CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental

This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
author: Andrew Bartlett <abartlet@samba.org> 2018-11-06 13:32:05 +1300
committer: Karolin Seeger <kseeger@samba.org> 2018-11-28 08:22:24 +0100
commit: 07c49d25cdca605bd84294603713d51f913a7ed2 (patch)
tree: 8dfd3a09e8bdf3273b3bb5ea17d95716c90d3895 /wscript
parent: 9a12a001466b21cfb27cb77ee01b11d84bcb36b4 (diff)
download: samba-07c49d25cdca605bd84294603713d51f913a7ed2.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/wscript b/wscript
index c5d8e5bdd7d..c06a2e38a87 100644
--- a/wscript
+++ b/wscript
@@ -55,6 +55,14 @@ def options(opt):
                    help='build Samba with system MIT Kerberos. ' +
                         'You may specify list of paths where Kerberos is installed (e.g. /usr/local /usr/kerberos) to search krb5-config',
                    action='callback', callback=system_mitkrb5_callback, dest='with_system_mitkrb5', default=False)
+
+    opt.add_option('--with-experimental-mit-ad-dc',
+                   help='Enable the experimental MIT Kerberos-backed AD DC.  ' +
+                   'Note that security patches are not issued for this configuration',
+                   action='store_true',
+                   dest='with_experimental_mit_ad_dc',
+                   default=False)
+
     opt.add_option('--with-system-mitkdc',
                    help=('Specify the path to the krb5kdc binary from MIT Kerberos'),
                    type="string",
@@ -214,7 +222,16 @@ def configure(conf):
         conf.DEFINE('AD_DC_BUILD_IS_ENABLED', 1)
 
     if Options.options.with_system_mitkrb5:
+        if not Options.options.with_experimental_mit_ad_dc and \
+           not Options.options.without_ad_dc:
+            raise Errors.WafError('The MIT Kerberos build of Samba as an AD DC ' +
+                                  'is experimental. Therefore '
+                                  '--with-system-mitkrb5 requires either ' +
+                                  '--with-experimental-mit-ad-dc or ' +
+                                  '--without-ad-dc')
+
         conf.PROCESS_SEPARATE_RULE('system_mitkrb5')
+
     if not (Options.options.without_ad_dc or Options.options.with_system_mitkrb5):
         conf.DEFINE('AD_DC_BUILD_IS_ENABLED', 1)
author	Andrew Bartlett <abartlet@samba.org>	2018-11-06 13:32:05 +1300
committer	Karolin Seeger <kseeger@samba.org>	2018-11-28 08:22:24 +0100
commit	07c49d25cdca605bd84294603713d51f913a7ed2 (patch)
tree	8dfd3a09e8bdf3273b3bb5ea17d95716c90d3895 /wscript
parent	9a12a001466b21cfb27cb77ee01b11d84bcb36b4 (diff)
download	samba-07c49d25cdca605bd84294603713d51f913a7ed2.tar.gz