diff options
| author | nectar <nectar@FreeBSD.org> | 2002-09-16 21:04:40 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2002-09-16 21:04:40 +0000 |
| commit | a876cfedd88823d520688032e9bde83b68098a88 (patch) | |
| tree | dcd3a0c4ed207dd29fc2afc7e76bb2592c51d93a | |
| parent | fece93f6bd7aed95bbd6edfb87765c3fcdbfedd5 (diff) | |
| parent | 8707f886593c300d83c76654e92ec76bcea9b858 (diff) | |
| download | FreeBSD-src-a876cfedd88823d520688032e9bde83b68098a88.zip FreeBSD-src-a876cfedd88823d520688032e9bde83b68098a88.tar.gz | |
This commit was generated by cvs2svn to compensate for changes in r103423,
which included commits to RCS files with non-trunk default branches.
101 files changed, 6985 insertions, 3883 deletions
diff --git a/crypto/heimdal/ChangeLog b/crypto/heimdal/ChangeLog index ecccf1d..700a53e 100644 --- a/crypto/heimdal/ChangeLog +++ b/crypto/heimdal/ChangeLog @@ -1,3 +1,171 @@ +2002-09-16 Jacques Vidrine <nectar@kth.se> + + * lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn + to convert the newline to NUL in fgets results. + +2002-09-13 Johan Danielsson <joda@pdc.kth.se> + + * kuser/kinit.1: remove unneeded Ns + + * lib/krb5/krb5_appdefault.3: remove extra "application" + + * fix-export: remove autom4ate.cache + +2002-09-10 Johan Danielsson <joda@pdc.kth.se> + + * include/make_crypto.c: don't use function macros if possible + + * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX + + * include/Makefile.am: use make_crypto to create crypto-headers.h + + * include/make_crypto.c: crypto header generation tool + + * configure.in: move crypto test to just after testing for krb4, + and move roken tests to after both, this speeds up various failure + cases with krb4 + + * lib/krb5/config_file.c: don't use NULL when we mean 0 + + * configure.in: we don't set package_libdir anymore, so no point + in testing for it + + * tools/Makefile.am: subst INCLUDE_des + + * tools/krb5-config.in: add INCLUDE_des to cflags + + * configure.in: use AC_CONFIG_SRCDIR + + * fix-export: remove some unneeded stuff + + * kuser/kinit.c (do_524init): free principals + +2002-09-09 Jacques Vidrine <nectar@kth.se> + + * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding), + kdc/kaserver.c (krb5_ret_xdr_data), + lib/krb5/transited.c (krb5_domain_x500_decode): Validate some + counts: Check that they are non-negative, and that they are small + enough to avoid integer overflow when used in memory allocation + calculations. Potential problem areas pointed out by + Sebastian Krahmer <krahmer@suse.de>. + + * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when + creating a new keyfile. + +2002-09-09 Johan Danielsson <joda@pdc.kth.se> + + * configure.in: don't try to build pam module + +2002-09-05 Johan Danielsson <joda@pdc.kth.se> + + * appl/kf/kf.c: fix warning string + + * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we + know we need it + +2002-09-04 Assar Westerlund <assar@kth.se> + + * kdc/kerberos5.c (encode_reply): correct error logging + +2002-09-04 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/sendauth.c: close ccache if we opened it + + * appl/kf/kf.c: handle new protocol + + * appl/kf/kfd.c: use krb5_err instead of sysloging directly, + handle the new protocol, and bail out if an old client tries to + connect + + * appl/kf/kf_locl.h: we need a protocol version string + + * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE + + * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE + + * kdc/hprop.c: set AP_OPTS_USE_SUBKEY + + * lib/hdb/common.c: use ASN1_MALLOC_ENCODE + + * lib/asn1/gen.c: add convenience macro that allocates a buffer + and encoded into that + + * lib/krb5/get_cred.c (init_tgs_req): use + in_creds->session.keytype literally instead of trying to convert + to a list of enctypes (it should already be an enctype) + + * lib/krb5/get_cred.c (init_tgs_req): init ret + +2002-09-03 Johan Danielsson <joda@pdc.kth.se> + + * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC + + * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC + + * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use + zero ivec in DES3_CBC_encrypt if passed ivec is NULL + + * lib/krb5/Makefile.am: back out 1.144, since it will re-create + krb5-protos.h at build-time, which requires perl, which is bad + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't + blindly use the local subkey + + * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that + extracts the required blocksize from a crypto context + + * lib/krb5/build_auth.c: just get the length of the encoded + authenticator instead of trying to grow a buffer + +2002-09-03 Assar Westerlund <assar@kth.se> + + * configure.in: add --disable-mmap option, and tests for + sys/mman.h and mmap + +2002-09-03 Jacques Vidrine <nectar@kth.se> + + * lib/krb5/changepw.c: verify lengths in response + + * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for + truncated integers + +2002-09-02 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/mk_req_ext.c: generate a local subkey if + AP_OPTS_USE_SUBKEY is set + + * lib/krb5/build_auth.c: we don't have enough information about + whether to generate a local subkey here, so don't try to + + * lib/krb5/auth_context.c: new function + krb5_auth_con_generatelocalsubkey + + * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an + initial ticket + + * lib/krb5/context.c (init_context_from_config_file): simplify + initialisation of srv_lookup + + * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY + + * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY + +2002-08-30 Assar Westerlund <assar@kth.se> + + * lib/krb5/name-45-test.c: also test krb5_524_conv_principal + * lib/krb5/Makefile.am (TESTS): add name-45-test + * lib/krb5/name-45-test.c: add testcases for + krb5_425_conv_principal + +2002-08-29 Assar Westerlund <assar@kth.se> + + * lib/krb5/parse-name-test.c: also test unparse_short functions + * lib/asn1/asn1_print.c: use com_err/error_message API + * lib/krb5/Makefile.am: add parse-name-test + * lib/krb5/parse-name-test.c: add a program for testing parsing + and unparsing principal names + 2002-08-28 Assar Westerlund <assar@kth.se> * kdc/config.c: add missing ifdef DAEMON diff --git a/crypto/heimdal/aclocal.m4 b/crypto/heimdal/aclocal.m4 index 006cbff..8b7a282 100644 --- a/crypto/heimdal/aclocal.m4 +++ b/crypto/heimdal/aclocal.m4 @@ -4555,7 +4555,426 @@ AC_SUBST(WFLAGS_NOUNUSED)dnl AC_SUBST(WFLAGS_NOIMPLICITINT)dnl ]) -dnl $Id: db.m4,v 1.8 2002/05/17 15:32:21 joda Exp $ +dnl $Id: test-package.m4,v 1.12 2002/09/10 15:23:38 joda Exp $ +dnl +dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs, +dnl default locations, conditional, config-program) + +AC_DEFUN(rk_TEST_PACKAGE,[ +AC_ARG_WITH($1, + AC_HELP_STRING([--with-$1=dir],[use $1 in dir])) +AC_ARG_WITH($1-lib, + AC_HELP_STRING([--with-$1-lib=dir],[use $1 libraries in dir]), +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-lib]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi]) +AC_ARG_WITH($1-include, + AC_HELP_STRING([--with-$1-include=dir],[use $1 headers in dir]), +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-include]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi]) +AC_ARG_WITH($1-config, + AC_HELP_STRING([--with-$1-config=path],[config program for $1])) + +m4_ifval([$6], + m4_define([rk_pkgname], $6), + m4_define([rk_pkgname], AS_TR_CPP($1))) + +AC_MSG_CHECKING(for $1) + +case "$with_$1" in +yes|"") d='$5' ;; +no) d= ;; +*) d="$with_$1" ;; +esac + +header_dirs= +lib_dirs= +for i in $d; do + if test "$with_$1_include" = ""; then + if test -d "$i/include/$1"; then + header_dirs="$header_dirs $i/include/$1" + fi + if test -d "$i/include"; then + header_dirs="$header_dirs $i/include" + fi + fi + if test "$with_$1_lib" = ""; then + if test -d "$i/lib$abilibdirext"; then + lib_dirs="$lib_dirs $i/lib$abilibdirext" + fi + fi +done + +if test "$with_$1_include"; then + header_dirs="$with_$1_include $header_dirs" +fi +if test "$with_$1_lib"; then + lib_dirs="$with_$1_lib $lib_dirs" +fi + +if test "$with_$1_config" = ""; then + with_$1_config='$7' +fi + +$1_cflags= +$1_libs= + +case "$with_$1_config" in +yes|no|"") + ;; +*) + $1_cflags="`$with_$1_config --cflags 2>&1`" + $1_libs="`$with_$1_config --libs 2>&1`" + ;; +esac + +found=no +if test "$with_$1" != no; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + if test "$[]$1_cflags" -a "$[]$1_libs"; then + CFLAGS="$[]$1_cflags $save_CFLAGS" + LIBS="$[]$1_libs $save_LIBS" + AC_TRY_LINK([$2],,[ + INCLUDE_$1="$[]$1_cflags" + LIB_$1="$[]$1_libs" + AC_MSG_RESULT([from $with_$1_config]) + found=yes]) + fi + if test "$found" = no; then + ires= lres= + for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" + AC_TRY_COMPILE([$2],,ires=$i;break) + done + for i in $lib_dirs; do + LIBS="-L$i $3 $4 $save_LIBS" + AC_TRY_LINK([$2],,lres=$i;break) + done + if test "$ires" -a "$lres" -a "$with_$1" != "no"; then + INCLUDE_$1="-I$ires" + LIB_$1="-L$lres $3 $4" + found=yes + AC_MSG_RESULT([headers $ires, libraries $lres]) + fi + fi + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + +if test "$found" = yes; then + AC_DEFINE_UNQUOTED(rk_pkgname, 1, [Define if you have the $1 package.]) + with_$1=yes +else + with_$1=no + INCLUDE_$1= + LIB_$1= + AC_MSG_RESULT(no) +fi + +AC_SUBST(INCLUDE_$1) +AC_SUBST(LIB_$1) +]) + +dnl $Id: find-func.m4,v 1.1 1997/12/14 15:58:58 joda Exp $ +dnl +dnl AC_FIND_FUNC(func, libraries, includes, arguments) +AC_DEFUN(AC_FIND_FUNC, [ +AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4]) +if test -n "$LIB_$1"; then + LIBS="$LIB_$1 $LIBS" +fi +]) + +dnl $Id: find-func-no-libs.m4,v 1.5 1999/10/30 21:08:18 assar Exp $ +dnl +dnl +dnl Look for function in any of the specified libraries +dnl + +dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args) +AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [ +AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])]) + +dnl $Id: find-func-no-libs2.m4,v 1.6 2001/09/01 10:57:32 assar Exp $ +dnl +dnl +dnl Look for function in any of the specified libraries +dnl + +dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args) +AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [ + +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(ac_cv_funclib_$1, +[ +if eval "test \"\$ac_cv_func_$1\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in $2; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS="$6 $ac_lib $5 $ac_save_LIBS" + AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break) + done + eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}" + LIBS="$ac_save_LIBS" +fi +]) + +eval "ac_res=\$ac_cv_funclib_$1" + +if false; then + AC_CHECK_FUNCS($1) +dnl AC_CHECK_LIBS($2, foo) +fi +# $1 +eval "ac_tr_func=HAVE_[]upcase($1)" +eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')" +eval "LIB_$1=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_$1=yes" + eval "LIB_$1=" + AC_DEFINE_UNQUOTED($ac_tr_func) + AC_MSG_RESULT([yes]) + ;; + no) + eval "ac_cv_func_$1=no" + eval "LIB_$1=" + AC_MSG_RESULT([no]) + ;; + *) + eval "ac_cv_func_$1=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + AC_DEFINE_UNQUOTED($ac_tr_func) + AC_DEFINE_UNQUOTED($ac_tr_lib) + AC_MSG_RESULT([yes, in $ac_res]) + ;; +esac +AC_SUBST(LIB_$1) +]) + +dnl $Id: crypto.m4,v 1.13 2002/09/10 19:55:48 joda Exp $ +dnl +dnl test for crypto libraries: +dnl - libcrypto (from openssl) +dnl - libdes (from krb4) +dnl - own-built libdes + +m4_define([test_headers], [ + #undef KRB5 /* makes md4.h et al unhappy */ + #ifdef HAVE_OPENSSL + #include <openssl/md4.h> + #include <openssl/md5.h> + #include <openssl/sha.h> + #include <openssl/des.h> + #include <openssl/rc4.h> + #else + #include <md4.h> + #include <md5.h> + #include <sha.h> + #include <des.h> + #include <rc4.h> + #endif + #ifdef OLD_HASH_NAMES + typedef struct md4 MD4_CTX; + #define MD4_Init(C) md4_init((C)) + #define MD4_Update(C, D, L) md4_update((C), (D), (L)) + #define MD4_Final(D, C) md4_finito((C), (D)) + typedef struct md5 MD5_CTX; + #define MD5_Init(C) md5_init((C)) + #define MD5_Update(C, D, L) md5_update((C), (D), (L)) + #define MD5_Final(D, C) md5_finito((C), (D)) + typedef struct sha SHA_CTX; + #define SHA1_Init(C) sha_init((C)) + #define SHA1_Update(C, D, L) sha_update((C), (D), (L)) + #define SHA1_Final(D, C) sha_finito((C), (D)) + #endif + ]) +m4_define([test_body], [ + void *schedule = 0; + MD4_CTX md4; + MD5_CTX md5; + SHA_CTX sha1; + + MD4_Init(&md4); + MD5_Init(&md5); + SHA1_Init(&sha1); + + des_cbc_encrypt(0, 0, 0, schedule, 0, 0); + RC4(0, 0, 0, 0);]) + + +AC_DEFUN([KRB_CRYPTO],[ +crypto_lib=unknown +AC_WITH_ALL([openssl]) + +DIR_des= + +AC_MSG_CHECKING([for crypto library]) + +openssl=no +old_hash=no + +if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then + save_CPPFLAGS="$CPPFLAGS" + save_LIBS="$LIBS" + + cdirs= clibs= + for i in $LIB_krb4; do + case "$i" in + -L*) cdirs="$cdirs $i";; + -l*) clibs="$clibs $i";; + esac + done + + ires= + for i in $INCLUDE_krb4; do + CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS" + AC_TRY_COMPILE(test_headers, test_body, + openssl=yes ires="$i"; break) + CFLAGS="$i $save_CFLAGS" + AC_TRY_COMPILE(test_headers, test_body, + openssl=no ires="$i"; break) + CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS" + AC_TRY_COMPILE(test_headers, test_body, + openssl=no ires="$i" old_hash=yes; break) + done + lres= + for i in $cdirs; do + for j in $clibs; do + LIBS="$i $j $save_LIBS" + AC_TRY_LINK(test_headers, test_body, + lres="$i $j"; break 2) + done + done + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" + if test "$ires" -a "$lres"; then + INCLUDE_des="$ires" + LIB_des="$lres" + crypto_lib=krb4 + AC_MSG_RESULT([same as krb4]) + LIB_des_a='$(LIB_des)' + LIB_des_so='$(LIB_des)' + LIB_des_appl='$(LIB_des)' + fi +fi + +if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + INCLUDE_des= + LIB_des= + if test "$with_openssl_include" != ""; then + INCLUDE_des="-I${with_openssl}/include" + fi + if test "$with_openssl_lib" != ""; then + LIB_des="-L${with_openssl}/lib" + fi + CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}" + LIB_des="${LIB_des} -lcrypto" + LIB_des_a="$LIB_des" + LIB_des_so="$LIB_des" + LIB_des_appl="$LIB_des" + LIBS="${LIBS} ${LIB_des}" + AC_TRY_LINK(test_headers, test_body, [ + crypto_lib=libcrypto openssl=yes + AC_MSG_RESULT([libcrypto]) + ]) + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + +if test "$crypto_lib" = "unknown"; then + + DIR_des='des' + LIB_des='$(top_builddir)/lib/des/libdes.la' + LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a' + LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so' + LIB_des_appl="-ldes" + + AC_MSG_RESULT([included libdes]) + +fi + +if test "$with_krb4" != no -a "$crypto_lib" != krb4; then + AC_MSG_ERROR([the crypto library used by krb4 lacks features +required by Kerberos 5; to continue, you need to install a newer +Kerberos 4 or configure --without-krb4]) +fi + +if test "$openssl" = "yes"; then + AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto]) +fi +if test "$old_hash" = yes; then + AC_DEFINE([HAVE_OLD_HASH_NAMES], 1, + [define if you have hash functions like md4_finito()]) +fi +AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl + +AC_SUBST(DIR_des) +AC_SUBST(INCLUDE_des) +AC_SUBST(LIB_des) +AC_SUBST(LIB_des_a) +AC_SUBST(LIB_des_so) +AC_SUBST(LIB_des_appl) +]) + +dnl +dnl $Id: with-all.m4,v 1.1 2001/08/29 17:01:23 assar Exp $ +dnl + +dnl AC_WITH_ALL(name) + +AC_DEFUN([AC_WITH_ALL], [ +AC_ARG_WITH($1, + AC_HELP_STRING([--with-$1=dir], + [use $1 in dir])) + +AC_ARG_WITH($1-lib, + AC_HELP_STRING([--with-$1-lib=dir], + [use $1 libraries in dir]), +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-lib]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi]) + +AC_ARG_WITH($1-include, + AC_HELP_STRING([--with-$1-include=dir], + [use $1 headers in dir]), +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-include]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi]) + +case "$with_$1" in +yes) ;; +no) ;; +"") ;; +*) if test "$with_$1_include" = ""; then + with_$1_include="$with_$1/include" + fi + if test "$with_$1_lib" = ""; then + with_$1_lib="$with_$1/lib$abilibdirext" + fi + ;; +esac +]) +dnl $Id: db.m4,v 1.9 2002/09/10 14:29:47 joda Exp $ dnl dnl tests for various db libraries dnl @@ -4747,86 +5166,18 @@ AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl -DBLIB="$LDFLAGS $DBLIB" +z="" +for i in $LDFLAGS; do + case "$i" in + -L*) z="$z $i";; + esac +done +DBLIB="$z $DBLIB" AC_SUBST(DBLIB)dnl AC_SUBST(LIB_NDBM)dnl ]) -dnl $Id: find-func-no-libs.m4,v 1.5 1999/10/30 21:08:18 assar Exp $ -dnl -dnl -dnl Look for function in any of the specified libraries -dnl - -dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args) -AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [ -AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])]) - -dnl $Id: find-func-no-libs2.m4,v 1.6 2001/09/01 10:57:32 assar Exp $ -dnl -dnl -dnl Look for function in any of the specified libraries -dnl - -dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args) -AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [ - -AC_MSG_CHECKING([for $1]) -AC_CACHE_VAL(ac_cv_funclib_$1, -[ -if eval "test \"\$ac_cv_func_$1\" != yes" ; then - ac_save_LIBS="$LIBS" - for ac_lib in $2; do - case "$ac_lib" in - "") ;; - yes) ac_lib="" ;; - no) continue ;; - -l*) ;; - *) ac_lib="-l$ac_lib" ;; - esac - LIBS="$6 $ac_lib $5 $ac_save_LIBS" - AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break) - done - eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}" - LIBS="$ac_save_LIBS" -fi -]) - -eval "ac_res=\$ac_cv_funclib_$1" - -if false; then - AC_CHECK_FUNCS($1) -dnl AC_CHECK_LIBS($2, foo) -fi -# $1 -eval "ac_tr_func=HAVE_[]upcase($1)" -eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')" -eval "LIB_$1=$ac_res" - -case "$ac_res" in - yes) - eval "ac_cv_func_$1=yes" - eval "LIB_$1=" - AC_DEFINE_UNQUOTED($ac_tr_func) - AC_MSG_RESULT([yes]) - ;; - no) - eval "ac_cv_func_$1=no" - eval "LIB_$1=" - AC_MSG_RESULT([no]) - ;; - *) - eval "ac_cv_func_$1=yes" - eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - AC_DEFINE_UNQUOTED($ac_tr_func) - AC_DEFINE_UNQUOTED($ac_tr_lib) - AC_MSG_RESULT([yes, in $ac_res]) - ;; -esac -AC_SUBST(LIB_$1) -]) - -dnl $Id: roken-frag.m4,v 1.42 2002/08/26 13:26:52 assar Exp $ +dnl $Id: roken-frag.m4,v 1.44 2002/09/04 20:57:30 joda Exp $ dnl dnl some code to get roken working dnl @@ -4897,6 +5248,7 @@ AC_CHECK_HEADERS([\ shadow.h \ sys/bswap.h \ sys/ioctl.h \ + sys/mman.h \ sys/param.h \ sys/proc.h \ sys/resource.h \ @@ -4954,6 +5306,24 @@ AC_FIND_FUNC(res_search, resolv, ], [0,0,0,0,0]) +AC_FIND_FUNC(res_nsearch, resolv, +[ +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif +], +[0,0,0,0,0]) + AC_FIND_FUNC(dn_expand, resolv, [ #include <stdio.h> @@ -5033,6 +5403,8 @@ fi AC_REQUIRE([AC_FUNC_GETLOGIN]) +AC_REQUIRE([AC_FUNC_MMAP]) + AC_FIND_FUNC_NO_LIBS(getsockopt,, [#ifdef HAVE_SYS_TYPES_H #include <sys/types.h> @@ -5540,16 +5912,6 @@ if false;then fi ]) -dnl $Id: find-func.m4,v 1.1 1997/12/14 15:58:58 joda Exp $ -dnl -dnl AC_FIND_FUNC(func, libraries, includes, arguments) -AC_DEFUN(AC_FIND_FUNC, [ -AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4]) -if test -n "$LIB_$1"; then - LIBS="$LIB_$1 $LIBS" -fi -]) - dnl $Id: krb-ipv6.m4,v 1.13 2002/04/30 16:48:13 joda Exp $ dnl dnl test for IPv6 @@ -6104,132 +6466,6 @@ if test "$ac_cv_struct_spwd" = "yes"; then fi ]) -dnl $Id: test-package.m4,v 1.11 2002/08/28 19:30:48 joda Exp $ -dnl -dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs, -dnl default locations, conditional, config-program) - -AC_DEFUN(rk_TEST_PACKAGE,[ -AC_ARG_WITH($1, - AC_HELP_STRING([--with-$1=dir],[use $1 in dir])) -AC_ARG_WITH($1-lib, - AC_HELP_STRING([--with-$1-lib=dir],[use $1 libraries in dir]), -[if test "$withval" = "yes" -o "$withval" = "no"; then - AC_MSG_ERROR([No argument for --with-$1-lib]) -elif test "X$with_$1" = "X"; then - with_$1=yes -fi]) -AC_ARG_WITH($1-include, - AC_HELP_STRING([--with-$1-include=dir],[use $1 headers in dir]), -[if test "$withval" = "yes" -o "$withval" = "no"; then - AC_MSG_ERROR([No argument for --with-$1-include]) -elif test "X$with_$1" = "X"; then - with_$1=yes -fi]) -AC_ARG_WITH($1-config, - AC_HELP_STRING([--with-$1-config=path],[config program for $1])) - -m4_ifval([$6], - m4_define([rk_pkgname], $6), - m4_define([rk_pkgname], AS_TR_CPP($1))) - -AC_MSG_CHECKING(for $1) - -case "$with_$1" in -yes|"") d='$5' ;; -no) d= ;; -*) d="$with_$1" ;; -esac - -header_dirs= -lib_dirs= -for i in $d; do - if test "$with_$1_include" = ""; then - if test -d "$i/include/$1"; then - header_dirs="$header_dirs $i/include/$1" - fi - if test -d "$i/include"; then - header_dirs="$header_dirs $i/include" - fi - fi - if test "$with_$1_lib" = ""; then - if test -d "$i/lib$abilibdirext"; then - lib_dirs="$lib_dirs $i/lib$abilibdirext" - fi - fi -done - -if test "$with_$1_include"; then - header_dirs="$with_$1_include $header_dirs" -fi -if test "$with_$1_lib"; then - lib_dirs="$with_$1_lib $lib_dirs" -fi - -if test "$with_$1_config" = ""; then - with_$1_config='$7' -fi - -$1_cflags= -$1_libs= - -case "$with_$1_config" in -yes|no|"") - ;; -*) - $1_cflags="`$with_$1_config --cflags 2>&1`" - $1_libs="`$with_$1_config --libs 2>&1`" - ;; -esac - -found=no -if test "$with_$1" != no; then - save_CFLAGS="$CFLAGS" - save_LIBS="$LIBS" - if test "$[]$1_cflags" -a "$[]$1_libs"; then - CFLAGS="$[]$1_cflags $save_CFLAGS" - LIBS="$[]$1_libs $save_LIBS" - AC_TRY_LINK([$2],,[ - INCLUDE_$1="$[]$1_cflags" - LIB_$1="$[]$1_libs" - AC_MSG_RESULT([from $with_$1_config]) - found=yes]) - fi - if test "$found" = no; then - ires= lres= - for i in $header_dirs; do - CFLAGS="-I$i $save_CFLAGS" - AC_TRY_COMPILE([$2],,ires=$i;break) - done - for i in $lib_dirs; do - LIBS="-L$i $3 $4 $save_LIBS" - AC_TRY_LINK([$2],,lres=$i;break) - done - if test "$ires" -a "$lres" -a "$with_$1" != "no"; then - INCLUDE_$1="-I$ires" - LIB_$1="-L$lres $3" - found=yes - AC_MSG_RESULT([headers $ires, libraries $lres]) - fi - fi - CFLAGS="$save_CFLAGS" - LIBS="$save_LIBS" -fi - -if test "$found" = yes; then - AC_DEFINE_UNQUOTED(rk_pkgname, 1, [Define if you have the $1 package.]) - with_$1=yes -else - with_$1=no - INCLUDE_$1= - LIB_$1= - AC_MSG_RESULT(no) -fi - -AC_SUBST(INCLUDE_$1) -AC_SUBST(LIB_$1) -]) - dnl $Id: otp.m4,v 1.2 2002/05/19 20:51:08 joda Exp $ dnl dnl check requirements for OTP library @@ -6688,247 +6924,6 @@ if test "$ac_cv_func_getpwnam_r_posix" = yes; then fi fi ]) -dnl $Id: crypto.m4,v 1.11 2002/08/28 23:09:05 assar Exp $ -dnl -dnl test for crypto libraries: -dnl - libcrypto (from openssl) -dnl - libdes (from krb4) -dnl - own-built libdes - -AC_DEFUN([KRB_CRYPTO],[ -crypto_lib=unknown -AC_WITH_ALL([openssl]) - -DIR_des= - -AC_MSG_CHECKING([for crypto library]) - -openssl=no -if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then - - save_CPPFLAGS="$CPPFLAGS" - save_LIBS="$LIBS" - INCLUDE_des= - LIB_des= - if test "$with_openssl_include" != ""; then - INCLUDE_des="-I${with_openssl}/include" - fi - if test "$with_openssl_lib" != ""; then - LIB_des="-L${with_openssl}/lib" - fi - CPPFLAGS="${INCLUDE_des} ${CPPFLAGS}" - LIB_des="${LIB_des} -lcrypto" - LIB_des_a="$LIB_des" - LIB_des_so="$LIB_des" - LIB_des_appl="$LIB_des" - LIBS="${LIBS} ${LIB_des}" - AC_TRY_LINK([ - #include <openssl/md4.h> - #include <openssl/md5.h> - #include <openssl/sha.h> - #include <openssl/des.h> - #include <openssl/rc4.h> - ], - [ - void *schedule = 0; - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, schedule, 0, 0); - RC4(0, 0, 0, 0); - ], [ - crypto_lib=libcrypto openssl=yes - AC_MSG_RESULT([libcrypto])]) - CPPFLAGS="$save_CPPFLAGS" - LIBS="$save_LIBS" -fi - -if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then - save_CPPFLAGS="$CPPFLAGS" - save_LIBS="$LIBS" - - cdirs= clibs= - for i in $LIB_krb4; do - case "$i" in - -L*) cdirs="$cdirs $i";; - -l*) clibs="$clibs $i";; - esac - done - - ires= - for i in $INCLUDE_krb4; do - CFLAGS="$i $save_CFLAGS" - AC_TRY_COMPILE([ - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <openssl/md4.h> - #include <openssl/md5.h> - #include <openssl/sha.h> - #include <openssl/des.h> - #include <openssl/rc4.h> - ], [ - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0);],openssl=yes ires="$i"; break) - AC_TRY_COMPILE([ - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <md4.h> - #include <md5.h> - #include <sha.h> - #include <des.h> - #include <rc4.h> - ], [ - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0);],ires="$i"; break) - done - lres= - for i in $cdirs; do - for j in $clibs; do - LIBS="$i $j $save_LIBS" - if test "$openssl" = yes; then - AC_TRY_LINK([ - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <openssl/md4.h> - #include <openssl/md5.h> - #include <openssl/sha.h> - #include <openssl/des.h> - #include <openssl/rc4.h> - ], [ - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0);],lres="$i $j"; break 2) - else - AC_TRY_LINK([ - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <md4.h> - #include <md5.h> - #include <sha.h> - #include <des.h> - #include <rc4.h> - ], [ - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0);],lres="$i $j"; break 2) - fi - done - done - CFLAGS="$save_CFLAGS" - LIBS="$save_LIBS" - if test "$ires" -a "$lres"; then - INCLUDE_des="$ires" - LIB_des="$lres" - crypto_lib=krb4 - AC_MSG_RESULT([same as krb4]) - LIB_des_a='$(LIB_des)' - LIB_des_so='$(LIB_des)' - LIB_des_appl='$(LIB_des)' - fi -fi - -if test "$crypto_lib" = "unknown"; then - - DIR_des='des' - LIB_des='$(top_builddir)/lib/des/libdes.la' - LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a' - LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so' - LIB_des_appl="-ldes" - - AC_MSG_RESULT([included libdes]) - -fi - -if test "$openssl" = "yes"; then - AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto]) -fi -AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl - -AC_SUBST(DIR_des) -AC_SUBST(INCLUDE_des) -AC_SUBST(LIB_des) -AC_SUBST(LIB_des_a) -AC_SUBST(LIB_des_so) -AC_SUBST(LIB_des_appl) -]) - -dnl -dnl $Id: with-all.m4,v 1.1 2001/08/29 17:01:23 assar Exp $ -dnl - -dnl AC_WITH_ALL(name) - -AC_DEFUN([AC_WITH_ALL], [ -AC_ARG_WITH($1, - AC_HELP_STRING([--with-$1=dir], - [use $1 in dir])) - -AC_ARG_WITH($1-lib, - AC_HELP_STRING([--with-$1-lib=dir], - [use $1 libraries in dir]), -[if test "$withval" = "yes" -o "$withval" = "no"; then - AC_MSG_ERROR([No argument for --with-$1-lib]) -elif test "X$with_$1" = "X"; then - with_$1=yes -fi]) - -AC_ARG_WITH($1-include, - AC_HELP_STRING([--with-$1-include=dir], - [use $1 headers in dir]), -[if test "$withval" = "yes" -o "$withval" = "no"; then - AC_MSG_ERROR([No argument for --with-$1-include]) -elif test "X$with_$1" = "X"; then - with_$1=yes -fi]) - -case "$with_$1" in -yes) ;; -no) ;; -"") ;; -*) if test "$with_$1_include" = ""; then - with_$1_include="$with_$1/include" - fi - if test "$with_$1_lib" = ""; then - with_$1_lib="$with_$1/lib$abilibdirext" - fi - ;; -esac -]) dnl $Id: krb-readline.m4,v 1.5 2002/08/29 02:22:32 assar Exp $ dnl dnl Tests for readline functions @@ -7126,19 +7121,25 @@ AC_SUBST(LIB_com_err_so) ]) -dnl $Id: auth-modules.m4,v 1.3 2002/08/28 15:04:57 nectar Exp $ +dnl $Id: auth-modules.m4,v 1.5 2002/09/09 13:31:45 joda Exp $ dnl dnl Figure what authentication modules should be built +dnl +dnl rk_AUTH_MODULES(module-list) -AC_DEFUN(AC_AUTH_MODULES,[ -AC_MSG_CHECKING(which authentication modules should be built) +AC_DEFUN(rk_AUTH_MODULES,[ +AC_MSG_CHECKING([which authentication modules should be built]) +z='m4_ifval([$1], $1, [sia pam afskauthlib])' LIB_AUTH_SUBDIRS= - +for i in $z; do +case $i in +sia) if test "$ac_cv_header_siad_h" = yes; then LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" fi - +;; +pam) case "${host}" in *-*-freebsd*) ac_cv_want_pam_krb4=no ;; *) ac_cv_want_pam_krb4=yes ;; @@ -7149,12 +7150,19 @@ if test "$ac_cv_want_pam_krb4" = yes -a \ "$enable_shared" = yes; then LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" fi - +;; +afskauthlib) case "${host}" in *-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; esac - -AC_MSG_RESULT($LIB_AUTH_SUBDIRS) +;; +esac +done +if test "$LIB_AUTH_SUBDIRS"; then + AC_MSG_RESULT($LIB_AUTH_SUBDIRS) +else + AC_MSG_RESULT(none) +fi AC_SUBST(LIB_AUTH_SUBDIRS)dnl ]) diff --git a/crypto/heimdal/admin/add.c b/crypto/heimdal/admin/add.c index 8f8c4e3..a600380 100644 --- a/crypto/heimdal/admin/add.c +++ b/crypto/heimdal/admin/add.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "ktutil_locl.h" -RCSID("$Id: add.c,v 1.3 2001/07/23 09:46:40 joda Exp $"); +RCSID("$Id: add.c,v 1.5 2002/09/10 19:26:52 joda Exp $"); int kt_add(int argc, char **argv) diff --git a/crypto/heimdal/appl/ftp/ChangeLog b/crypto/heimdal/appl/ftp/ChangeLog index 3d4e6ed..92e0041 100644 --- a/crypto/heimdal/appl/ftp/ChangeLog +++ b/crypto/heimdal/appl/ftp/ChangeLog @@ -1,3 +1,11 @@ +2002-09-05 Johan Danielsson <joda@pdc.kth.se> + + * ftp/security.c (sec_vfprintf): free encoded data + + * ftp/gssapi.c (gss_decode): release buffer + + * ftp/ftp.c (active_mode): no need to allocate buffer for EPRT + 2002-08-28 Johan Danielsson <joda@pdc.kth.se> * ftp/ftp.c (command): clean up va_{start,end}ing (from NetBSD) diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.c b/crypto/heimdal/appl/ftp/ftp/ftp.c index 1ae92d7..fcf0bc4 100644 --- a/crypto/heimdal/appl/ftp/ftp/ftp.c +++ b/crypto/heimdal/appl/ftp/ftp/ftp.c @@ -32,7 +32,7 @@ */ #include "ftp_locl.h" -RCSID ("$Id: ftp.c,v 1.73 2002/08/28 16:10:39 joda Exp $"); +RCSID ("$Id: ftp.c,v 1.74 2002/09/04 22:00:12 joda Exp $"); struct sockaddr_storage hisctladdr_ss; struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss; @@ -1284,7 +1284,6 @@ noport: if (listen (data, 1) < 0) warn ("listen"); if (sendport) { - char *cmd; char addr_str[256]; int inet_af; int overbose; @@ -1305,15 +1304,14 @@ noport: errx (1, "bad address family %d", data_addr->sa_family); } - asprintf (&cmd, "EPRT |%d|%s|%d|", - inet_af, addr_str, ntohs(socket_get_port (data_addr))); overbose = verbose; if (debug == 0) verbose = -1; - result = command (cmd); - + result = command ("EPRT |%d|%s|%d|", + inet_af, addr_str, + ntohs(socket_get_port (data_addr))); verbose = overbose; if (result == ERROR) { diff --git a/crypto/heimdal/appl/ftp/ftp/gssapi.c b/crypto/heimdal/appl/ftp/ftp/gssapi.c index 3f07f16..af04c1a 100644 --- a/crypto/heimdal/appl/ftp/ftp/gssapi.c +++ b/crypto/heimdal/appl/ftp/ftp/gssapi.c @@ -39,7 +39,7 @@ #include <gssapi.h> #include <krb5_err.h> -RCSID("$Id: gssapi.c,v 1.19 2002/08/20 12:47:45 joda Exp $"); +RCSID("$Id: gssapi.c,v 1.20 2002/09/04 22:00:50 joda Exp $"); struct gss_data { gss_ctx_id_t context_hdl; @@ -81,6 +81,7 @@ gss_decode(void *app_data, void *buf, int len, int level) gss_qop_t qop_state; int conf_state; struct gss_data *d = app_data; + size_t ret_len; input.length = len; input.value = buf; @@ -93,7 +94,9 @@ gss_decode(void *app_data, void *buf, int len, int level) if(GSS_ERROR(maj_stat)) return -1; memmove(buf, output.value, output.length); - return output.length; + ret_len = output.length; + gss_release_buffer(&min_stat, &output); + return ret_len; } static int diff --git a/crypto/heimdal/appl/ftp/ftp/security.c b/crypto/heimdal/appl/ftp/ftp/security.c index a8fff1d..db67775 100644 --- a/crypto/heimdal/appl/ftp/ftp/security.c +++ b/crypto/heimdal/appl/ftp/ftp/security.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1998-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -37,7 +37,7 @@ #include "ftp_locl.h" #endif -RCSID("$Id: security.c,v 1.18 2001/02/07 10:49:43 assar Exp $"); +RCSID("$Id: security.c,v 1.19 2002/09/04 22:01:28 joda Exp $"); static enum protection_level command_prot; static enum protection_level data_prot; @@ -387,9 +387,11 @@ sec_vfprintf(FILE *f, const char *fmt, va_list ap) return -1; } if(base64_encode(enc, len, &buf) < 0){ + free(enc); printf("Out of memory base64-encoding.\n"); return -1; } + free(enc); #ifdef FTP_SERVER if(command_prot == prot_safe) fprintf(f, "631 %s\r\n", buf); diff --git a/crypto/heimdal/appl/kf/kf.c b/crypto/heimdal/appl/kf/kf.c index 3288dae..190101b 100644 --- a/crypto/heimdal/appl/kf/kf.c +++ b/crypto/heimdal/appl/kf/kf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,13 +32,13 @@ */ #include "kf_locl.h" -RCSID("$Id: kf.c,v 1.15 2001/02/20 01:44:44 assar Exp $"); +RCSID("$Id: kf.c,v 1.17 2002/09/05 15:00:03 joda Exp $"); krb5_context context; static int help_flag; static int version_flag; static char *port_str; -const char *service = SERVICE; +const char *service = KF_SERVICE; const char *remote_name = NULL; int forwardable = 0; const char *ccache_name = NULL; @@ -107,7 +107,7 @@ client_setup(krb5_context *context, int *argc, char **argv) } if (port == 0) - port = krb5_getportbyname (*context, PORT, "tcp", PORT_NUM); + port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM); if(*argc - optind < 1) usage(1, args, num_args); @@ -122,22 +122,19 @@ client_setup(krb5_context *context, int *argc, char **argv) */ static int -proto (int sock, const char *hostname, const char *service) +proto (int sock, const char *hostname, const char *service, + char *message, size_t len) { krb5_auth_context auth_context; krb5_error_code status; krb5_principal server; krb5_data data; - krb5_data packet; krb5_data data_send; - u_int32_t len, net_len; krb5_ccache ccache; krb5_creds creds; krb5_kdc_flags flags; krb5_principal principal; - char ret_string[10]; - ssize_t n; status = krb5_auth_con_init (context, &auth_context); if (status) { @@ -166,10 +163,10 @@ proto (int sock, const char *hostname, const char *service) status = krb5_sendauth (context, &auth_context, &sock, - VERSION, + KF_VERSION_1, NULL, server, - AP_OPTS_MUTUAL_REQUIRED, + AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY, NULL, NULL, NULL, @@ -181,27 +178,19 @@ proto (int sock, const char *hostname, const char *service) return 1; } - if (remote_name == NULL) { - remote_name = get_default_username (); - if (remote_name == NULL) - errx (1, "who are you?"); - } + if (ccache_name == NULL) + ccache_name = ""; - krb5_data_zero(&data_send); data_send.data = (void *)remote_name; data_send.length = strlen(remote_name) + 1; - status = krb5_write_message(context, &sock, &data_send); + status = krb5_write_priv_message(context, auth_context, &sock, &data_send); if (status) { krb5_warn (context, status, "krb5_write_message"); return 1; } - - if (ccache_name == NULL) - ccache_name = ""; - data_send.data = (void *)ccache_name; data_send.length = strlen(ccache_name)+1; - status = krb5_write_message(context, &sock, &data_send); + status = krb5_write_priv_message(context, auth_context, &sock, &data_send); if (status) { krb5_warn (context, status, "krb5_write_message"); return 1; @@ -223,16 +212,15 @@ proto (int sock, const char *hostname, const char *service) creds.client = principal; - status = krb5_build_principal (context, - &creds.server, - strlen(principal->realm), - principal->realm, - KRB5_TGS_NAME, - principal->realm, - NULL); + status = krb5_make_principal (context, + &creds.server, + principal->realm, + KRB5_TGS_NAME, + principal->realm, + NULL); if (status) { - krb5_warn (context, status, "krb5_build_principal"); + krb5_warn (context, status, "krb5_make_principal"); return 1; } @@ -254,60 +242,36 @@ proto (int sock, const char *hostname, const char *service) return 1; } - status = krb5_mk_priv (context, - auth_context, - &data, - &packet, - NULL); + status = krb5_write_priv_message(context, auth_context, &sock, &data); + if (status) { krb5_warn (context, status, "krb5_mk_priv"); return 1; } - len = packet.length; - net_len = htonl(len); - - if (krb5_net_write (context, &sock, &net_len, 4) != 4) { - krb5_warn (context, errno, "krb5_net_write"); - return 1; - } - if (krb5_net_write (context, &sock, packet.data, len) != len) { - krb5_warn (context, errno, "krb5_net_write"); - return 1; - } - krb5_data_free (&data); - n = krb5_net_read (context, &sock, &net_len, 4); - if (n == 0) { - krb5_warnx (context, "EOF in krb5_net_read"); - return 1; - } - if (n < 0) { - krb5_warn (context, errno, "krb5_net_read"); - return 1; - } - len = ntohl(net_len); - if (len >= sizeof(ret_string)) { - krb5_warnx (context, "too long string back from %s", hostname); - return 1; - } - n = krb5_net_read (context, &sock, ret_string, len); - if (n == 0) { - krb5_warnx (context, "EOF in krb5_net_read"); + status = krb5_read_priv_message(context, auth_context, &sock, &data); + if (status) { + krb5_warn (context, status, "krb5_mk_priv"); return 1; } - if (n < 0) { - krb5_warn (context, errno, "krb5_net_read"); - return 1; + if(data.length >= len) { + krb5_warnx (context, "returned string is too long, truncating"); + memcpy(message, data.data, len); + message[len - 1] = '\0'; + } else { + memcpy(message, data.data, data.length); + message[data.length] = '\0'; } - ret_string[sizeof(ret_string) - 1] = '\0'; + krb5_data_free (&data); - return(strcmp(ret_string,"ok")); + return(strcmp(message, "ok")); } static int -doit (const char *hostname, int port, const char *service) +doit (const char *hostname, int port, const char *service, + char *message, size_t len) { struct addrinfo *ai, *a; struct addrinfo hints; @@ -337,7 +301,7 @@ doit (const char *hostname, int port, const char *service) continue; } freeaddrinfo (ai); - return proto (s, hostname, service); + return proto (s, hostname, service, message, len); } warnx ("failed to contact %s", hostname); freeaddrinfo (ai); @@ -353,9 +317,19 @@ main(int argc, char **argv) argcc = argc; port = client_setup(&context, &argcc, argv); + if (remote_name == NULL) { + remote_name = get_default_username (); + if (remote_name == NULL) + errx (1, "who are you?"); + } + for (i = argcc;i < argc; i++) { - ret = doit (argv[i], port, service); - warnx ("%s %s", argv[i], ret ? "failed" : "ok"); + char message[128]; + ret = doit (argv[i], port, service, message, sizeof(message)); + if(ret == 0) + warnx ("%s: ok", argv[i]); + else + warnx ("%s: failed: %s", argv[i], message); } return(ret); } diff --git a/crypto/heimdal/appl/kf/kf_locl.h b/crypto/heimdal/appl/kf/kf_locl.h index 29f5941..0a6a28f 100644 --- a/crypto/heimdal/appl/kf/kf_locl.h +++ b/crypto/heimdal/appl/kf/kf_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kf_locl.h,v 1.2 1999/12/02 17:04:55 joda Exp $ */ +/* $Id: kf_locl.h,v 1.3 2002/09/04 20:29:04 joda Exp $ */ #ifdef HAVE_CONFIG_H #include <config.h> @@ -74,7 +74,8 @@ #include <err.h> #include <krb5.h> -#define SERVICE "host" +#define KF_SERVICE "host" -#define PORT "kf" -#define PORT_NUM 2110 +#define KF_PORT_NAME "kf" +#define KF_PORT_NUM 2110 +#define KF_VERSION_1 "KFWDV0.1" diff --git a/crypto/heimdal/appl/kf/kfd.c b/crypto/heimdal/appl/kf/kfd.c index 6dc2666..7f6ea28 100644 --- a/crypto/heimdal/appl/kf/kfd.c +++ b/crypto/heimdal/appl/kf/kfd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "kf_locl.h" -RCSID("$Id: kfd.c,v 1.9 2001/02/20 01:44:44 assar Exp $"); +RCSID("$Id: kfd.c,v 1.10 2002/09/04 20:31:48 joda Exp $"); krb5_context context; char krb5_tkfile[MAXPATHLEN]; @@ -40,7 +40,7 @@ char krb5_tkfile[MAXPATHLEN]; static int help_flag; static int version_flag; static char *port_str; -char *service = SERVICE; +char *service = KF_SERVICE; int do_inetd = 0; static char *regpag_str=NULL; @@ -92,7 +92,7 @@ server_setup(krb5_context *context, int argc, char **argv) } if (port == 0) - port = krb5_getportbyname (*context, PORT, "tcp", PORT_NUM); + port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM); if(argv[local_argc] != NULL) usage(1, args, num_args); @@ -100,26 +100,23 @@ server_setup(krb5_context *context, int argc, char **argv) return port; } -static void -syslog_and_die (const char *m, ...) -{ - va_list args; +static int protocol_version; - va_start(args, m); - vsyslog (LOG_ERR, m, args); - va_end(args); - exit (1); -} - -static void -syslog_and_cont (const char *m, ...) +static krb5_boolean +kfd_match_version(const void *arg, const char *version) { - va_list args; - - va_start(args, m); - vsyslog (LOG_ERR, m, args); - va_end(args); - return; + if(strcmp(version, KF_VERSION_1) == 0) { + protocol_version = 1; + return TRUE; + } else if (strlen(version) == 4 && + version[0] == '0' && + version[1] == '.' && + (version[2] == '4' || version[2] == '3') && + islower(version[3])) { + protocol_version = 0; + return TRUE; + } + return FALSE; } static int @@ -132,31 +129,25 @@ proto (int sock, const char *service) char *name; char ret_string[10]; char hostname[MAXHOSTNAMELEN]; - krb5_data packet; krb5_data data; krb5_data remotename; krb5_data tk_file; - - u_int32_t len, net_len; krb5_ccache ccache; char ccname[MAXPATHLEN]; struct passwd *pwd; - ssize_t n; status = krb5_auth_con_init (context, &auth_context); if (status) - syslog_and_die("krb5_auth_con_init: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_auth_con_init"); status = krb5_auth_con_setaddrs_from_fd (context, auth_context, &sock); if (status) - syslog_and_die("krb5_auth_con_setaddr: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_auth_con_setaddr"); if(gethostname (hostname, sizeof(hostname)) < 0) - syslog_and_die("gethostname: %s",strerror(errno)); + krb5_err(context, 1, errno, "gethostname"); status = krb5_sname_to_principal (context, hostname, @@ -164,88 +155,80 @@ proto (int sock, const char *service) KRB5_NT_SRV_HST, &server); if (status) - syslog_and_die("krb5_sname_to_principal: %s", - krb5_get_err_text(context, status)); - - status = krb5_recvauth (context, - &auth_context, - &sock, - VERSION, - server, - 0, - NULL, - &ticket); + krb5_err(context, 1, status, "krb5_sname_to_principal"); + + status = krb5_recvauth_match_version (context, + &auth_context, + &sock, + kfd_match_version, + NULL, + server, + 0, + NULL, + &ticket); if (status) - syslog_and_die("krb5_recvauth: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_recvauth"); status = krb5_unparse_name (context, ticket->client, &name); if (status) - syslog_and_die("krb5_unparse_name: %s", - krb5_get_err_text(context, status)); - - status=krb5_read_message (context, &sock, &remotename); - if (status) { - syslog_and_die("krb5_read_message: %s", - krb5_get_err_text(context, status)); - } - status=krb5_read_message (context, &sock, &tk_file); - if (status) { - syslog_and_die("krb5_read_message: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_unparse_name"); + + if(protocol_version == 0) { + data.data = "old clnt"; /* XXX old clients only had room for + 10 bytes of message, and also + didn't show it to the user */ + data.length = strlen(data.data) + 1; + krb5_write_message(context, &sock, &data); + sleep(2); /* XXX give client time to finish */ + krb5_errx(context, 1, "old client; exiting"); } + status=krb5_read_priv_message (context, auth_context, + &sock, &remotename); + if (status) + krb5_err(context, 1, status, "krb5_read_message"); + status=krb5_read_priv_message (context, auth_context, + &sock, &tk_file); + if (status) + krb5_err(context, 1, status, "krb5_read_message"); + krb5_data_zero (&data); - krb5_data_zero (&packet); - - n = krb5_net_read (context, &sock, &net_len, 4); - if (n < 0) - syslog_and_die("krb5_net_read: %s", strerror(errno)); - if (n == 0) - syslog_and_die("EOF in krb5_net_read"); - - len = ntohl(net_len); - krb5_data_alloc (&packet, len); - n = krb5_net_read (context, &sock, packet.data, len); - if (n < 0) - syslog_and_die("krb5_net_read: %s", strerror(errno)); - if (n == 0) - syslog_and_die("EOF in krb5_net_read"); - - status = krb5_rd_priv (context, - auth_context, - &packet, - &data, - NULL); + + if(((char*)remotename.data)[remotename.length-1] != '\0') + krb5_errx(context, 1, "unterminated received"); + if(((char*)tk_file.data)[tk_file.length-1] != '\0') + krb5_errx(context, 1, "unterminated received"); + + status = krb5_read_priv_message(context, auth_context, &sock, &data); + if (status) { - syslog_and_cont("krb5_rd_priv: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, errno, "krb5_read_priv_message"); goto out; } pwd = getpwnam ((char *)(remotename.data)); if (pwd == NULL) { status=1; - syslog_and_cont("getpwnam: %s failed",(char *)(remotename.data)); + krb5_warnx(context, "getpwnam: %s failed",(char *)(remotename.data)); goto out; } if(!krb5_kuserok (context, - ticket->client, - (char *)(remotename.data))) { + ticket->client, + (char *)(remotename.data))) { status=1; - syslog_and_cont("krb5_kuserok: permission denied"); + krb5_warnx(context, "krb5_kuserok: permission denied"); goto out; } if (setgid(pwd->pw_gid) < 0) { - syslog_and_cont ("setgid: %s", strerror(errno)); + krb5_warn(context, errno, "setgid"); goto out; } if (setuid(pwd->pw_uid) < 0) { - syslog_and_cont ("setuid: %s", strerror(errno)); + krb5_warn(context, errno, "setuid"); goto out; } @@ -256,49 +239,41 @@ proto (int sock, const char *service) status = krb5_cc_resolve (context, ccname, &ccache); if (status) { - syslog_and_cont("krb5_cc_resolve: %s", - krb5_get_err_text(context, status)); + krb5_warn(context, status, "krb5_cc_resolve"); goto out; } status = krb5_cc_initialize (context, ccache, ticket->client); if (status) { - syslog_and_cont("krb5_cc_initialize: %s", - krb5_get_err_text(context, status)); + krb5_warn(context, status, "krb5_cc_initialize"); goto out; } status = krb5_rd_cred2 (context, auth_context, ccache, &data); krb5_cc_close (context, ccache); if (status) { - syslog_and_cont("krb5_rd_cred: %s", - krb5_get_err_text(context, status)); + krb5_warn(context, status, "krb5_rd_cred"); goto out; } strlcpy(krb5_tkfile,ccname,sizeof(krb5_tkfile)); - syslog_and_cont("%s forwarded ticket to %s,%s", - name, - (char *)(remotename.data),ccname); -out: + krb5_warnx(context, "%s forwarded ticket to %s,%s", + name, + (char *)(remotename.data),ccname); + out: if (status) { strcpy(ret_string, "no"); - syslog_and_cont("failed"); + krb5_warnx(context, "failed"); } else { strcpy(ret_string, "ok"); } krb5_data_free (&tk_file); krb5_data_free (&remotename); - krb5_data_free (&packet); krb5_data_free (&data); free(name); - len = strlen(ret_string) + 1; - net_len = htonl(len); - if (krb5_net_write (context, &sock, &net_len, 4) != 4) - return 1; - if (krb5_net_write (context, &sock, ret_string, len) != len) - return 1; - return status; + data.data = ret_string; + data.length = strlen(ret_string) + 1; + return krb5_write_priv_message(context, auth_context, &sock, &data); } static int @@ -314,10 +289,16 @@ main(int argc, char **argv) { int port; int ret; + krb5_log_facility *fac; setprogname (argv[0]); roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH); port = server_setup(&context, argc, argv); + ret = krb5_openlog(context, "kfd", &fac); + if(ret) krb5_err(context, 1, ret, "krb5_openlog"); + ret = krb5_set_warn_dest(context, fac); + if(ret) krb5_err(context, 1, ret, "krb5_set_warn_dest"); + ret = doit (port, service); closelog(); if (ret == 0 && regpag_str != NULL) diff --git a/crypto/heimdal/appl/rsh/ChangeLog b/crypto/heimdal/appl/rsh/ChangeLog index 983bccf..ddac74f 100644 --- a/crypto/heimdal/appl/rsh/ChangeLog +++ b/crypto/heimdal/appl/rsh/ChangeLog @@ -1,3 +1,27 @@ +2002-09-04 Johan Danielsson <joda@pdc.kth.se> + + * rsh.c: free some memory + +2002-09-04 Assar Westerlund <assar@kth.se> + + * common.c: krb5_crypto_block_size -> krb5_crypto_getblocksize + +2002-09-04 Johan Danielsson <joda@pdc.kth.se> + + * rsh.1: document -P + +2002-09-03 Johan Danielsson <joda@pdc.kth.se> + + * rsh.c: revert to protocol v1 if not asked for specific protocol + + * rshd.c: handle protocol version 2 + + * rsh.c: handle protocol version 2 + + * common.c: handle protocol version 2 + + * rsh_locl.h: handle protocol version 2 + 2002-02-18 Johan Danielsson <joda@pdc.kth.se> * rshd.c: don't show options that doesn't apply diff --git a/crypto/heimdal/appl/rsh/common.c b/crypto/heimdal/appl/rsh/common.c index 686e681..69b0c9b 100644 --- a/crypto/heimdal/appl/rsh/common.c +++ b/crypto/heimdal/appl/rsh/common.c @@ -32,14 +32,40 @@ */ #include "rsh_locl.h" -RCSID("$Id: common.c,v 1.14 2002/02/18 20:01:05 joda Exp $"); +RCSID("$Id: common.c,v 1.16 2002/09/04 15:50:36 assar Exp $"); #if defined(KRB4) || defined(KRB5) +#ifdef KRB5 +int key_usage = 1026; + +void *ivec_in[2]; +void *ivec_out[2]; + +void +init_ivecs(int client) +{ + size_t blocksize; + + krb5_crypto_getblocksize(context, crypto, &blocksize); + + ivec_in[0] = malloc(blocksize); + memset(ivec_in[0], client, blocksize); + + ivec_in[1] = malloc(blocksize); + memset(ivec_in[1], 2 | client, blocksize); + + ivec_out[0] = malloc(blocksize); + memset(ivec_out[0], !client, blocksize); + + ivec_out[1] = malloc(blocksize); + memset(ivec_out[1], 2 | !client, blocksize); +} +#endif + + ssize_t -do_read (int fd, - void *buf, - size_t sz) +do_read (int fd, void *buf, size_t sz, void *ivec) { if (do_encrypt) { #ifdef KRB4 @@ -61,7 +87,11 @@ do_read (int fd, len = ntohl(len); if (len > sz) abort (); - outer_len = krb5_get_wrapped_length (context, crypto, len); + /* ivec will be non null for protocol version 2 */ + if(ivec != NULL) + outer_len = krb5_get_wrapped_length (context, crypto, len + 4); + else + outer_len = krb5_get_wrapped_length (context, crypto, len); edata = malloc (outer_len); if (edata == NULL) errx (1, "malloc: cannot allocate %u bytes", outer_len); @@ -69,13 +99,22 @@ do_read (int fd, if (ret <= 0) return ret; - status = krb5_decrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED, - edata, outer_len, &data); + status = krb5_decrypt_ivec(context, crypto, key_usage, + edata, outer_len, &data, ivec); free (edata); if (status) - errx (1, "%s", krb5_get_err_text (context, status)); - memcpy (buf, data.data, len); + krb5_err (context, 1, status, "decrypting data"); + if(ivec != NULL) { + unsigned long l; + if(data.length < len + 4) + errx (1, "data received is too short"); + _krb5_get_int(data.data, &l, 4); + if(l != len) + errx (1, "inconsistency in received data"); + memcpy (buf, (unsigned char *)data.data+4, len); + } else + memcpy (buf, data.data, len); krb5_data_free (&data); return len; } else @@ -86,7 +125,7 @@ do_read (int fd, } ssize_t -do_write (int fd, void *buf, size_t sz) +do_write (int fd, void *buf, size_t sz, void *ivec) { if (do_encrypt) { #ifdef KRB4 @@ -98,20 +137,27 @@ do_write (int fd, void *buf, size_t sz) if(auth_method == AUTH_KRB5) { krb5_error_code status; krb5_data data; - u_int32_t len; + unsigned char len[4]; int ret; - status = krb5_encrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED, - buf, sz, &data); - - if (status) - errx (1, "%s", krb5_get_err_text(context, status)); + _krb5_put_int(len, sz, 4); + if(ivec != NULL) { + unsigned char *tmp = malloc(sz + 4); + if(tmp == NULL) + err(1, "malloc"); + _krb5_put_int(tmp, sz, 4); + memcpy(tmp + 4, buf, sz); + status = krb5_encrypt_ivec(context, crypto, key_usage, + tmp, sz + 4, &data, ivec); + free(tmp); + } else + status = krb5_encrypt_ivec(context, crypto, key_usage, + buf, sz, &data, ivec); - assert (krb5_get_wrapped_length (context, crypto, - sz) == data.length); + if (status) + krb5_err(context, 1, status, "encrypting data"); - len = htonl(sz); - ret = krb5_net_write (context, &fd, &len, 4); + ret = krb5_net_write (context, &fd, len, 4); if (ret != 4) return ret; ret = krb5_net_write (context, &fd, data.data, data.length); diff --git a/crypto/heimdal/appl/rsh/rsh.1 b/crypto/heimdal/appl/rsh/rsh.1 index 284ad6d..46652d8 100644 --- a/crypto/heimdal/appl/rsh/rsh.1 +++ b/crypto/heimdal/appl/rsh/rsh.1 @@ -1,6 +1,6 @@ -.\" $Id: rsh.1,v 1.3 2002/08/20 17:07:08 joda Exp $ +.\" $Id: rsh.1,v 1.4 2002/09/04 13:01:52 joda Exp $ .\" -.Dd July 31, 2001 +.Dd September 4, 2002 .Dt RSH 1 .Os HEIMDAL .Sh NAME @@ -13,6 +13,7 @@ remote shell .Op Fl U Pa string .Op Fl p Ar port .Op Fl l Ar username +.Op Fl P Ar N|O .Ar host [command] .Sh DESCRIPTION .Nm @@ -145,6 +146,22 @@ By default the remote username is the same as the local. The option or the .Pa username@host format allow the remote name to be specified. +.It Xo +.Fl P Ar N|O|1|2 , +.Fl -protocol= Ns Ar N|O|1|2 +.Xc +Specifies which protocol version to use with Kerberos 5. +.Ar N +and +.Ar 2 +selects protocol version 2, while +.Ar O +and +.Ar 1 +selects version 1. Version 2 is beleived to be more secure, and is the +default. Unless asked for a specific version, +.Nm +will try both. This behaviour may change in the future. .El .\".Pp .\"Without a @@ -155,7 +172,7 @@ format allow the remote name to be specified. .