Hi Dmitry,
Thanks. Alexandre pointed out that we do not need to load libkrb5 dynamically because libgssapi_krb5 depends on libkrb5. So if libkrb5 is missing the SSP wouldn't be usable anyway.
diff --git a/configure.ac b/configure.ac index 58737162a8..82faa4b943 100644 --- a/configure.ac +++ b/configure.ac @@ -422,6 +422,7 @@ AC_CHECK_HEADERS(\ ieeefp.h \ inet/mib2.h \ io.h \
- krb5/krb5.h \ kstat.h \ libproc.h \ link.h \
@@ -1625,6 +1626,14 @@ fi WINE_NOTICE_WITH(gsm,[test "x$ac_cv_lib_soname_gsm" = "x"], [libgsm ${notice_platform}development files not found, gsm 06.10 codec won't be supported.])
+dnl **** Check for krb5 **** +if test "$ac_cv_header_krb5_krb5_h" = "yes" +then
- WINE_CHECK_SONAME(krb5,krb5_init_context)
+fi +WINE_NOTICE_WITH(krb5,[test "x$ac_cv_lib_soname_krb5" = "x"],
[libkrb5 ${notice_platform}development files not found, krb5 won't be supported.])
There is pkgconfig support for krb5. I guess we want to use it.
You need to guard the code that uses krb5 functions with an ifdef or it will fail to compile if the headers are missing.
Hans Leidekker hans@codeweavers.com writes:
Hi Dmitry,
Thanks. Alexandre pointed out that we do not need to load libkrb5 dynamically because libgssapi_krb5 depends on libkrb5. So if libkrb5 is missing the SSP wouldn't be usable anyway.
diff --git a/configure.ac b/configure.ac index 58737162a8..82faa4b943 100644 --- a/configure.ac +++ b/configure.ac @@ -422,6 +422,7 @@ AC_CHECK_HEADERS(\ ieeefp.h \ inet/mib2.h \ io.h \
- krb5/krb5.h \ kstat.h \ libproc.h \ link.h \
@@ -1625,6 +1626,14 @@ fi WINE_NOTICE_WITH(gsm,[test "x$ac_cv_lib_soname_gsm" = "x"], [libgsm ${notice_platform}development files not found, gsm 06.10 codec won't be supported.])
+dnl **** Check for krb5 **** +if test "$ac_cv_header_krb5_krb5_h" = "yes" +then
- WINE_CHECK_SONAME(krb5,krb5_init_context)
+fi +WINE_NOTICE_WITH(krb5,[test "x$ac_cv_lib_soname_krb5" = "x"],
[libkrb5 ${notice_platform}development files not found, krb5 won't be supported.])There is pkgconfig support for krb5. I guess we want to use it.
You need to guard the code that uses krb5 functions with an ifdef or it will fail to compile if the headers are missing.
Actually, if you link directly to it, you can simply not build the dll at all and avoid ifdefs. If it helps, I can take care of the configure changes.
Alexandre Julliard julliard@winehq.org wrote:
Actually, if you link directly to it, you can simply not build the dll at all and avoid ifdefs. If it helps, I can take care of the configure changes.
That would be great. Thanks.
Hi,
It's great to see kerberos support moving forward.
On 10/17/17 1:07 PM, Hans Leidekker wrote:
Thanks. Alexandre pointed out that we do not need to load libkrb5 dynamically because libgssapi_krb5 depends on libkrb5. So if libkrb5 is missing the SSP wouldn't be usable anyway.
I do not think that a not functioning stub (when dependencies are missing) is useless. I added the stub because it was needed (and enough) for Office 2013 installer. The installer needs to register authentication info for its RPC server successfully. As long as no actual authentication is done (and installer also registers NTLM info, which is used in practice), a stub is enough.
That said, if EnumerateSecurityPackagesW will not return kerberos without libkrb5 available, libkrb5 will become a hard dependency of Office 2013 installer (and Office 2016 I guess, but I didn't verify that). It might be okay, but please take that into account in considerations.
Thanks, Jacek
On Tue, 2017-10-17 at 14:57 +0200, Jacek Caban wrote:
On 10/17/17 1:07 PM, Hans Leidekker wrote:
Thanks. Alexandre pointed out that we do not need to load libkrb5 dynamically because libgssapi_krb5 depends on libkrb5. So if libkrb5 is missing the SSP wouldn't be usable anyway.
I do not think that a not functioning stub (when dependencies are missing) is useless. I added the stub because it was needed (and enough) for Office 2013 installer. The installer needs to register authentication info for its RPC server successfully. As long as no actual authentication is done (and installer also registers NTLM info, which is used in practice), a stub is enough.
That said, if EnumerateSecurityPackagesW will not return kerberos without libkrb5 available, libkrb5 will become a hard dependency of Office 2013 installer (and Office 2016 I guess, but I didn't verify that). It might be okay, but please take that into account in considerations.
Right, this is why I left the stubs in when building without Kerberos support. We could keep the stub provider in secur32 as a fallback, or build kerberos.dll in all cases but with stubs if support is missing.
Hans Leidekker hans@codeweavers.com writes:
On Tue, 2017-10-17 at 14:57 +0200, Jacek Caban wrote:
On 10/17/17 1:07 PM, Hans Leidekker wrote:
Thanks. Alexandre pointed out that we do not need to load libkrb5 dynamically because libgssapi_krb5 depends on libkrb5. So if libkrb5 is missing the SSP wouldn't be usable anyway.
I do not think that a not functioning stub (when dependencies are missing) is useless. I added the stub because it was needed (and enough) for Office 2013 installer. The installer needs to register authentication info for its RPC server successfully. As long as no actual authentication is done (and installer also registers NTLM info, which is used in practice), a stub is enough.
That said, if EnumerateSecurityPackagesW will not return kerberos without libkrb5 available, libkrb5 will become a hard dependency of Office 2013 installer (and Office 2016 I guess, but I didn't verify that). It might be okay, but please take that into account in considerations.
Right, this is why I left the stubs in when building without Kerberos support. We could keep the stub provider in secur32 as a fallback, or build kerberos.dll in all cases but with stubs if support is missing.
If we have a kerberos.dll, I think it makes more sense to handle the stubs there too.
-
Alexandre Julliard -
Dmitry Timoshkov -
Hans Leidekker -
Jacek Caban