'm testing 3.0.1rc1 on i686-pc-linux-gnu building against krb5-1.3.1.

While investigating some local build issues, I noticed that this autoconf test
appears to be wrong:

"checking for memory keytab support... no"

AFAICT, my kerberos installation should support in-memory keytabs.

Looking at the autoconf macro in configure.in I see this:

----------
  AC_CACHE_CHECK([for memory keytab support],
                 samba_cv_HAVE_MEMORY_KEYTAB,[
    AC_TRY_RUN([
#include<krb5.h>
  main()
  { 
    krb5_context context;
    krb5_keytab keytab;
    
    krb5_init_context(&context);
    if (krb5_kt_resolve(context, "MEMORY:", &keytab))
      exit(0);
    exit(1);
  }], 
  samba_cv_HAVE_MEMORY_KEYTAB=no,
  samba_cv_HAVE_MEMORY_KEYTAB=yes)])
----------

The general format for this autoconf macro is:

AC_TRY_RUN (PROGRAM, [ACTION-IF-TRUE], [ACTION-IF-FALSE]

Therefore it would seem the setup of this macro is incorrect. It should be:

  samba_cv_HAVE_MEMORY_KEYTAB=yes,
  samba_cv_HAVE_MEMORY_KEYTAB=no

PS - If I'm right, this will expose another bug in the autoconfigury which was
supposed to have been addressed in bug 636. I'm still getting:

checking for key in krb5_keytab_entry... no
checking for keyblock in krb5_keytab_entry... no

Thanks
Comment 1 Jeremy Allison 2003-12-11 12:55:19 UTC
Suggested fix is correct. Applied - thanks a *lot*!
Jeremy.
Comment 2 Alexander E. Patrakov 2003-12-17 06:21:15 UTC
The fix is incorrect. In fact, it breaks key functionality: it is impossible 
to log in to a member SAMBA server from Windows 2003 domain controller. 
Explanation: 
 
krb5_kt_resolve returns 0 on success and the error code otherwise. If it 
returns 0, that is treated as "false" by the "if" statement, and the test 
program returns 1 (false), and the old variant of the test will then define 
HAVE_MEMORY_KEYTAB. That's what we want. 
 
I admit that the test is written in a very unreadable and even confusing way. 
 
Also I suggest making a new release immediately, because the key functionality 
is broken. 
 
Comment 3 Alexander E. Patrakov 2003-12-17 06:23:58 UTC
Forgot to say that I use MIT Kerberos 1.3.1 (no memory keytab support) 
Comment 4 Gerald (Jerry) Carter 2004-01-02 07:13:28 UTC
not fixed apparently.
Comment 5 Gerald (Jerry) Carter 2004-01-02 07:23:31 UTC

*** This bug has been marked as a duplicate of 912 ***
Comment 6 Gerald (Jerry) Carter 2005-02-07 07:57:20 UTC
originally reported against 3.0aph24.  Bugzilla spring cleaning.  
Removing old alpha versions.