\"with the same arguments. .Sh EXAMPLES Care should be taken when issuing commands containing shell meta -characters. Without quoting these will be expanded on the local +characters. Without quoting, these will be expanded on the local machine. .Pp The following command: diff --git a/crypto/heimdal/appl/rsh/rsh.c b/crypto/heimdal/appl/rsh/rsh.c index 1f68e2f..6ae9646 100644 --- a/crypto/heimdal/appl/rsh/rsh.c +++ b/crypto/heimdal/appl/rsh/rsh.c @@ -32,7 +32,7 @@ */ #include "rsh_locl.h" -RCSID("$Id: rsh.c,v 1.65 2002/02/18 20:02:06 joda Exp $"); +RCSID("$Id: rsh.c,v 1.68 2002/09/04 21:40:04 joda Exp $"); enum auth_method auth_method; #if defined(KRB4) || defined(KRB5) @@ -67,6 +67,8 @@ static const char *user; static int do_version; static int do_help; static int do_errsock = 1; +static char *protocol_version_str; +static int protocol_version = 2; /* * @@ -80,6 +82,11 @@ loop (int s, int errsock) fd_set real_readset; int count = 1; +#ifdef KRB5 + if(auth_method == AUTH_KRB5 && protocol_version == 2) + init_ivecs(1); +#endif + if (s >= FD_SETSIZE || errsock >= FD_SETSIZE) errx (1, "fd too large"); @@ -106,7 +113,7 @@ loop (int s, int errsock) err (1, "select"); } if (FD_ISSET(s, &readset)) { - ret = do_read (s, buf, sizeof(buf)); + ret = do_read (s, buf, sizeof(buf), ivec_in[0]); if (ret < 0) err (1, "read"); else if (ret == 0) { @@ -118,7 +125,7 @@ loop (int s, int errsock) net_write (STDOUT_FILENO, buf, ret); } if (errsock != -1 && FD_ISSET(errsock, &readset)) { - ret = do_read (errsock, buf, sizeof(buf)); + ret = do_read (errsock, buf, sizeof(buf), ivec_in[1]); if (ret < 0) err (1, "read"); else if (ret == 0) { @@ -138,7 +145,7 @@ loop (int s, int errsock) FD_CLR(STDIN_FILENO, &real_readset); shutdown (s, SHUT_WR); } else - do_write (s, buf, ret); + do_write (s, buf, ret, ivec_out[0]); } } } @@ -166,7 +173,7 @@ send_krb4_auth(int s, getpid(), &msg, &cred, schedule, (struct sockaddr_in *)thisaddr, (struct sockaddr_in *)thataddr, - KCMD_VERSION); + KCMD_OLD_VERSION); if (status != KSUCCESS) { warnx("%s: %s", hostname, krb_get_err_text(status)); return 1; @@ -267,6 +274,8 @@ krb5_forward_cred (krb5_auth_context auth_context, return 0; } +static int sendauth_version_error; + static int send_krb5_auth(int s, struct sockaddr *thisaddr, @@ -282,6 +291,8 @@ send_krb5_auth(int s, int status; size_t len; krb5_auth_context auth_context = NULL; + const char *protocol_string = NULL; + krb5_flags ap_opts; status = krb5_sname_to_principal(context, hostname, @@ -300,25 +311,53 @@ send_krb5_auth(int s, cmd, remote_user); + ap_opts = 0; + + if(do_encrypt) + ap_opts |= AP_OPTS_MUTUAL_REQUIRED; + + switch(protocol_version) { + case 2: + ap_opts |= AP_OPTS_USE_SUBKEY; + protocol_string = KCMD_NEW_VERSION; + break; + case 1: + protocol_string = KCMD_OLD_VERSION; + key_usage = KRB5_KU_OTHER_ENCRYPTED; + break; + default: + abort(); + } + status = krb5_sendauth (context, &auth_context, &s, - KCMD_VERSION, + protocol_string, NULL, server, - do_encrypt ? AP_OPTS_MUTUAL_REQUIRED : 0, + ap_opts, &cksum_data, NULL, NULL, NULL, NULL, NULL); + + krb5_free_principal(context, server); + krb5_data_free(&cksum_data); + if (status) { - warnx("%s: %s", hostname, krb5_get_err_text(context, status)); + if(status == KRB5_SENDAUTH_REJECTED && + protocol_version == 2 && protocol_version_str == NULL) + sendauth_version_error = 1; + else + krb5_warn(context, status, "%s", hostname); return 1; } - status = krb5_auth_con_getkey (context, auth_context, &keyblock); + status = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock); + if(keyblock == NULL) + status = krb5_auth_con_getkey (context, auth_context, &keyblock); if (status) { warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status)); return 1; @@ -552,7 +591,7 @@ proto (int s, int errsock, (void *)&one, sizeof(one)) < 0) warn("setsockopt stderr"); } - + return loop (s, errsock2); } @@ -777,6 +816,8 @@ struct getargs args[] = { "port" }, { "user", 'l', arg_string, &user, "Run as this user", "login" }, { "stderr", 'e', arg_negative_flag, &do_errsock, "Don't open stderr"}, + { "protocol", 'P', arg_string, &protocol_version_str, + "Protocol version", "protocol" }, { "version", 0, arg_flag, &do_version, NULL }, { "help", 0, arg_flag, &do_help, NULL } }; @@ -840,7 +881,24 @@ main(int argc, char **argv) print_version (NULL); return 0; } - + + if(protocol_version_str != NULL) { + if(strcasecmp(protocol_version_str, "N") == 0) + protocol_version = 2; + else if(strcasecmp(protocol_version_str, "O") == 0) + protocol_version = 1; + else { + char *end; + int v; + v = strtol(protocol_version_str, &end, 0); + if(*end != '\0' || (v != 1 && v != 2)) { + errx(1, "unknown protocol version \"%s\"", + protocol_version_str); + } + protocol_version = v; + } + } + #ifdef KRB5 status = krb5_init_context (&context); if (status) { @@ -978,9 +1036,15 @@ main(int argc, char **argv) errx (1, "getaddrinfo: %s", gai_strerror(error)); auth_method = AUTH_KRB5; + again: ret = doit (host, ai, user, local_user, cmd, cmd_len, do_errsock, send_krb5_auth); + if(ret != 0 && sendauth_version_error && + protocol_version == 2) { + protocol_version = 1; + goto again; + } freeaddrinfo(ai); } #endif @@ -1035,5 +1099,6 @@ main(int argc, char **argv) cmd, cmd_len); freeaddrinfo(ai); } + free(cmd); return ret; } diff --git a/crypto/heimdal/appl/rsh/rsh_locl.h b/crypto/heimdal/appl/rsh/rsh_locl.h index a288d12..0d54a3e 100644 --- a/crypto/heimdal/appl/rsh/rsh_locl.h +++ b/crypto/heimdal/appl/rsh/rsh_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: rsh_locl.h,v 1.27 2002/08/12 15:09:16 joda Exp $ */ +/* $Id: rsh_locl.h,v 1.28 2002/09/03 20:03:46 joda Exp $ */ #ifdef HAVE_CONFIG_H #include <config.h> @@ -99,6 +99,7 @@ #endif #ifdef KRB5 #include <krb5.h> +#include <krb5-private.h> /* for _krb5_{get,put}_int */ #endif #ifdef KRB4 #include <kafs.h> @@ -132,25 +133,30 @@ extern int do_encrypt; extern krb5_context context; extern krb5_keyblock *keyblock; extern krb5_crypto crypto; +extern int key_usage; +extern void *ivec_in[2]; +extern void *ivec_out[2]; +void init_ivecs(int); #endif #ifdef KRB4 extern des_key_schedule schedule; extern des_cblock iv; #endif -#define KCMD_VERSION "KCMDV0.1" +#define KCMD_OLD_VERSION "KCMDV0.1" +#define KCMD_NEW_VERSION "KCMDV0.2" #define USERNAME_SZ 16 #define COMMAND_SZ 1024 -#define RSH_BUFSIZ (16 * 1024) +#define RSH_BUFSIZ (5 * 1024) /* MIT kcmd can't handle larger buffers */ #define PATH_RSH BINDIR "/rsh" #if defined(KRB4) || defined(KRB5) -ssize_t do_read (int fd, void *buf, size_t sz); -ssize_t do_write (int fd, void *buf, size_t sz); +ssize_t do_read (int, void*, size_t, void*); +ssize_t do_write (int, void*, size_t, void*); #else -#define do_write(F, B, L) write((F), (B), (L)) -#define do_read(F, B, L) read((F), (B), (L)) +#define do_write(F, B, L, I) write((F), (B), (L)) +#define do_read(F, B, L, I) read((F), (B), (L)) #endif diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c index fc2df7f..bec9bf4 100644 --- a/crypto/heimdal/appl/rsh/rshd.c +++ b/crypto/heimdal/appl/rsh/rshd.c @@ -32,7 +32,7 @@ */ #include "rsh_locl.h" -RCSID("$Id: rshd.c,v 1.46 2002/02/18 20:02:14 joda Exp $"); +RCSID("$Id: rshd.c,v 1.47 2002/09/03 20:03:26 joda Exp $"); int login_access( struct passwd *user, char *from); @@ -199,7 +199,7 @@ recv_krb4_auth (int s, u_char *buf, version); if (status != KSUCCESS) syslog_and_die ("recvauth: %s", krb_get_err_text(status)); - if (strncmp (version, KCMD_VERSION, KRB_SENDAUTH_VLEN) != 0) + if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0) syslog_and_die ("bad version: %s", version); read_str (s, server_username, USERNAME_SZ, "remote username"); @@ -277,6 +277,24 @@ krb5_start_session (void) return; } +static int protocol_version; + +static krb5_boolean +match_kcmd_version(const void *data, const char *version) +{ + if(strcmp(version, KCMD_NEW_VERSION) == 0) { + protocol_version = 2; + return TRUE; + } + if(strcmp(version, KCMD_OLD_VERSION) == 0) { + protocol_version = 1; + key_usage = KRB5_KU_OTHER_ENCRYPTED; + return TRUE; + } + return FALSE; +} + + static int recv_krb5_auth (int s, u_char *buf, struct sockaddr *thisaddr, @@ -311,14 +329,15 @@ recv_krb5_auth (int s, u_char *buf, syslog_and_die ("krb5_sock_to_principal: %s", krb5_get_err_text(context, status)); - status = krb5_recvauth(context, - &auth_context, - &s, - KCMD_VERSION, - server, - KRB5_RECVAUTH_IGNORE_VERSION, - NULL, - &ticket); + status = krb5_recvauth_match_version(context, + &auth_context, + &s, + match_kcmd_version, + NULL, + server, + KRB5_RECVAUTH_IGNORE_VERSION, + NULL, + &ticket); krb5_free_principal (context, server); if (status) syslog_and_die ("krb5_recvauth: %s", @@ -328,8 +347,17 @@ recv_krb5_auth (int s, u_char *buf, read_str (s, cmd, COMMAND_SZ, "command"); read_str (s, client_username, COMMAND_SZ, "local username"); - status = krb5_auth_con_getkey (context, auth_context, &keyblock); - if (status) + if(protocol_version == 2) { + status = krb5_auth_con_getremotesubkey(context, auth_context, + &keyblock); + if(status != 0 || keyblock == NULL) + syslog_and_die("failed to get remote subkey"); + } else if(protocol_version == 1) { + status = krb5_auth_con_getkey (context, auth_context, &keyblock); + if(status != 0 || keyblock == NULL) + syslog_and_die("failed to get key"); + } + if (status != 0 || keyblock == NULL) syslog_and_die ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status)); @@ -436,6 +464,11 @@ loop (int from0, int to0, if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE) errx (1, "fd too large"); +#ifdef KRB5 + if(auth_method == AUTH_KRB5 && protocol_version == 2) + init_ivecs(0); +#endif + FD_ZERO(&real_readset); FD_SET(from0, &real_readset); FD_SET(from1, &real_readset); @@ -454,7 +487,7 @@ loop (int from0, int to0, syslog_and_die ("select: %m"); } if (FD_ISSET(from0, &readset)) { - ret = do_read (from0, buf, sizeof(buf)); + ret = do_read (from0, buf, sizeof(buf), ivec_in[0]); if (ret < 0) syslog_and_die ("read: %m"); else if (ret == 0) { @@ -475,7 +508,7 @@ loop (int from0, int to0, if (--count == 0) exit (0); } else - do_write (to1, buf, ret); + do_write (to1, buf, ret, ivec_out[0]); } if (FD_ISSET(from2, &readset)) { ret = read (from2, buf, sizeof(buf)); @@ -488,7 +521,7 @@ loop (int from0, int to0, if (--count == 0) exit (0); } else - do_write (to2, buf, ret); + do_write (to2, buf, ret, ivec_out[1]); } } } diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c index 175f375..0750f4f 100644 --- a/crypto/heimdal/appl/su/su.c +++ b/crypto/heimdal/appl/su/su.c @@ -32,7 +32,7 @@ #include <config.h> -RCSID("$Id: su.c,v 1.24 2002/02/19 13:01:15 joda Exp $"); +RCSID("$Id: su.c,v 1.25 2002/09/10 20:03:47 joda Exp $"); #include <stdio.h> #include <stdlib.h> @@ -50,11 +50,7 @@ RCSID("$Id: su.c,v 1.24 2002/02/19 13:01:15 joda Exp $"); #include <pwd.h> -#ifdef HAVE_OPENSSL -#include <openssl/des.h> -#else -#include <des.h> -#endif +#include "crypto-headers.h" #ifdef KRB5 #include <krb5.h> #endif diff --git a/crypto/heimdal/appl/telnet/ChangeLog b/crypto/heimdal/appl/telnet/ChangeLog index d8bc151..f696871 100644 --- a/crypto/heimdal/appl/telnet/ChangeLog +++ b/crypto/heimdal/appl/telnet/ChangeLog @@ -1,5 +1,13 @@ +2002-09-02 Johan Danielsson <joda@pdc.kth.se> + + * libtelnet/kerberos5.c: set AP_OPTS_USE_SUBKEY + 2002-08-28 Johan Danielsson <joda@pdc.kth.se> + * telnet/commands.c: remove extra "Toggle"'s + + * telnet/commands.c: IRIX == 4 -> IRIX4 + * telnet/main.c: rename functions to what they're really called * telnet/commands.c: kill some might be uninitialized warnings diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c index 6b5c989..537d22f 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c +++ b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c @@ -33,7 +33,7 @@ #include <config.h> -RCSID("$Id: enc_des.c,v 1.20 2001/08/29 00:45:19 assar Exp $"); +RCSID("$Id: enc_des.c,v 1.21 2002/09/10 20:03:47 joda Exp $"); #if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION) #include <arpa/telnet.h> @@ -50,11 +50,7 @@ RCSID("$Id: enc_des.c,v 1.20 2001/08/29 00:45:19 assar Exp $"); #include "encrypt.h" #include "misc-proto.h" -#ifdef HAVE_OPENSSL -#include <openssl/des.h> -#else -#include <des.h> -#endif +#include "crypto-headers.h" extern int encrypt_debug_mode; diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h index 41a138b..3b04bd5 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h +++ b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h @@ -55,7 +55,7 @@ * or implied warranty. */ -/* $Id: encrypt.h,v 1.7 2001/08/22 20:30:22 assar Exp $ */ +/* $Id: encrypt.h,v 1.8 2002/09/10 20:03:47 joda Exp $ */ #ifndef __ENCRYPT__ #define __ENCRYPT__ @@ -90,11 +90,9 @@ typedef struct { #define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */ +#include "crypto-headers.h" #ifdef HAVE_OPENSSL -#include <openssl/des.h> #define des_new_random_key des_random_key -#else -#include <des.h> #endif #include "enc-proto.h" diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c index ef4d4ac..8a4bf69 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c +++ b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c @@ -53,7 +53,7 @@ #include <config.h> -RCSID("$Id: kerberos5.c,v 1.50 2002/08/28 20:55:53 joda Exp $"); +RCSID("$Id: kerberos5.c,v 1.51 2002/09/02 15:33:20 joda Exp $"); #ifdef KRB5 @@ -206,6 +206,8 @@ kerberos5_send(char *name, Authenticator *ap) ap_opts = AP_OPTS_MUTUAL_REQUIRED; else ap_opts = 0; + + ap_opts |= AP_OPTS_USE_SUBKEY; ret = krb5_auth_con_init (context, &auth_context); if (ret) { diff --git a/crypto/heimdal/cf/ChangeLog b/crypto/heimdal/cf/ChangeLog index 9629a38..5421d90 100644 --- a/crypto/heimdal/cf/ChangeLog +++ b/crypto/heimdal/cf/ChangeLog @@ -1,3 +1,31 @@ +2002-09-10 Johan Danielsson <joda@pdc.kth.se> + + * crypto.m4: use m4 macros for test cases, also test for older + hash names + + * test-package.m4: include dep libraries in LIB_* + + * crypto.m4: move krb4 test before test for openssl, and bail out + if krb4 is requested, but the crypto library is not the same as + krb4 + + * db.m4: filter contents of LDFLAGS + +2002-09-09 Johan Danielsson <joda@pdc.kth.se> + + * auth-modules.m4: rename to rk_AUTH_MODULES + + * auth-modules.m4: only include modules explicitly asked for + +2002-09-04 Johan Danielsson <joda@pdc.kth.se> + + * roken-frag.m4: test for res_nsearch + +2002-09-03 Assar Westerlund <assar@kth.se> + + * roken-frag.m4: check for sys/mman.h and mmap (used by + parse_reply-test) + 2002-08-28 Assar Westerlund <assar@kth.se> * krb-readline.m4: also add LIB_tgetent in the case of editline diff --git a/crypto/heimdal/cf/auth-modules.m4 b/crypto/heimdal/cf/auth-modules.m4 index 675d573..18036c2 100644 --- a/crypto/heimdal/cf/auth-modules.m4 +++ b/crypto/heimdal/cf/auth-modules.m4 @@ -1,16 +1,22 @@ -dnl $Id: auth-modules.m4,v 1.3 2002/08/28 15:04:57 nectar Exp $ +dnl $Id: auth-modules.m4,v 1.5 2002/09/09 13:31:45 joda Exp $ dnl dnl Figure what authentication modules should be built +dnl +dnl rk_AUTH_MODULES(module-list) -AC_DEFUN(AC_AUTH_MODULES,[ -AC_MSG_CHECKING(which authentication modules should be built) +AC_DEFUN(rk_AUTH_MODULES,[ +AC_MSG_CHECKING([which authentication modules should be built]) +z='m4_ifval([$1], $1, [sia pam afskauthlib])' LIB_AUTH_SUBDIRS= - +for i in $z; do +case $i in +sia) if test "$ac_cv_header_siad_h" = yes; then LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" fi - +;; +pam) case "${host}" in *-*-freebsd*) ac_cv_want_pam_krb4=no ;; *) ac_cv_want_pam_krb4=yes ;; @@ -21,12 +27,19 @@ if test "$ac_cv_want_pam_krb4" = yes -a \ "$enable_shared" = yes; then LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" fi - +;; +afskauthlib) case "${host}" in *-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; esac - -AC_MSG_RESULT($LIB_AUTH_SUBDIRS) +;; +esac +done +if test "$LIB_AUTH_SUBDIRS"; then + AC_MSG_RESULT($LIB_AUTH_SUBDIRS) +else + AC_MSG_RESULT(none) +fi AC_SUBST(LIB_AUTH_SUBDIRS)dnl ]) diff --git a/crypto/heimdal/cf/crypto.m4 b/crypto/heimdal/cf/crypto.m4 index 359aa30..4cd6ad0 100644 --- a/crypto/heimdal/cf/crypto.m4 +++ b/crypto/heimdal/cf/crypto.m4 @@ -1,10 +1,54 @@ -dnl $Id: crypto.m4,v 1.11 2002/08/28 23:09:05 assar Exp $ +dnl $Id: crypto.m4,v 1.13 2002/09/10 19:55:48 joda Exp $ dnl dnl test for crypto libraries: dnl - libcrypto (from openssl) dnl - libdes (from krb4) dnl - own-built libdes +m4_define([test_headers], [ + #undef KRB5 /* makes md4.h et al unhappy */ + #ifdef HAVE_OPENSSL + #include <openssl/md4.h> + #include <openssl/md5.h> + #include <openssl/sha.h> + #include <openssl/des.h> + #include <openssl/rc4.h> + #else + #include <md4.h> + #include <md5.h> + #include <sha.h> + #include <des.h> + #include <rc4.h> + #endif + #ifdef OLD_HASH_NAMES + typedef struct md4 MD4_CTX; + #define MD4_Init(C) md4_init((C)) + #define MD4_Update(C, D, L) md4_update((C), (D), (L)) + #define MD4_Final(D, C) md4_finito((C), (D)) + typedef struct md5 MD5_CTX; + #define MD5_Init(C) md5_init((C)) + #define MD5_Update(C, D, L) md5_update((C), (D), (L)) + #define MD5_Final(D, C) md5_finito((C), (D)) + typedef struct sha SHA_CTX; + #define SHA1_Init(C) sha_init((C)) + #define SHA1_Update(C, D, L) sha_update((C), (D), (L)) + #define SHA1_Final(D, C) sha_finito((C), (D)) + #endif + ]) +m4_define([test_body], [ + void *schedule = 0; + MD4_CTX md4; + MD5_CTX md5; + SHA_CTX sha1; + + MD4_Init(&md4); + MD5_Init(&md5); + SHA1_Init(&sha1); + + des_cbc_encrypt(0, 0, 0, schedule, 0, 0); + RC4(0, 0, 0, 0);]) + + AC_DEFUN([KRB_CRYPTO],[ crypto_lib=unknown AC_WITH_ALL([openssl]) @@ -14,49 +58,7 @@ DIR_des= AC_MSG_CHECKING([for crypto library]) openssl=no -if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then - - save_CPPFLAGS="$CPPFLAGS" - save_LIBS="$LIBS" - INCLUDE_des= - LIB_des= - if test "$with_openssl_include" != ""; then - INCLUDE_des="-I${with_openssl}/include" - fi - if test "$with_openssl_lib" != ""; then - LIB_des="-L${with_openssl}/lib" - fi - CPPFLAGS="${INCLUDE_des} ${CPPFLAGS}" - LIB_des="${LIB_des} -lcrypto" - LIB_des_a="$LIB_des" - LIB_des_so="$LIB_des" - LIB_des_appl="$LIB_des" - LIBS="${LIBS} ${LIB_des}" - AC_TRY_LINK([ - #include <openssl/md4.h> - #include <openssl/md5.h> - #include <openssl/sha.h> - #include <openssl/des.h> - #include <openssl/rc4.h> - ], - [ - void *schedule = 0; - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, schedule, 0, 0); - RC4(0, 0, 0, 0); - ], [ - crypto_lib=libcrypto openssl=yes - AC_MSG_RESULT([libcrypto])]) - CPPFLAGS="$save_CPPFLAGS" - LIBS="$save_LIBS" -fi +old_hash=no if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then save_CPPFLAGS="$CPPFLAGS" @@ -72,91 +74,22 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then ires= for i in $INCLUDE_krb4; do + CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS" + AC_TRY_COMPILE(test_headers, test_body, + openssl=yes ires="$i"; break) CFLAGS="$i $save_CFLAGS" - AC_TRY_COMPILE([ - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <openssl/md4.h> - #include <openssl/md5.h> - #include <openssl/sha.h> - #include <openssl/des.h> - #include <openssl/rc4.h> - ], [ - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0);],openssl=yes ires="$i"; break) - AC_TRY_COMPILE([ - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <md4.h> - #include <md5.h> - #include <sha.h> - #include <des.h> - #include <rc4.h> - ], [ - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0);],ires="$i"; break) + AC_TRY_COMPILE(test_headers, test_body, + openssl=no ires="$i"; break) + CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS" + AC_TRY_COMPILE(test_headers, test_body, + openssl=no ires="$i" old_hash=yes; break) done lres= for i in $cdirs; do for j in $clibs; do LIBS="$i $j $save_LIBS" - if test "$openssl" = yes; then - AC_TRY_LINK([ - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <openssl/md4.h> - #include <openssl/md5.h> - #include <openssl/sha.h> - #include <openssl/des.h> - #include <openssl/rc4.h> - ], [ - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0);],lres="$i $j"; break 2) - else - AC_TRY_LINK([ - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <md4.h> - #include <md5.h> - #include <sha.h> - #include <des.h> - #include <rc4.h> - ], [ - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0);],lres="$i $j"; break 2) - fi + AC_TRY_LINK(test_headers, test_body, + lres="$i $j"; break 2) done done CFLAGS="$save_CFLAGS" @@ -172,6 +105,31 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then fi fi +if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + INCLUDE_des= + LIB_des= + if test "$with_openssl_include" != ""; then + INCLUDE_des="-I${with_openssl}/include" + fi + if test "$with_openssl_lib" != ""; then + LIB_des="-L${with_openssl}/lib" + fi + CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}" + LIB_des="${LIB_des} -lcrypto" + LIB_des_a="$LIB_des" + LIB_des_so="$LIB_des" + LIB_des_appl="$LIB_des" + LIBS="${LIBS} ${LIB_des}" + AC_TRY_LINK(test_headers, test_body, [ + crypto_lib=libcrypto openssl=yes + AC_MSG_RESULT([libcrypto]) + ]) + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + if test "$crypto_lib" = "unknown"; then DIR_des='des' @@ -184,9 +142,19 @@ if test "$crypto_lib" = "unknown"; then fi +if test "$with_krb4" != no -a "$crypto_lib" != krb4; then + AC_MSG_ERROR([the crypto library used by krb4 lacks features +required by Kerberos 5; to continue, you need to install a newer +Kerberos 4 or configure --without-krb4]) +fi + if test "$openssl" = "yes"; then AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto]) fi +if test "$old_hash" = yes; then + AC_DEFINE([HAVE_OLD_HASH_NAMES], 1, + [define if you have hash functions like md4_finito()]) +fi AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl AC_SUBST(DIR_des) diff --git a/crypto/heimdal/cf/db.m4 b/crypto/heimdal/cf/db.m4 index e2b52f2..7646bf6 100644 --- a/crypto/heimdal/cf/db.m4 +++ b/crypto/heimdal/cf/db.m4 @@ -1,4 +1,4 @@ -dnl $Id: db.m4,v 1.8 2002/05/17 15:32:21 joda Exp $ +dnl $Id: db.m4,v 1.9 2002/09/10 14:29:47 joda Exp $ dnl dnl tests for various db libraries dnl @@ -190,7 +190,15 @@ AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl -DBLIB="$LDFLAGS $DBLIB" +## it's probably not correct to include LDFLAGS here, but we might +## need it, for now just add any possible -L +z="" +for i in $LDFLAGS; do + case "$i" in + -L*) z="$z $i";; + esac +done +DBLIB="$z $DBLIB" AC_SUBST(DBLIB)dnl AC_SUBST(LIB_NDBM)dnl ]) diff --git a/crypto/heimdal/cf/roken-frag.m4 b/crypto/heimdal/cf/roken-frag.m4 index 51e39cc..21cf12c 100644 --- a/crypto/heimdal/cf/roken-frag.m4 +++ b/crypto/heimdal/cf/roken-frag.m4 @@ -1,4 +1,4 @@ -dnl $Id: roken-frag.m4,v 1.42 2002/08/26 13:26:52 assar Exp $ +dnl $Id: roken-frag.m4,v 1.44 2002/09/04 20:57:30 joda Exp $ dnl dnl some code to get roken working dnl @@ -69,6 +69,7 @@ AC_CHECK_HEADERS([\ shadow.h \ sys/bswap.h \ sys/ioctl.h \ + sys/mman.h \ sys/param.h \ sys/proc.h \ sys/resource.h \ @@ -126,6 +127,24 @@ AC_FIND_FUNC(res_search, resolv, ], [0,0,0,0,0]) +AC_FIND_FUNC(res_nsearch, resolv, +[ +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif +], +[0,0,0,0,0]) + AC_FIND_FUNC(dn_expand, resolv, [ #include <stdio.h> @@ -205,6 +224,8 @@ fi AC_REQUIRE([AC_FUNC_GETLOGIN]) +AC_REQUIRE([AC_FUNC_MMAP]) + AC_FIND_FUNC_NO_LIBS(getsockopt,, [#ifdef HAVE_SYS_TYPES_H #include <sys/types.h> diff --git a/crypto/heimdal/cf/test-package.m4 b/crypto/heimdal/cf/test-package.m4 index 00e7f34..9cdccc7 100644 --- a/crypto/heimdal/cf/test-package.m4 +++ b/crypto/heimdal/cf/test-package.m4 @@ -1,4 +1,4 @@ -dnl $Id: test-package.m4,v 1.11 2002/08/28 19:30:48 joda Exp $ +dnl $Id: test-package.m4,v 1.12 2002/09/10 15:23:38 joda Exp $ dnl dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs, dnl default locations, conditional, config-program) @@ -101,7 +101,7 @@ if test "$with_$1" != no; then done if test "$ires" -a "$lres" -a "$with_$1" != "no"; then INCLUDE_$1="-I$ires" - LIB_$1="-L$lres $3" + LIB_$1="-L$lres $3 $4" found=yes AC_MSG_RESULT([headers $ires, libraries $lres]) fi diff --git a/crypto/heimdal/configure b/crypto/heimdal/configure index a40c6ac..0225d4c 100755 --- a/crypto/heimdal/configure +++ b/crypto/heimdal/configure @@ -1,5 +1,5 @@ #! /bin/sh -# From configure.in Revision: 1.320 . +# From configure.in Revision: 1.325 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.53 for Heimdal 0.4f. # @@ -420,6 +420,7 @@ PACKAGE_VERSION='0.4f' PACKAGE_STRING='Heimdal 0.4f' PACKAGE_BUGREPORT='heimdal-bugs@pdc.kth.se' +ac_unique_file="kuser/kinit.c" ac_default_prefix=/usr/heimdal # Factoring default headers for most tests. ac_includes_default="\ @@ -1001,14 +1002,16 @@ Optional Features: --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-dependency-tracking Speeds up one-time builds --enable-dependency-tracking Do not reject slow dependency extractors + --disable-largefile omit support for large files --enable-shared=PKGS build shared libraries default=no --enable-static=PKGS build static libraries default=yes --enable-fast-install=PKGS optimize for fast installation default=yes --disable-libtool-lock avoid locking (might break parallel builds) - --disable-berkeley-db if you don't want berkeley db --enable-dce if you want support for DCE/DFS PAG's + --disable-berkeley-db if you don't want berkeley db --disable-otp if you don't want OTP support --enable-osfc2 enable some OSF C2 support + --disable-mmap disable use of mmap --enable-bigendian the target is big endian --enable-littleendian the target is little endian --disable-dynamic-afs do not use loaded AFS library with AIX @@ -1020,7 +1023,6 @@ Optional Packages: --with-mips-abi=abi ABI to use for IRIX (32, n32, or 64) --with-gnu-ld assume the C compiler uses GNU ld default=no --with-pic try to use only PIC/non-PIC objects default=use both - --without-ipv6 do not enable IPv6 support --with-openldap=dir use openldap in dir --with-openldap-lib=dir use openldap libraries in dir --with-openldap-include=dir @@ -1031,6 +1033,11 @@ Optional Packages: --with-krb4-lib=dir use krb4 libraries in dir --with-krb4-include=dir use krb4 headers in dir --with-krb4-config=path config program for krb4 + --with-openssl=dir use openssl in dir + --with-openssl-lib=dir use openssl libraries in dir + --with-openssl-include=dir + use openssl headers in dir + --without-ipv6 do not enable IPv6 support --with-readline=dir use readline in dir --with-readline-lib=dir use readline libraries in dir --with-readline-include=dir @@ -1044,10 +1051,6 @@ Optional Packages: --with-hesiod-config=path config program for hesiod --with-x use the X Window System - --with-openssl=dir use openssl in dir - --with-openssl-lib=dir use openssl libraries in dir - --with-openssl-include=dir - use openssl headers in dir Some influential environment variables: CC C compiler command @@ -1417,6 +1420,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu + # Add the stamp file to the list of files AC keeps track of, # along with our hook. ac_config_headers="$ac_config_headers include/config.h" @@ -3066,6 +3070,320 @@ host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` CANONICAL_HOST=$host +# Check whether --enable-largefile or --disable-largefile was given. +if test "${enable_largefile+set}" = set; then + enableval="$enable_largefile" + +fi; +if test "$enable_largefile" != no; then + + echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5 +echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6 +if test "${ac_cv_sys_largefile_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_sys_largefile_CC=no + if test "$GCC" != yes; then + ac_save_CC=$CC + while :; do + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <sys/types.h> + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF + rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext + CC="$CC -n32" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_sys_largefile_CC=' -n32'; break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext + break + done + CC=$ac_save_CC + rm -f conftest.$ac_ext + fi +fi +echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5 +echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6 + if test "$ac_cv_sys_largefile_CC" != no; then + CC=$CC$ac_cv_sys_largefile_CC + fi + + echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6 +if test "${ac_cv_sys_file_offset_bits+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + while :; do + ac_cv_sys_file_offset_bits=no + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <sys/types.h> + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#define _FILE_OFFSET_BITS 64 +#include <sys/types.h> + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_sys_file_offset_bits=64; break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext + break +done +fi +echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5 +echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6 +if test "$ac_cv_sys_file_offset_bits" != no; then + +cat >>confdefs.h <<_ACEOF +#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits +_ACEOF + +fi +rm -f conftest* + echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5 +echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6 +if test "${ac_cv_sys_large_files+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + while :; do + ac_cv_sys_large_files=no + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <sys/types.h> + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#define _LARGE_FILES 1 +#include <sys/types.h> + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_sys_large_files=1; break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext + break +done +fi +echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5 +echo "${ECHO_T}$ac_cv_sys_large_files" >&6 +if test "$ac_cv_sys_large_files" != no; then + +cat >>confdefs.h <<_ACEOF +#define _LARGE_FILES $ac_cv_sys_large_files +_ACEOF + +fi +rm -f conftest* +fi + + cat >>confdefs.h <<\_ACEOF #define _GNU_SOURCE 1 @@ -4918,7 +5236,7 @@ test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes case $host in *-*-irix6*) # Find out which ABI we are using. - echo '#line 4921 "configure"' > conftest.$ac_ext + echo '#line 5239 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5454,7 +5772,7 @@ chmod -w . save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -o out/conftest2.$ac_objext" compiler_c_o=no -if { (eval echo configure:5457: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then +if { (eval echo configure:5775: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings if test -s out/conftest.err; then @@ -7247,7 +7565,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 7250 "configure" +#line 7568 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -7345,7 +7663,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 7348 "configure" +#line 7666 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -8086,6 +8404,2376 @@ fi + +# Check whether --with-openldap or --without-openldap was given. +if test "${with_openldap+set}" = set; then + withval="$with_openldap" + +fi; + +# Check whether --with-openldap-lib or --without-openldap-lib was given. +if test "${with_openldap_lib+set}" = set; then + withval="$with_openldap_lib" + if test "$withval" = "yes" -o "$withval" = "no"; then + { { echo "$as_me:$LINENO: error: No argument for --with-openldap-lib" >&5 +echo "$as_me: error: No argument for --with-openldap-lib" >&2;} + { (exit 1); exit 1; }; } +elif test "X$with_openldap" = "X"; then + with_openldap=yes +fi +fi; + +# Check whether --with-openldap-include or --without-openldap-include was given. +if test "${with_openldap_include+set}" = set; then + withval="$with_openldap_include" + if test "$withval" = "yes" -o "$withval" = "no"; then + { { echo "$as_me:$LINENO: error: No argument for --with-openldap-include" >&5 +echo "$as_me: error: No argument for --with-openldap-include" >&2;} + { (exit 1); exit 1; }; } +elif test "X$with_openldap" = "X"; then + with_openldap=yes +fi +fi; + +# Check whether --with-openldap-config or --without-openldap-config was given. +if test "${with_openldap_config+set}" = set; then + withval="$with_openldap_config" + +fi; + + + +echo "$as_me:$LINENO: checking for openldap" >&5 +echo $ECHO_N "checking for openldap... $ECHO_C" >&6 + +case "$with_openldap" in +yes|"") d='' ;; +no) d= ;; +*) d="$with_openldap" ;; +esac + +header_dirs= +lib_dirs= +for i in $d; do + if test "$with_openldap_include" = ""; then + if test -d "$i/include/openldap"; then + header_dirs="$header_dirs $i/include/openldap" + fi + if test -d "$i/include"; then + header_dirs="$header_dirs $i/include" + fi + fi + if test "$with_openldap_lib" = ""; then + if test -d "$i/lib$abilibdirext"; then + lib_dirs="$lib_dirs $i/lib$abilibdirext" + fi + fi +done + +if test "$with_openldap_include"; then + header_dirs="$with_openldap_include $header_dirs" +fi +if test "$with_openldap_lib"; then + lib_dirs="$with_openldap_lib $lib_dirs" +fi + +if test "$with_openldap_config" = ""; then + with_openldap_config='' +fi + +openldap_cflags= +openldap_libs= + +case "$with_openldap_config" in +yes|no|"") + ;; +*) + openldap_cflags="`$with_openldap_config --cflags 2>&1`" + openldap_libs="`$with_openldap_config --libs 2>&1`" + ;; +esac + +found=no +if test "$with_openldap" != no; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + if test "$openldap_cflags" -a "$openldap_libs"; then + CFLAGS="$openldap_cflags $save_CFLAGS" + LIBS="$openldap_libs $save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <lber.h> +#include <ldap.h> +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + + INCLUDE_openldap="$openldap_cflags" + LIB_openldap="$openldap_libs" + echo "$as_me:$LINENO: result: from $with_openldap_config" >&5 +echo "${ECHO_T}from $with_openldap_config" >&6 + found=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + fi + if test "$found" = no; then + ires= lres= + for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <lber.h> +#include <ldap.h> +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ires=$i;break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext + done + for i in $lib_dirs; do + LIBS="-L$i -lldap -llber $save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <lber.h> +#include <ldap.h> +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + lres=$i;break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + if test "$ires" -a "$lres" -a "$with_openldap" != "no"; then + INCLUDE_openldap="-I$ires" + LIB_openldap="-L$lres -lldap -llber " + found=yes + echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5 +echo "${ECHO_T}headers $ires, libraries $lres" >&6 + fi + fi + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + +if test "$found" = yes; then + +cat >>confdefs.h <<_ACEOF +#define OPENLDAP 1 +_ACEOF + + with_openldap=yes +else + with_openldap=no + INCLUDE_openldap= + LIB_openldap= + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + + + + + + +# Check whether --with-krb4 or --without-krb4 was given. +if test "${with_krb4+set}" = set; then + withval="$with_krb4" + +fi; + +# Check whether --with-krb4-lib or --without-krb4-lib was given. +if test "${with_krb4_lib+set}" = set; then + withval="$with_krb4_lib" + if test "$withval" = "yes" -o "$withval" = "no"; then + { { echo "$as_me:$LINENO: error: No argument for --with-krb4-lib" >&5 +echo "$as_me: error: No argument for --with-krb4-lib" >&2;} + { (exit 1); exit 1; }; } +elif test "X$with_krb4" = "X"; then + with_krb4=yes +fi +fi; + +# Check whether --with-krb4-include or --without-krb4-include was given. +if test "${with_krb4_include+set}" = set; then + withval="$with_krb4_include" + if test "$withval" = "yes" -o "$withval" = "no"; then + { { echo "$as_me:$LINENO: error: No argument for --with-krb4-include" >&5 +echo "$as_me: error: No argument for --with-krb4-include" >&2;} + { (exit 1); exit 1; }; } +elif test "X$with_krb4" = "X"; then + with_krb4=yes +fi +fi; + +# Check whether --with-krb4-config or --without-krb4-config was given. +if test "${with_krb4_config+set}" = set; then + withval="$with_krb4_config" + +fi; + + + +echo "$as_me:$LINENO: checking for krb4" >&5 +echo $ECHO_N "checking for krb4... $ECHO_C" >&6 + +case "$with_krb4" in +yes|"") d='/usr/athena' ;; +no) d= ;; +*) d="$with_krb4" ;; +esac + +header_dirs= +lib_dirs= +for i in $d; do + if test "$with_krb4_include" = ""; then + if test -d "$i/include/krb4"; then + header_dirs="$header_dirs $i/include/krb4" + fi + if test -d "$i/include"; then + header_dirs="$header_dirs $i/include" + fi + fi + if test "$with_krb4_lib" = ""; then + if test -d "$i/lib$abilibdirext"; then + lib_dirs="$lib_dirs $i/lib$abilibdirext" + fi + fi +done + +if test "$with_krb4_include"; then + header_dirs="$with_krb4_include $header_dirs" +fi +if test "$with_krb4_lib"; then + lib_dirs="$with_krb4_lib $lib_dirs" +fi + +if test "$with_krb4_config" = ""; then + with_krb4_config='krb4-config' +fi + +krb4_cflags= +krb4_libs= + +case "$with_krb4_config" in +yes|no|"") + ;; +*) + krb4_cflags="`$with_krb4_config --cflags 2>&1`" + krb4_libs="`$with_krb4_config --libs 2>&1`" + ;; +esac + +found=no +if test "$with_krb4" != no; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + if test "$krb4_cflags" -a "$krb4_libs"; then + CFLAGS="$krb4_cflags $save_CFLAGS" + LIBS="$krb4_libs $save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <krb.h> +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + + INCLUDE_krb4="$krb4_cflags" + LIB_krb4="$krb4_libs" + echo "$as_me:$LINENO: result: from $with_krb4_config" >&5 +echo "${ECHO_T}from $with_krb4_config" >&6 + found=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + fi + if test "$found" = no; then + ires= lres= + for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <krb.h> +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ires=$i;break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext + done + for i in $lib_dirs; do + LIBS="-L$i -lkrb -ldes $save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <krb.h> +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + lres=$i;break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + if test "$ires" -a "$lres" -a "$with_krb4" != "no"; then + INCLUDE_krb4="-I$ires" + LIB_krb4="-L$lres -lkrb -ldes" + found=yes + echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5 +echo "${ECHO_T}headers $ires, libraries $lres" >&6 + fi + fi + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + +if test "$found" = yes; then + +cat >>confdefs.h <<_ACEOF +#define KRB4 1 +_ACEOF + + with_krb4=yes +else + with_krb4=no + INCLUDE_krb4= + LIB_krb4= + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + + + + +LIB_kdb= +if test "$with_krb4" != "no"; then + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $INCLUDE_krb4" + save_LIBS="$LIBS" + LIBS="$LIB_krb4 $LIBS" + EXTRA_LIB45=lib45.a + + echo "$as_me:$LINENO: checking for four valued krb_put_int" >&5 +echo $ECHO_N "checking for four valued krb_put_int... $ECHO_C" >&6 +if test "${ac_cv_func_krb_put_int_four+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <krb.h> +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + char tmp[4]; + krb_put_int(17, tmp, 4, sizeof(tmp)); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_krb_put_int_four=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_krb_put_int_four=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext + +fi +echo "$as_me:$LINENO: result: $ac_cv_func_krb_put_int_four" >&5 +echo "${ECHO_T}$ac_cv_func_krb_put_int_four" >&6 + if test "$ac_cv_func_krb_put_int_four" = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_FOUR_VALUED_KRB_PUT_INT 1 +_ACEOF + + fi + + + echo "$as_me:$LINENO: checking for KRB_VERIFY_SECURE" >&5 +echo $ECHO_N "checking for KRB_VERIFY_SECURE... $ECHO_C" >&6 +if test "${ac_cv_func_krb_verify_secure+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <krb.h> +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + int x = KRB_VERIFY_SECURE + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_krb_verify_secure=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_krb_verify_secure=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext + +fi +echo "$as_me:$LINENO: result: $ac_cv_func_krb_verify_secure" >&5 +echo "${ECHO_T}$ac_cv_func_krb_verify_secure" >&6 + if test "$ac_cv_func_krb_verify_secure" != yes; then + +cat >>confdefs.h <<\_ACEOF +#define KRB_VERIFY_SECURE 1 +_ACEOF + + +cat >>confdefs.h <<\_ACEOF +#define KRB_VERIFY_SECURE_FAIL 2 +_ACEOF + + fi + echo "$as_me:$LINENO: checking for KRB_VERIFY_NOT_SECURE" >&5 +echo $ECHO_N "checking for KRB_VERIFY_NOT_SECURE... $ECHO_C" >&6 +if test "${ac_cv_func_krb_verify_not_secure+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <krb.h> +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + int x = KRB_VERIFY_NOT_SECURE + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_krb_verify_not_secure=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_krb_verify_not_secure=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext + +fi +echo "$as_me:$LINENO: result: $ac_cv_func_krb_verify_not_secure" >&5 +echo "${ECHO_T}$ac_cv_func_krb_verify_not_secure" >&6 + if test "$ac_cv_func_krb_verify_not_secure" != yes; then + +cat >>confdefs.h <<\_ACEOF +#define KRB_VERIFY_NOT_SECURE 0 +_ACEOF + + fi + + + + +echo "$as_me:$LINENO: checking for krb_enable_debug" >&5 +echo $ECHO_N "checking for krb_enable_debug... $ECHO_C" >&6 +if test "${ac_cv_funclib_krb_enable_debug+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + +if eval "test \"\$ac_cv_func_krb_enable_debug\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS=" $ac_lib $ac_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +krb_enable_debug() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_enable_debug=$ac_lib; else ac_cv_funclib_krb_enable_debug=yes; fi";break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + eval "ac_cv_funclib_krb_enable_debug=\${ac_cv_funclib_krb_enable_debug-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_krb_enable_debug" + +if false; then + +for ac_func in krb_enable_debug +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +f = $ac_func; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +fi +# krb_enable_debug +eval "ac_tr_func=HAVE_`echo krb_enable_debug | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_krb_enable_debug=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_krb_enable_debug=yes" + eval "LIB_krb_enable_debug=" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + ;; + no) + eval "ac_cv_func_krb_enable_debug=no" + eval "LIB_krb_enable_debug=" + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + ;; + *) + eval "ac_cv_func_krb_enable_debug=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + cat >>confdefs.h <<_ACEOF +#define $ac_tr_lib 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 +echo "${ECHO_T}yes, in $ac_res" >&6 + ;; +esac + + +if test -n "$LIB_krb_enable_debug"; then + LIBS="$LIB_krb_enable_debug $LIBS" +fi + + + + + +echo "$as_me:$LINENO: checking for krb_disable_debug" >&5 +echo $ECHO_N "checking for krb_disable_debug... $ECHO_C" >&6 +if test "${ac_cv_funclib_krb_disable_debug+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + +if eval "test \"\$ac_cv_func_krb_disable_debug\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS=" $ac_lib $ac_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +krb_disable_debug() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_disable_debug=$ac_lib; else ac_cv_funclib_krb_disable_debug=yes; fi";break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + eval "ac_cv_funclib_krb_disable_debug=\${ac_cv_funclib_krb_disable_debug-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_krb_disable_debug" + +if false; then + +for ac_func in krb_disable_debug +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +f = $ac_func; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +fi +# krb_disable_debug +eval "ac_tr_func=HAVE_`echo krb_disable_debug | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_krb_disable_debug=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_krb_disable_debug=yes" + eval "LIB_krb_disable_debug=" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + ;; + no) + eval "ac_cv_func_krb_disable_debug=no" + eval "LIB_krb_disable_debug=" + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + ;; + *) + eval "ac_cv_func_krb_disable_debug=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + cat >>confdefs.h <<_ACEOF +#define $ac_tr_lib 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 +echo "${ECHO_T}yes, in $ac_res" >&6 + ;; +esac + + +if test -n "$LIB_krb_disable_debug"; then + LIBS="$LIB_krb_disable_debug $LIBS" +fi + + + + + +echo "$as_me:$LINENO: checking for krb_get_our_ip_for_realm" >&5 +echo $ECHO_N "checking for krb_get_our_ip_for_realm... $ECHO_C" >&6 +if test "${ac_cv_funclib_krb_get_our_ip_for_realm+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + +if eval "test \"\$ac_cv_func_krb_get_our_ip_for_realm\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS=" $ac_lib $ac_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +krb_get_our_ip_for_realm() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_get_our_ip_for_realm=$ac_lib; else ac_cv_funclib_krb_get_our_ip_for_realm=yes; fi";break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + eval "ac_cv_funclib_krb_get_our_ip_for_realm=\${ac_cv_funclib_krb_get_our_ip_for_realm-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_krb_get_our_ip_for_realm" + +if false; then + +for ac_func in krb_get_our_ip_for_realm +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +f = $ac_func; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +fi +# krb_get_our_ip_for_realm +eval "ac_tr_func=HAVE_`echo krb_get_our_ip_for_realm | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_krb_get_our_ip_for_realm=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_krb_get_our_ip_for_realm=yes" + eval "LIB_krb_get_our_ip_for_realm=" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + ;; + no) + eval "ac_cv_func_krb_get_our_ip_for_realm=no" + eval "LIB_krb_get_our_ip_for_realm=" + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + ;; + *) + eval "ac_cv_func_krb_get_our_ip_for_realm=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + cat >>confdefs.h <<_ACEOF +#define $ac_tr_lib 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 +echo "${ECHO_T}yes, in $ac_res" >&6 + ;; +esac + + +if test -n "$LIB_krb_get_our_ip_for_realm"; then + LIBS="$LIB_krb_get_our_ip_for_realm $LIBS" +fi + + + + + +echo "$as_me:$LINENO: checking for krb_kdctimeofday" >&5 +echo $ECHO_N "checking for krb_kdctimeofday... $ECHO_C" >&6 +if test "${ac_cv_funclib_krb_kdctimeofday+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + +if eval "test \"\$ac_cv_func_krb_kdctimeofday\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS=" $ac_lib $ac_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +krb_kdctimeofday() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_kdctimeofday=$ac_lib; else ac_cv_funclib_krb_kdctimeofday=yes; fi";break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + eval "ac_cv_funclib_krb_kdctimeofday=\${ac_cv_funclib_krb_kdctimeofday-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_krb_kdctimeofday" + +if false; then + +for ac_func in krb_kdctimeofday +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +f = $ac_func; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +fi +# krb_kdctimeofday +eval "ac_tr_func=HAVE_`echo krb_kdctimeofday | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_krb_kdctimeofday=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_krb_kdctimeofday=yes" + eval "LIB_krb_kdctimeofday=" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + ;; + no) + eval "ac_cv_func_krb_kdctimeofday=no" + eval "LIB_krb_kdctimeofday=" + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + ;; + *) + eval "ac_cv_func_krb_kdctimeofday=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + cat >>confdefs.h <<_ACEOF +#define $ac_tr_lib 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 +echo "${ECHO_T}yes, in $ac_res" >&6 + ;; +esac + + +if test -n "$LIB_krb_kdctimeofday"; then + LIBS="$LIB_krb_kdctimeofday $LIBS" +fi + + + + + + + +echo "$as_me:$LINENO: checking for krb_get_kdc_time_diff" >&5 +echo $ECHO_N "checking for krb_get_kdc_time_diff... $ECHO_C" >&6 +if test "${ac_cv_funclib_krb_get_kdc_time_diff+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + +if eval "test \"\$ac_cv_func_krb_get_kdc_time_diff\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS=" $ac_lib $ac_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +krb_get_kdc_time_diff() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_get_kdc_time_diff=$ac_lib; else ac_cv_funclib_krb_get_kdc_time_diff=yes; fi";break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + eval "ac_cv_funclib_krb_get_kdc_time_diff=\${ac_cv_funclib_krb_get_kdc_time_diff-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_krb_get_kdc_time_diff" + +if false; then + +for ac_func in krb_get_kdc_time_diff +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +f = $ac_func; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +fi +# krb_get_kdc_time_diff +eval "ac_tr_func=HAVE_`echo krb_get_kdc_time_diff | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_krb_get_kdc_time_diff=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_krb_get_kdc_time_diff=yes" + eval "LIB_krb_get_kdc_time_diff=" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + ;; + no) + eval "ac_cv_func_krb_get_kdc_time_diff=no" + eval "LIB_krb_get_kdc_time_diff=" + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + ;; + *) + eval "ac_cv_func_krb_get_kdc_time_diff=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + cat >>confdefs.h <<_ACEOF +#define $ac_tr_lib 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 +echo "${ECHO_T}yes, in $ac_res" >&6 + ;; +esac + + +if test -n "$LIB_krb_get_kdc_time_diff"; then + LIBS="$LIB_krb_get_kdc_time_diff $LIBS" +fi + + + + echo "$as_me:$LINENO: checking for KRB_SENDAUTH_VERS" >&5 +echo $ECHO_N "checking for KRB_SENDAUTH_VERS... $ECHO_C" >&6 +if test "${ac_cv_func_krb_sendauth_vers+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <krb.h> + #include <prot.h> +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + char *x = KRB_SENDAUTH_VERS + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_krb_sendauth_vers=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_krb_sendauth_vers=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext + +fi +echo "$as_me:$LINENO: result: $ac_cv_func_krb_sendauth_vers" >&5 +echo "${ECHO_T}$ac_cv_func_krb_sendauth_vers" >&6 + if test "$ac_cv_func_krb_sendauth_vers" != yes; then + +cat >>confdefs.h <<\_ACEOF +#define KRB_SENDAUTH_VERS "AUTHV0.1" +_ACEOF + + fi + echo "$as_me:$LINENO: checking for krb_mk_req with const arguments" >&5 +echo $ECHO_N "checking for krb_mk_req with const arguments... $ECHO_C" >&6 +if test "${ac_cv_func_krb_mk_req_const+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <krb.h> + int krb_mk_req(KTEXT a, const char *s, const char *i, + const char *r, int32_t checksum) + { return 17; } +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_krb_mk_req_const=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_krb_mk_req_const=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext + +fi +echo "$as_me:$LINENO: result: $ac_cv_func_krb_mk_req_const" >&5 +echo "${ECHO_T}$ac_cv_func_krb_mk_req_const" >&6 + if test "$ac_cv_func_krb_mk_req_const" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define KRB_MK_REQ_CONST 1 +_ACEOF + + fi + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + LIB_kdb="-lkdb -lkrb" +fi + + +if test "$with_krb4" != "no"; then + KRB4_TRUE= + KRB4_FALSE='#' +else + KRB4_TRUE='#' + KRB4_FALSE= +fi + + + +if true; then + KRB5_TRUE= + KRB5_FALSE='#' +else + KRB5_TRUE='#' + KRB5_FALSE= +fi + + + +if true; then + do_roken_rename_TRUE= + do_roken_rename_FALSE='#' +else + do_roken_rename_TRUE='#' + do_roken_rename_FALSE= +fi + + + +cat >>confdefs.h <<\_ACEOF +#define KRB5 1 +_ACEOF + + +crypto_lib=unknown + + +# Check whether --with-openssl or --without-openssl was given. +if test "${with_openssl+set}" = set; then + withval="$with_openssl" + +fi; + + +# Check whether --with-openssl-lib or --without-openssl-lib was given. +if test "${with_openssl_lib+set}" = set; then + withval="$with_openssl_lib" + if test "$withval" = "yes" -o "$withval" = "no"; then + { { echo "$as_me:$LINENO: error: No argument for --with-openssl-lib" >&5 +echo "$as_me: error: No argument for --with-openssl-lib" >&2;} + { (exit 1); exit 1; }; } +elif test "X$with_openssl" = "X"; then + with_openssl=yes +fi +fi; + + +# Check whether --with-openssl-include or --without-openssl-include was given. +if test "${with_openssl_include+set}" = set; then + withval="$with_openssl_include" + if test "$withval" = "yes" -o "$withval" = "no"; then + { { echo "$as_me:$LINENO: error: No argument for --with-openssl-include" >&5 +echo "$as_me: error: No argument for --with-openssl-include" >&2;} + { (exit 1); exit 1; }; } +elif test "X$with_openssl" = "X"; then + with_openssl=yes +fi +fi; + +case "$with_openssl" in +yes) ;; +no) ;; +"") ;; +*) if test "$with_openssl_include" = ""; then + with_openssl_include="$with_openssl/include" + fi + if test "$with_openssl_lib" = ""; then + with_openssl_lib="$with_openssl/lib$abilibdirext" + fi + ;; +esac + + +DIR_des= + +echo "$as_me:$LINENO: checking for crypto library" >&5 +echo $ECHO_N "checking for crypto library... $ECHO_C" >&6 + +openssl=no +old_hash=no + +if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then + save_CPPFLAGS="$CPPFLAGS" + save_LIBS="$LIBS" + + cdirs= clibs= + for i in $LIB_krb4; do + case "$i" in + -L*) cdirs="$cdirs $i";; + -l*) clibs="$clibs $i";; + esac + done + + ires= + for i in $INCLUDE_krb4; do + CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + + #undef KRB5 /* makes md4.h et al unhappy */ + #ifdef HAVE_OPENSSL + #include <openssl/md4.h> + #include <openssl/md5.h> + #include <openssl/sha.h> + #include <openssl/des.h> + #include <openssl/rc4.h> + #else + #include <md4.h> + #include <md5.h> + #include <sha.h> + #include <des.h> + #include <rc4.h> + #endif + #ifdef OLD_HASH_NAMES + typedef struct md4 MD4_CTX; + #define MD4_Init(C) md4_init((C)) + #define MD4_Update(C, D, L) md4_update((C), (D), (L)) + #define MD4_Final(D, C) md4_finito((C), (D)) + typedef struct md5 MD5_CTX; + #define MD5_Init(C) md5_init((C)) + #define MD5_Update(C, D, L) md5_update((C), (D), (L)) + #define MD5_Final(D, C) md5_finito((C), (D)) + typedef struct sha SHA_CTX; + #define SHA1_Init(C) sha_init((C)) + #define SHA1_Update(C, D, L) sha_update((C), (D), (L)) + #define SHA1_Final(D, C) sha_finito((C), (D)) + #endif + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + void *schedule = 0; + MD4_CTX md4; + MD5_CTX md5; + SHA_CTX sha1; + + MD4_Init(&md4); + MD5_Init(&md5); + SHA1_Init(&sha1); + + des_cbc_encrypt(0, 0, 0, schedule, 0, 0); + RC4(0, 0, 0, 0); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + openssl=yes ires="$i"; break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext + CFLAGS="$i $save_CFLAGS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + + #undef KRB5 /* makes md4.h et al unhappy */ + #ifdef HAVE_OPENSSL + #include <openssl/md4.h> + #include <openssl/md5.h> + #include <openssl/sha.h> + #include <openssl/des.h> + #include <openssl/rc4.h> + #else + #include <md4.h> + #include <md5.h> + #include <sha.h> + #include <des.h> + #include <rc4.h> + #endif + #ifdef OLD_HASH_NAMES + typedef struct md4 MD4_CTX; + #define MD4_Init(C) md4_init((C)) + #define MD4_Update(C, D, L) md4_update((C), (D), (L)) + #define MD4_Final(D, C) md4_finito((C), (D)) + typedef struct md5 MD5_CTX; + #define MD5_Init(C) md5_init((C)) + #define MD5_Update(C, D, L) md5_update((C), (D), (L)) + #define MD5_Final(D, C) md5_finito((C), (D)) + typedef struct sha SHA_CTX; + #define SHA1_Init(C) sha_init((C)) + #define SHA1_Update(C, D, L) sha_update((C), (D), (L)) + #define SHA1_Final(D, C) sha_finito((C), (D)) + #endif + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + void *schedule = 0; + MD4_CTX md4; + MD5_CTX md5; + SHA_CTX sha1; + + MD4_Init(&md4); + MD5_Init(&md5); + SHA1_Init(&sha1); + + des_cbc_encrypt(0, 0, 0, schedule, 0, 0); + RC4(0, 0, 0, 0); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + openssl=no ires="$i"; break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext + CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + + #undef KRB5 /* makes md4.h et al unhappy */ + #ifdef HAVE_OPENSSL + #include <openssl/md4.h> + #include <openssl/md5.h> + #include <openssl/sha.h> + #include <openssl/des.h> + #include <openssl/rc4.h> + #else + #include <md4.h> + #include <md5.h> + #include <sha.h> + #include <des.h> + #include <rc4.h> + #endif + #ifdef OLD_HASH_NAMES + typedef struct md4 MD4_CTX; + #define MD4_Init(C) md4_init((C)) + #define MD4_Update(C, D, L) md4_update((C), (D), (L)) + #define MD4_Final(D, C) md4_finito((C), (D)) + typedef struct md5 MD5_CTX; + #define MD5_Init(C) md5_init((C)) + #define MD5_Update(C, D, L) md5_update((C), (D), (L)) + #define MD5_Final(D, C) md5_finito((C), (D)) + typedef struct sha SHA_CTX; + #define SHA1_Init(C) sha_init((C)) + #define SHA1_Update(C, D, L) sha_update((C), (D), (L)) + #define SHA1_Final(D, C) sha_finito((C), (D)) + #endif + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + void *schedule = 0; + MD4_CTX md4; + MD5_CTX md5; + SHA_CTX sha1; + + MD4_Init(&md4); + MD5_Init(&md5); + SHA1_Init(&sha1); + + des_cbc_encrypt(0, 0, 0, schedule, 0, 0); + RC4(0, 0, 0, 0); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + openssl=no ires="$i" old_hash=yes; break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext + done + lres= + for i in $cdirs; do + for j in $clibs; do + LIBS="$i $j $save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + + #undef KRB5 /* makes md4.h et al unhappy */ + #ifdef HAVE_OPENSSL + #include <openssl/md4.h> + #include <openssl/md5.h> + #include <openssl/sha.h> + #include <openssl/des.h> + #include <openssl/rc4.h> + #else + #include <md4.h> + #include <md5.h> + #include <sha.h> + #include <des.h> + #include <rc4.h> + #endif + #ifdef OLD_HASH_NAMES + typedef struct md4 MD4_CTX; + #define MD4_Init(C) md4_init((C)) + #define MD4_Update(C, D, L) md4_update((C), (D), (L)) + #define MD4_Final(D, C) md4_finito((C), (D)) + typedef struct md5 MD5_CTX; + #define MD5_Init(C) md5_init((C)) + #define MD5_Update(C, D, L) md5_update((C), (D), (L)) + #define MD5_Final(D, C) md5_finito((C), (D)) + typedef struct sha SHA_CTX; + #define SHA1_Init(C) sha_init((C)) + #define SHA1_Update(C, D, L) sha_update((C), (D), (L)) + #define SHA1_Final(D, C) sha_finito((C), (D)) + #endif + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + void *schedule = 0; + MD4_CTX md4; + MD5_CTX md5; + SHA_CTX sha1; + + MD4_Init(&md4); + MD5_Init(&md5); + SHA1_Init(&sha1); + + des_cbc_encrypt(0, 0, 0, schedule, 0, 0); + RC4(0, 0, 0, 0); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + lres="$i $j"; break 2 +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + done + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" + if test "$ires" -a "$lres"; then + INCLUDE_des="$ires" + LIB_des="$lres" + crypto_lib=krb4 + echo "$as_me:$LINENO: result: same as krb4" >&5 +echo "${ECHO_T}same as krb4" >&6 + LIB_des_a='$(LIB_des)' + LIB_des_so='$(LIB_des)' + LIB_des_appl='$(LIB_des)' + fi +fi + +if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + INCLUDE_des= + LIB_des= + if test "$with_openssl_include" != ""; then + INCLUDE_des="-I${with_openssl}/include" + fi + if test "$with_openssl_lib" != ""; then + LIB_des="-L${with_openssl}/lib" + fi + CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}" + LIB_des="${LIB_des} -lcrypto" + LIB_des_a="$LIB_des" + LIB_des_so="$LIB_des" + LIB_des_appl="$LIB_des" + LIBS="${LIBS} ${LIB_des}" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + + #undef KRB5 /* makes md4.h et al unhappy */ + #ifdef HAVE_OPENSSL + #include <openssl/md4.h> + #include <openssl/md5.h> + #include <openssl/sha.h> + #include <openssl/des.h> + #include <openssl/rc4.h> + #else + #include <md4.h> + #include <md5.h> + #include <sha.h> + #include <des.h> + #include <rc4.h> + #endif + #ifdef OLD_HASH_NAMES + typedef struct md4 MD4_CTX; + #define MD4_Init(C) md4_init((C)) + #define MD4_Update(C, D, L) md4_update((C), (D), (L)) + #define MD4_Final(D, C) md4_finito((C), (D)) + typedef struct md5 MD5_CTX; + #define MD5_Init(C) md5_init((C)) + #define MD5_Update(C, D, L) md5_update((C), (D), (L)) + #define MD5_Final(D, C) md5_finito((C), (D)) + typedef struct sha SHA_CTX; + #define SHA1_Init(C) sha_init((C)) + #define SHA1_Update(C, D, L) sha_update((C), (D), (L)) + #define SHA1_Final(D, C) sha_finito((C), (D)) + #endif + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ + + void *schedule = 0; + MD4_CTX md4; + MD5_CTX md5; + SHA_CTX sha1; + + MD4_Init(&md4); + MD5_Init(&md5); + SHA1_Init(&sha1); + + des_cbc_encrypt(0, 0, 0, schedule, 0, 0); + RC4(0, 0, 0, 0); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + + crypto_lib=libcrypto openssl=yes + echo "$as_me:$LINENO: result: libcrypto" >&5 +echo "${ECHO_T}libcrypto" >&6 + +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + +if test "$crypto_lib" = "unknown"; then + + DIR_des='des' + LIB_des='$(top_builddir)/lib/des/libdes.la' + LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a' + LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so' + LIB_des_appl="-ldes" + + echo "$as_me:$LINENO: result: included libdes" >&5 +echo "${ECHO_T}included libdes" >&6 + +fi + +if test "$with_krb4" != no -a "$crypto_lib" != krb4; then + { { echo "$as_me:$LINENO: error: the crypto library used by krb4 lacks features +required by Kerberos 5; to continue, you need to install a newer +Kerberos 4 or configure --without-krb4" >&5 +echo "$as_me: error: the crypto library used by krb4 lacks features +required by Kerberos 5; to continue, you need to install a newer +Kerberos 4 or configure --without-krb4" >&2;} + { (exit 1); exit 1; }; } +fi + +if test "$openssl" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_OPENSSL 1 +_ACEOF + +fi +if test "$old_hash" = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_OLD_HASH_NAMES 1 +_ACEOF + +fi + + +if test "$openssl" = yes; then + HAVE_OPENSSL_TRUE= + HAVE_OPENSSL_FALSE='#' +else + HAVE_OPENSSL_TRUE='#' + HAVE_OPENSSL_FALSE= +fi + + + + + + + + + +# Check whether --enable-dce or --disable-dce was given. +if test "${enable_dce+set}" = set; then + enableval="$enable_dce" + +fi; +if test "$enable_dce" = yes; then + +cat >>confdefs.h <<\_ACEOF +#define DCE 1 +_ACEOF + +fi + + +if test "$enable_dce" = yes; then + DCE_TRUE= + DCE_FALSE='#' +else + DCE_TRUE='#' + DCE_FALSE= +fi + + +## XXX quite horrible: +if test -f /etc/ibmcxx.cfg; then + dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[^=]*=\(.*\)/\1/;s/,/ /gp;}'` + dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[^=]*=\(.*\)/\1/;s/-q^,*//;s/,/ /gp;}'` + dpagaix_ldflags= +else + dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce" + dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r" + dpagaix_ldflags="-Wl,-bI:dfspag.exp" +fi + + + + + # Check whether --enable-berkeley-db or --disable-berkeley-db was given. if test "${enable_berkeley_db+set}" = set; then enableval="$enable_berkeley_db" @@ -9608,7 +12296,13 @@ else HAVE_NDBM_FALSE= fi -DBLIB="$LDFLAGS $DBLIB" +z="" +for i in $LDFLAGS; do + case "$i" in + -L*) z="$z $i";; + esac +done +DBLIB="$z $DBLIB" @@ -10438,6 +13132,368 @@ fi fi + +for ac_header in stdlib.h unistd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_header_compiler=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc in + yes:no ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};; + no:yes ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_func in getpagesize +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +f = $ac_func; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +echo "$as_me:$LINENO: checking for working mmap" >&5 +echo $ECHO_N "checking for working mmap... $ECHO_C" >&6 +if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_mmap_fixed_mapped=no +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +$ac_includes_default +/* malloc might have been renamed as rpl_malloc. */ +#undef malloc + +/* Thanks to Mike Haertel and Jim Avera for this test. + Here is a matrix of mmap possibilities: + mmap private not fixed + mmap private fixed at somewhere currently unmapped + mmap private fixed at somewhere already mapped + mmap shared not fixed + mmap shared fixed at somewhere currently unmapped + mmap shared fixed at somewhere already mapped + For private mappings, we should verify that changes cannot be read() + back from the file, nor mmap's back from the file at a different + address. (There have been systems where private was not correctly + implemented like the infamous i386 svr4.0, and systems where the + VM page cache was not coherent with the file system buffer cache + like early versions of FreeBSD and possibly contemporary NetBSD.) + For shared mappings, we should conversely verify that changes get + propagated back to all the places they're supposed to be. + + Grep wants private fixed already mapped. + The main things grep needs to know about mmap are: + * does it exist and is it safe to write into the mmap'd area + * how to use it (BSD variants) */ + +#include <fcntl.h> +#include <sys/mman.h> + +#if !STDC_HEADERS && !HAVE_STDLIB_H +char *malloc (); +#endif + +/* This mess was copied from the GNU getpagesize.h. */ +#if !HAVE_GETPAGESIZE +/* Assume that all systems that can run configure have sys/param.h. */ +# if !HAVE_SYS_PARAM_H +# define HAVE_SYS_PARAM_H 1 +# endif + +# ifdef _SC_PAGESIZE +# define getpagesize() sysconf(_SC_PAGESIZE) +# else /* no _SC_PAGESIZE */ +# if HAVE_SYS_PARAM_H +# include <sys/param.h> +# ifdef EXEC_PAGESIZE +# define getpagesize() EXEC_PAGESIZE +# else /* no EXEC_PAGESIZE */ +# ifdef NBPG +# define getpagesize() NBPG * CLSIZE +# ifndef CLSIZE +# define CLSIZE 1 +# endif /* no CLSIZE */ +# else /* no NBPG */ +# ifdef NBPC +# define getpagesize() NBPC +# else /* no NBPC */ +# ifdef PAGESIZE +# define getpagesize() PAGESIZE +# endif /* PAGESIZE */ +# endif /* no NBPC */ +# endif /* no NBPG */ +# endif /* no EXEC_PAGESIZE */ +# else /* no HAVE_SYS_PARAM_H */ +# define getpagesize() 8192 /* punt totally */ +# endif /* no HAVE_SYS_PARAM_H */ +# endif /* no _SC_PAGESIZE */ + +#endif /* no HAVE_GETPAGESIZE */ + +int +main () +{ + char *data, *data2, *data3; + int i, pagesize; + int fd; + + pagesize = getpagesize (); + + /* First, make a file with some known garbage in it. */ + data = (char *) malloc (pagesize); + if (!data) + exit (1); + for (i = 0; i < pagesize; ++i) + *(data + i) = rand (); + umask (0); + fd = creat ("conftest.mmap", 0600); + if (fd < 0) + exit (1); + if (write (fd, data, pagesize) != pagesize) + exit (1); + close (fd); + + /* Next, try to mmap the file at a fixed address which already has + something else allocated at it. If we can, also make sure that + we see the same garbage. */ + fd = open ("conftest.mmap", O_RDWR); + if (fd < 0) + exit (1); + data2 = (char *) malloc (2 * pagesize); + if (!data2) + exit (1); + data2 += (pagesize - ((int) data2 & (pagesize - 1))) & (pagesize - 1); + if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_FIXED, fd, 0L)) + exit (1); + for (i = 0; i < pagesize; ++i) + if (*(data + i) != *(data2 + i)) + exit (1); + + /* Finally, make sure that changes to the mapped area do not + percolate back to the file as seen by read(). (This is a bug on + some variants of i386 svr4.0.) */ + for (i = 0; i < pagesize; ++i) + *(data2 + i) = *(data2 + i) + 1; + data3 = (char *) malloc (pagesize); + if (!data3) + exit (1); + if (read (fd, data3, pagesize) != pagesize) + exit (1); + for (i = 0; i < pagesize; ++i) + if (*(data + i) != *(data3 + i)) + exit (1); + close (fd); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_mmap_fixed_mapped=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +( exit $ac_status ) +ac_cv_func_mmap_fixed_mapped=no +fi +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5 +echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6 +if test $ac_cv_func_mmap_fixed_mapped = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_MMAP 1 +_ACEOF + +fi +rm -f conftest.mmap + + echo "$as_me:$LINENO: checking if realloc if broken" >&5 echo $ECHO_N "checking if realloc if broken... $ECHO_C" >&6 if test "${ac_cv_func_realloc_broken+set}" = set; then @@ -10831,6 +13887,7 @@ fi + for ac_header in \ arpa/inet.h \ arpa/nameser.h \ @@ -10856,6 +13913,7 @@ for ac_header in \ shadow.h \ sys/bswap.h \ sys/ioctl.h \ + sys/mman.h \ sys/param.h \ sys/proc.h \ sys/resource.h \ @@ -12287,6 +15345,209 @@ fi +echo "$as_me:$LINENO: checking for res_nsearch" >&5 +echo $ECHO_N "checking for res_nsearch... $ECHO_C" >&6 +if test "${ac_cv_funclib_res_nsearch+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + +if eval "test \"\$ac_cv_func_res_nsearch\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" resolv; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS=" $ac_lib $ac_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" + +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +res_nsearch(0,0,0,0,0) + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_nsearch=$ac_lib; else ac_cv_funclib_res_nsearch=yes; fi";break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + eval "ac_cv_funclib_res_nsearch=\${ac_cv_funclib_res_nsearch-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_res_nsearch" + +if false; then + +for ac_func in res_nsearch +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +f = $ac_func; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +fi +# res_nsearch +eval "ac_tr_func=HAVE_`echo res_nsearch | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_res_nsearch=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_res_nsearch=yes" + eval "LIB_res_nsearch=" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + ;; + no) + eval "ac_cv_func_res_nsearch=no" + eval "LIB_res_nsearch=" + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + ;; + *) + eval "ac_cv_func_res_nsearch=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + cat >>confdefs.h <<_ACEOF +#define $ac_tr_lib 1 +_ACEOF + + echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 +echo "${ECHO_T}yes, in $ac_res" >&6 + ;; +esac + + +if test -n "$LIB_res_nsearch"; then + LIBS="$LIB_res_nsearch $LIBS" +fi + + + + + + echo "$as_me:$LINENO: checking for dn_expand" >&5 echo $ECHO_N "checking for