LU-4085 build: gss/krb5 is disabled despite functions found

The function available check for krb5int_derive_key and
krb5_derive_key by means of AC_CHECK_LIB($gssapi_lib,...)
does not set shell variables HAVE_KRB5_DERIVE_KEY,
HAVE_KRB5INT_DERIVE_KEY so the test
AS_IF([test "x$HAVE_KRB5INT_DERIVE_KEY" = "x1"
-o "x$HAVE_KRB5_DERIVE_KEY" = "x1"] gives false despite
the functions are found. As a side effect this fix
revealed that calls with real prototypes are required.
Thus prototypes of krb5_derive_key(...) and
krb5int_derive_key(...) are provided, and required
structures from krb5-int.h are copied.

Signed-off-by: Thomas Stibor <thomas@stibor.net>
Change-Id: I8c4cce5f861c9e4d01071024c4b852a2274c1b40
Reviewed-on: http://review.whamcloud.com/7913
Tested-by: Jenkins
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Bob Glossman <bob.glossman@intel.com>
Reviewed-by: Nathaniel Clark <nathaniel.l.clark@intel.com>

diff --git a/lustre/autoconf/kerberos5.m4 b/lustre/autoconf/kerberos5.m4
index 80fa4b3..1a712a1 100644 (file)
--- a/lustre/autoconf/kerberos5.m4
+++ b/lustre/autoconf/kerberos5.m4
@@ -65,7 +65,7 @@ AC_DEFUN([AC_KERBEROS_V5],[
     fi
   done
   dnl We didn't find a usable Kerberos environment
-  if test "x$require_krb5" = "xyes" && "x$KRBDIR" = "x"; then
+  if test "x$require_krb5" = "xyes" -a "x$KRBDIR" = "x"; then
     if test "x$krb5_with" = "x"; then
       AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
     else
@@ -103,11 +103,11 @@ AC_DEFUN([AC_KERBEROS_V5],[
 
   dnl Check for krb5int_derive_key
   AC_CHECK_LIB($gssapi_lib, krb5int_derive_key,
-    AC_DEFINE(HAVE_KRB5INT_DERIVE_KEY, 1, [Define this if the function krb5int_derive_key is available]), ,$KRBLIBS)
+    [HAVE_KRB5INT_DERIVE_KEY=1; AC_DEFINE(HAVE_KRB5INT_DERIVE_KEY, 1, [Define this if the function krb5int_derive_key is available])], ,$KRBLIBS)
 
   dnl Check for krb5_derive_key
   AC_CHECK_LIB($gssapi_lib, krb5_derive_key,
-    AC_DEFINE(HAVE_KRB5_DERIVE_KEY, 1, [Define this if the function krb5_derive_key is available]), ,$KRBLIBS)
+    [HAVE_KRB5_DERIVE_KEY=1; AC_DEFINE(HAVE_KRB5_DERIVE_KEY, 1, [Define this if the function krb5_derive_key is available])], ,$KRBLIBS)
 
   AS_IF([test "x$HAVE_KRB5INT_DERIVE_KEY" = "x1" -o "x$HAVE_KRB5_DERIVE_KEY" = "x1"],
         [AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])],

diff --git a/lustre/utils/gss/context.h b/lustre/utils/gss/context.h
index 369cfea..69df2d8 100644 (file)
--- a/lustre/utils/gss/context.h
+++ b/lustre/utils/gss/context.h
@@ -31,6 +31,8 @@
 #ifndef _CONTEXT_H_
 #define _CONTEXT_H_
 
+#include <krb5.h>
+
 /* Hopefully big enough to hold any serialized context */
 #define MAX_CTX_LEN 4096
 
@@ -40,10 +42,27 @@
 #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY   0x00000004
 
 #if HAVE_KRB5INT_DERIVE_KEY
-extern int krb5int_derive_key();
-extern int krb5_k_create_key();
+/* Taken from crypto_int.h */
+enum deriv_alg {
+       DERIVE_RFC3961,         /* RFC 3961 section 5.1 */
+#ifdef CAMELLIA
+       DERIVE_SP800_108_CMAC,  /* NIST SP 800-108 with CMAC as PRF */
+#endif
+};
+
+extern krb5_error_code krb5int_derive_key(const void *enc,
+                                         krb5_key inkey, krb5_key *outkey,
+                                         const krb5_data *in_constant,
+                                         enum deriv_alg alg);
+extern krb5_error_code krb5_k_create_key(krb5_context context,
+                                        const krb5_keyblock *key_data,
+                                        krb5_key *out);
 #else /* !HAVE_KRB5INT_DERIVE_KEY */
-extern int krb5_derive_key();
+
+extern krb5_error_code krb5_derive_key(const void *enc,
+                                      const krb5_keyblock *inkey,
+                                      krb5_keyblock *outkey,
+                                      const krb5_data *in_constant);
 #endif
 
 int serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf,

diff --git a/lustre/utils/gss/context_lucid.c b/lustre/utils/gss/context_lucid.c
index f64f49b..7eba6b6 100644 (file)
--- a/lustre/utils/gss/context_lucid.c
+++ b/lustre/utils/gss/context_lucid.c
@@ -208,15 +208,6 @@ extern void krb5int_enc_arcfour;
 extern void krb5int_enc_des3;
 extern void krb5int_enc_aes128;
 extern void krb5int_enc_aes256;
-#if HAVE_KRB5INT_DERIVE_KEY
-/* Taken from crypto_int.h */
-enum deriv_alg {
-       DERIVE_RFC3961,         /* RFC 3961 section 5.1 */
-#ifdef CAMELLIA
-       DERIVE_SP800_108_CMAC,  /* NIST SP 800-108 with CMAC as PRF */
-#endif
-};
-#endif  /* HAVE_KRB5INT_DERIVE_KEY */
 
 static void
 key_lucid_to_krb5(const gss_krb5_lucid_key_t *lin, krb5_keyblock *kout)