From 8a5e793a0576250da80371e53aa3e7eba15cdb63 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 16 Jul 2014 21:43:30 +0200 Subject: Add conditional build for MIT Kerberos localauth plugin This patch adds everything what is needed to build the MIT Kerberos localauth plugin if the used version of MIT Kerberos supports it. It does not implement the plugin. Reviewed-by: Jakub Hrozek --- Makefile.am | 19 +++++++++++++++++++ contrib/sssd.spec.in | 12 ++++++++++++ src/external/krb5.m4 | 15 +++++++++++++++ src/krb5_plugin/sssd_krb5_localauth_plugin.c | 28 ++++++++++++++++++++++++++++ src/tests/dlopen-tests.c | 4 ++++ 5 files changed, 78 insertions(+) create mode 100644 src/krb5_plugin/sssd_krb5_localauth_plugin.c diff --git a/Makefile.am b/Makefile.am index 4c3dc35d2..64c017ea0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -35,6 +35,9 @@ ldblibdir = @ldblibdir@ if BUILD_KRB5_LOCATOR_PLUGIN krb5plugindir = @krb5pluginpath@ endif +if BUILD_KRB5_LOCALAUTH_PLUGIN +krb5localauth_plugindir = @appmodpath@ +endif if BUILD_PAC_RESPONDER krb5authdata_plugindir = @krb5authdatapluginpath@ endif @@ -250,6 +253,11 @@ krb5plugin_LTLIBRARIES = \ sssd_krb5_locator_plugin.la endif +if BUILD_KRB5_LOCALAUTH_PLUGIN +krb5localauth_plugin_LTLIBRARIES = \ + sssd_krb5_localauth_plugin.la +endif + if BUILD_PAC_RESPONDER krb5authdata_plugin_LTLIBRARIES = \ sssd_pac_plugin.la @@ -2475,6 +2483,17 @@ sssd_krb5_locator_plugin_la_LDFLAGS = \ -module endif +if BUILD_KRB5_LOCALAUTH_PLUGIN +sssd_krb5_localauth_plugin_la_SOURCES = \ + src/krb5_plugin/sssd_krb5_localauth_plugin.c +sssd_krb5_localauth_plugin_la_CFLAGS = \ + $(AM_CFLAGS) \ + $(KRB5_CFLAGS) +sssd_krb5_localauth_plugin_la_LDFLAGS = \ + -avoid-version \ + -module +endif + sssd_pac_plugin_la_SOURCES = \ src/sss_client/sssd_pac.c \ src/sss_client/common.c \ diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 770a0c7d6..a566a5550 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -5,6 +5,7 @@ %global is_rhel5 %(%{__grep} -c "release 5" /etc/redhat-release) %global rhel5_minor %(%{__grep} -o "5.[0-9]*" /etc/redhat-release |%{__sed} -s 's/5.//') +%global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//') %if 0%{?is_rhel5} > 0 # we don't want to provide private python extension libs @@ -48,6 +49,10 @@ %global with_cifs_utils_plugin_option --disable-cifs-idmap-plugin %endif +%if (0%{?fedora} >= 21 || (0%{?rhel} == 7 && 0%{?rhel7_minor} >= 1)) + %global with_krb5_localauth_plugin 1 +%endif + Name: @PACKAGE_NAME@ Version: @PACKAGE_VERSION@ Release: 0@PRERELEASE_VERSION@%{?dist} @@ -113,7 +118,11 @@ BuildRequires: pcre-devel BuildRequires: libxslt BuildRequires: libxml2 BuildRequires: docbook-style-xsl +%if (0%{?with_krb5_localauth_plugin} == 1) +BuildRequires: krb5-devel >= 1.12 +%else BuildRequires: krb5-devel +%endif BuildRequires: c-ares-devel BuildRequires: python-devel BuildRequires: check-devel @@ -746,6 +755,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/cifs-utils/cifs_idmap_sss.so %ghost %{_sysconfdir}/cifs-utils/idmap-plugin %endif +%if (0%{?with_krb5_localauth_plugin} == 1) +%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so +%endif %{_mandir}/man8/pam_sss.8* %{_mandir}/man8/sssd_krb5_locator_plugin.8* diff --git a/src/external/krb5.m4 b/src/external/krb5.m4 index 861c8c9fd..90b4a2583 100644 --- a/src/external/krb5.m4 +++ b/src/external/krb5.m4 @@ -96,5 +96,20 @@ AM_CONDITIONAL([BUILD_KRB5_LOCATOR_PLUGIN], AM_COND_IF([BUILD_KRB5_LOCATOR_PLUGIN], [AC_DEFINE_UNQUOTED(HAVE_KRB5_LOCATOR_PLUGIN, 1, [Build with krb5 locator plugin])]) +AC_CHECK_HEADER([krb5/localauth_plugin.h], + [have_localauth_plugin=yes], + [have_localauth_plugin=no] + [AC_MSG_NOTICE([Kerberos localauth plugin cannot be built])], + [ #ifdef HAVE_KRB5_KRB5_H + #include + #else + #include + #endif + ]) +AM_CONDITIONAL([BUILD_KRB5_LOCALAUTH_PLUGIN], + [test x$have_localauth_plugin = xyes]) +AM_COND_IF([BUILD_KRB5_LOCALAUTH_PLUGIN], + [AC_DEFINE_UNQUOTED(HAVE_KRB5_LOCALAUTH_PLUGIN, 1, [Build with krb5 localauth plugin])]) + CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS diff --git a/src/krb5_plugin/sssd_krb5_localauth_plugin.c b/src/krb5_plugin/sssd_krb5_localauth_plugin.c new file mode 100644 index 000000000..93fbbc295 --- /dev/null +++ b/src/krb5_plugin/sssd_krb5_localauth_plugin.c @@ -0,0 +1,28 @@ +/* + Authors: + Sumit Bose + + Copyright (C) 2014 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include + +krb5_error_code +localauth_sssd_initvt(krb5_context context, int maj_ver, int min_ver, + krb5_plugin_vtable vtable) +{ + return KRB5_PLUGIN_VER_NOTSUPP; +} diff --git a/src/tests/dlopen-tests.c b/src/tests/dlopen-tests.c index 52d9c02e1..5eb1ed685 100644 --- a/src/tests/dlopen-tests.c +++ b/src/tests/dlopen-tests.c @@ -57,6 +57,10 @@ struct so { { "sssd_krb5_locator_plugin.so", { LIBPFX"sssd_krb5_locator_plugin.so", NULL } }, #endif +#ifdef HAVE_KRB5_LOCALAUTH_PLUGIN + { "sssd_krb5_localauth_plugin.so", { LIBPFX"sssd_krb5_localauth_plugin.so", + NULL } }, +#endif #ifdef HAVE_PAC_RESPONDER { "sssd_pac_plugin.so", { LIBPFX"sssd_pac_plugin.so", NULL } }, #endif -- cgit