dn_expand... $ECHO_C" >&6 if test "${ac_cv_funclib_dn_expand+set}" = set; then @@ -13149,6 +16410,8 @@ fi + + echo "$as_me:$LINENO: checking for getsockopt" >&5 echo $ECHO_N "checking for getsockopt... $ECHO_C" >&6 if test "${ac_cv_funclib_getsockopt+set}" = set; then @@ -24478,1828 +27741,6 @@ LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)" LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken" - -# Check whether --with-openldap or --without-openldap was given. -if test "${with_openldap+set}" = set; then - withval="$with_openldap" - -fi; - -# Check whether --with-openldap-lib or --without-openldap-lib was given. -if test "${with_openldap_lib+set}" = set; then - withval="$with_openldap_lib" - if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-openldap-lib" >&5 -echo "$as_me: error: No argument for --with-openldap-lib" >&2;} - { (exit 1); exit 1; }; } -elif test "X$with_openldap" = "X"; then - with_openldap=yes -fi -fi; - -# Check whether --with-openldap-include or --without-openldap-include was given. -if test "${with_openldap_include+set}" = set; then - withval="$with_openldap_include" - if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-openldap-include" >&5 -echo "$as_me: error: No argument for --with-openldap-include" >&2;} - { (exit 1); exit 1; }; } -elif test "X$with_openldap" = "X"; then - with_openldap=yes -fi -fi; - -# Check whether --with-openldap-config or --without-openldap-config was given. -if test "${with_openldap_config+set}" = set; then - withval="$with_openldap_config" - -fi; - - - -echo "$as_me:$LINENO: checking for openldap" >&5 -echo $ECHO_N "checking for openldap... $ECHO_C" >&6 - -case "$with_openldap" in -yes|"") d='' ;; -no) d= ;; -*) d="$with_openldap" ;; -esac - -header_dirs= -lib_dirs= -for i in $d; do - if test "$with_openldap_include" = ""; then - if test -d "$i/include/openldap"; then - header_dirs="$header_dirs $i/include/openldap" - fi - if test -d "$i/include"; then - header_dirs="$header_dirs $i/include" - fi - fi - if test "$with_openldap_lib" = ""; then - if test -d "$i/lib$abilibdirext"; then - lib_dirs="$lib_dirs $i/lib$abilibdirext" - fi - fi -done - -if test "$with_openldap_include"; then - header_dirs="$with_openldap_include $header_dirs" -fi -if test "$with_openldap_lib"; then - lib_dirs="$with_openldap_lib $lib_dirs" -fi - -if test "$with_openldap_config" = ""; then - with_openldap_config='' -fi - -openldap_cflags= -openldap_libs= - -case "$with_openldap_config" in -yes|no|"") - ;; -*) - openldap_cflags="`$with_openldap_config --cflags 2>&1`" - openldap_libs="`$with_openldap_config --libs 2>&1`" - ;; -esac - -found=no -if test "$with_openldap" != no; then - save_CFLAGS="$CFLAGS" - save_LIBS="$LIBS" - if test "$openldap_cflags" -a "$openldap_libs"; then - CFLAGS="$openldap_cflags $save_CFLAGS" - LIBS="$openldap_libs $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <lber.h> -#include <ldap.h> -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - INCLUDE_openldap="$openldap_cflags" - LIB_openldap="$openldap_libs" - echo "$as_me:$LINENO: result: from $with_openldap_config" >&5 -echo "${ECHO_T}from $with_openldap_config" >&6 - found=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - fi - if test "$found" = no; then - ires= lres= - for i in $header_dirs; do - CFLAGS="-I$i $save_CFLAGS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <lber.h> -#include <ldap.h> -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ires=$i;break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest.$ac_ext - done - for i in $lib_dirs; do - LIBS="-L$i -lldap -llber $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <lber.h> -#include <ldap.h> -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - lres=$i;break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - done - if test "$ires" -a "$lres" -a "$with_openldap" != "no"; then - INCLUDE_openldap="-I$ires" - LIB_openldap="-L$lres -lldap -llber" - found=yes - echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5 -echo "${ECHO_T}headers $ires, libraries $lres" >&6 - fi - fi - CFLAGS="$save_CFLAGS" - LIBS="$save_LIBS" -fi - -if test "$found" = yes; then - -cat >>confdefs.h <<_ACEOF -#define OPENLDAP 1 -_ACEOF - - with_openldap=yes -else - with_openldap=no - INCLUDE_openldap= - LIB_openldap= - echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6 -fi - - - - - -if test "$openldap_libdir"; then - LIB_openldap="-R $openldap_libdir $LIB_openldap" -fi - - - -# Check whether --with-krb4 or --without-krb4 was given. -if test "${with_krb4+set}" = set; then - withval="$with_krb4" - -fi; - -# Check whether --with-krb4-lib or --without-krb4-lib was given. -if test "${with_krb4_lib+set}" = set; then - withval="$with_krb4_lib" - if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-krb4-lib" >&5 -echo "$as_me: error: No argument for --with-krb4-lib" >&2;} - { (exit 1); exit 1; }; } -elif test "X$with_krb4" = "X"; then - with_krb4=yes -fi -fi; - -# Check whether --with-krb4-include or --without-krb4-include was given. -if test "${with_krb4_include+set}" = set; then - withval="$with_krb4_include" - if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-krb4-include" >&5 -echo "$as_me: error: No argument for --with-krb4-include" >&2;} - { (exit 1); exit 1; }; } -elif test "X$with_krb4" = "X"; then - with_krb4=yes -fi -fi; - -# Check whether --with-krb4-config or --without-krb4-config was given. -if test "${with_krb4_config+set}" = set; then - withval="$with_krb4_config" - -fi; - - - -echo "$as_me:$LINENO: checking for krb4" >&5 -echo $ECHO_N "checking for krb4... $ECHO_C" >&6 - -case "$with_krb4" in -yes|"") d='/usr/athena' ;; -no) d= ;; -*) d="$with_krb4" ;; -esac - -header_dirs= -lib_dirs= -for i in $d; do - if test "$with_krb4_include" = ""; then - if test -d "$i/include/krb4"; then - header_dirs="$header_dirs $i/include/krb4" - fi - if test -d "$i/include"; then - header_dirs="$header_dirs $i/include" - fi - fi - if test "$with_krb4_lib" = ""; then - if test -d "$i/lib$abilibdirext"; then - lib_dirs="$lib_dirs $i/lib$abilibdirext" - fi - fi -done - -if test "$with_krb4_include"; then - header_dirs="$with_krb4_include $header_dirs" -fi -if test "$with_krb4_lib"; then - lib_dirs="$with_krb4_lib $lib_dirs" -fi - -if test "$with_krb4_config" = ""; then - with_krb4_config='krb4-config' -fi - -krb4_cflags= -krb4_libs= - -case "$with_krb4_config" in -yes|no|"") - ;; -*) - krb4_cflags="`$with_krb4_config --cflags 2>&1`" - krb4_libs="`$with_krb4_config --libs 2>&1`" - ;; -esac - -found=no -if test "$with_krb4" != no; then - save_CFLAGS="$CFLAGS" - save_LIBS="$LIBS" - if test "$krb4_cflags" -a "$krb4_libs"; then - CFLAGS="$krb4_cflags $save_CFLAGS" - LIBS="$krb4_libs $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <krb.h> -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - INCLUDE_krb4="$krb4_cflags" - LIB_krb4="$krb4_libs" - echo "$as_me:$LINENO: result: from $with_krb4_config" >&5 -echo "${ECHO_T}from $with_krb4_config" >&6 - found=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - fi - if test "$found" = no; then - ires= lres= - for i in $header_dirs; do - CFLAGS="-I$i $save_CFLAGS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <krb.h> -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ires=$i;break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest.$ac_ext - done - for i in $lib_dirs; do - LIBS="-L$i -lkrb -ldes $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <krb.h> -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - lres=$i;break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - done - if test "$ires" -a "$lres" -a "$with_krb4" != "no"; then - INCLUDE_krb4="-I$ires" - LIB_krb4="-L$lres -lkrb" - found=yes - echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5 -echo "${ECHO_T}headers $ires, libraries $lres" >&6 - fi - fi - CFLAGS="$save_CFLAGS" - LIBS="$save_LIBS" -fi - -if test "$found" = yes; then - -cat >>confdefs.h <<_ACEOF -#define KRB4 1 -_ACEOF - - with_krb4=yes -else - with_krb4=no - INCLUDE_krb4= - LIB_krb4= - echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6 -fi - - - - - -LIB_kdb= -if test "$with_krb4" != "no"; then - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $INCLUDE_krb4" - save_LIBS="$LIBS" - LIBS="$LIB_krb4 $LIBS" - EXTRA_LIB45=lib45.a - - echo "$as_me:$LINENO: checking for four valued krb_put_int" >&5 -echo $ECHO_N "checking for four valued krb_put_int... $ECHO_C" >&6 -if test "${ac_cv_func_krb_put_int_four+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <krb.h> -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - char tmp[4]; - krb_put_int(17, tmp, 4, sizeof(tmp)); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_func_krb_put_int_four=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -ac_cv_func_krb_put_int_four=no -fi -rm -f conftest.$ac_objext conftest.$ac_ext - -fi -echo "$as_me:$LINENO: result: $ac_cv_func_krb_put_int_four" >&5 -echo "${ECHO_T}$ac_cv_func_krb_put_int_four" >&6 - if test "$ac_cv_func_krb_put_int_four" = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_FOUR_VALUED_KRB_PUT_INT 1 -_ACEOF - - fi - - - echo "$as_me:$LINENO: checking for KRB_VERIFY_SECURE" >&5 -echo $ECHO_N "checking for KRB_VERIFY_SECURE... $ECHO_C" >&6 -if test "${ac_cv_func_krb_verify_secure+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <krb.h> -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - int x = KRB_VERIFY_SECURE - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_func_krb_verify_secure=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -ac_cv_func_krb_verify_secure=no -fi -rm -f conftest.$ac_objext conftest.$ac_ext - -fi -echo "$as_me:$LINENO: result: $ac_cv_func_krb_verify_secure" >&5 -echo "${ECHO_T}$ac_cv_func_krb_verify_secure" >&6 - if test "$ac_cv_func_krb_verify_secure" != yes; then - -cat >>confdefs.h <<\_ACEOF -#define KRB_VERIFY_SECURE 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define KRB_VERIFY_SECURE_FAIL 2 -_ACEOF - - fi - echo "$as_me:$LINENO: checking for KRB_VERIFY_NOT_SECURE" >&5 -echo $ECHO_N "checking for KRB_VERIFY_NOT_SECURE... $ECHO_C" >&6 -if test "${ac_cv_func_krb_verify_not_secure+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <krb.h> -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - int x = KRB_VERIFY_NOT_SECURE - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_func_krb_verify_not_secure=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -ac_cv_func_krb_verify_not_secure=no -fi -rm -f conftest.$ac_objext conftest.$ac_ext - -fi -echo "$as_me:$LINENO: result: $ac_cv_func_krb_verify_not_secure" >&5 -echo "${ECHO_T}$ac_cv_func_krb_verify_not_secure" >&6 - if test "$ac_cv_func_krb_verify_not_secure" != yes; then - -cat >>confdefs.h <<\_ACEOF -#define KRB_VERIFY_NOT_SECURE 0 -_ACEOF - - fi - - - - -echo "$as_me:$LINENO: checking for krb_enable_debug" >&5 -echo $ECHO_N "checking for krb_enable_debug... $ECHO_C" >&6 -if test "${ac_cv_funclib_krb_enable_debug+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -if eval "test \"\$ac_cv_func_krb_enable_debug\" != yes" ; then - ac_save_LIBS="$LIBS" - for ac_lib in "" ; do - case "$ac_lib" in - "") ;; - yes) ac_lib="" ;; - no) continue ;; - -l*) ;; - *) ac_lib="-l$ac_lib" ;; - esac - LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -krb_enable_debug() - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_enable_debug=$ac_lib; else ac_cv_funclib_krb_enable_debug=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - done - eval "ac_cv_funclib_krb_enable_debug=\${ac_cv_funclib_krb_enable_debug-no}" - LIBS="$ac_save_LIBS" -fi - -fi - - -eval "ac_res=\$ac_cv_funclib_krb_enable_debug" - -if false; then - -for ac_func in krb_enable_debug -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 -if eval "test \"\${$as_ac_var+set}\" = set"; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. */ -#include <assert.h> -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func (); -char (*f) (); - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -f = $ac_func; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -eval "$as_ac_var=no" -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -fi -echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 -echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi -# krb_enable_debug -eval "ac_tr_func=HAVE_`echo krb_enable_debug | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "LIB_krb_enable_debug=$ac_res" - -case "$ac_res" in - yes) - eval "ac_cv_func_krb_enable_debug=yes" - eval "LIB_krb_enable_debug=" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6 - ;; - no) - eval "ac_cv_func_krb_enable_debug=no" - eval "LIB_krb_enable_debug=" - echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6 - ;; - *) - eval "ac_cv_func_krb_enable_debug=yes" - eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - cat >>confdefs.h <<_ACEOF -#define $ac_tr_lib 1 -_ACEOF - - echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6 - ;; -esac - - -if test -n "$LIB_krb_enable_debug"; then - LIBS="$LIB_krb_enable_debug $LIBS" -fi - - - - - -echo "$as_me:$LINENO: checking for krb_disable_debug" >&5 -echo $ECHO_N "checking for krb_disable_debug... $ECHO_C" >&6 -if test "${ac_cv_funclib_krb_disable_debug+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -if eval "test \"\$ac_cv_func_krb_disable_debug\" != yes" ; then - ac_save_LIBS="$LIBS" - for ac_lib in "" ; do - case "$ac_lib" in - "") ;; - yes) ac_lib="" ;; - no) continue ;; - -l*) ;; - *) ac_lib="-l$ac_lib" ;; - esac - LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -krb_disable_debug() - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_disable_debug=$ac_lib; else ac_cv_funclib_krb_disable_debug=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - done - eval "ac_cv_funclib_krb_disable_debug=\${ac_cv_funclib_krb_disable_debug-no}" - LIBS="$ac_save_LIBS" -fi - -fi - - -eval "ac_res=\$ac_cv_funclib_krb_disable_debug" - -if false; then - -for ac_func in krb_disable_debug -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 -if eval "test \"\${$as_ac_var+set}\" = set"; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. */ -#include <assert.h> -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func (); -char (*f) (); - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -f = $ac_func; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -eval "$as_ac_var=no" -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -fi -echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 -echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi -# krb_disable_debug -eval "ac_tr_func=HAVE_`echo krb_disable_debug | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "LIB_krb_disable_debug=$ac_res" - -case "$ac_res" in - yes) - eval "ac_cv_func_krb_disable_debug=yes" - eval "LIB_krb_disable_debug=" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6 - ;; - no) - eval "ac_cv_func_krb_disable_debug=no" - eval "LIB_krb_disable_debug=" - echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6 - ;; - *) - eval "ac_cv_func_krb_disable_debug=yes" - eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - cat >>confdefs.h <<_ACEOF -#define $ac_tr_lib 1 -_ACEOF - - echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6 - ;; -esac - - -if test -n "$LIB_krb_disable_debug"; then - LIBS="$LIB_krb_disable_debug $LIBS" -fi - - - - - -echo "$as_me:$LINENO: checking for krb_get_our_ip_for_realm" >&5 -echo $ECHO_N "checking for krb_get_our_ip_for_realm... $ECHO_C" >&6 -if test "${ac_cv_funclib_krb_get_our_ip_for_realm+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -if eval "test \"\$ac_cv_func_krb_get_our_ip_for_realm\" != yes" ; then - ac_save_LIBS="$LIBS" - for ac_lib in "" ; do - case "$ac_lib" in - "") ;; - yes) ac_lib="" ;; - no) continue ;; - -l*) ;; - *) ac_lib="-l$ac_lib" ;; - esac - LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -krb_get_our_ip_for_realm() - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_get_our_ip_for_realm=$ac_lib; else ac_cv_funclib_krb_get_our_ip_for_realm=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - done - eval "ac_cv_funclib_krb_get_our_ip_for_realm=\${ac_cv_funclib_krb_get_our_ip_for_realm-no}" - LIBS="$ac_save_LIBS" -fi - -fi - - -eval "ac_res=\$ac_cv_funclib_krb_get_our_ip_for_realm" - -if false; then - -for ac_func in krb_get_our_ip_for_realm -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 -if eval "test \"\${$as_ac_var+set}\" = set"; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. */ -#include <assert.h> -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func (); -char (*f) (); - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -f = $ac_func; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -eval "$as_ac_var=no" -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -fi -echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 -echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi -# krb_get_our_ip_for_realm -eval "ac_tr_func=HAVE_`echo krb_get_our_ip_for_realm | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "LIB_krb_get_our_ip_for_realm=$ac_res" - -case "$ac_res" in - yes) - eval "ac_cv_func_krb_get_our_ip_for_realm=yes" - eval "LIB_krb_get_our_ip_for_realm=" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6 - ;; - no) - eval "ac_cv_func_krb_get_our_ip_for_realm=no" - eval "LIB_krb_get_our_ip_for_realm=" - echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6 - ;; - *) - eval "ac_cv_func_krb_get_our_ip_for_realm=yes" - eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - cat >>confdefs.h <<_ACEOF -#define $ac_tr_lib 1 -_ACEOF - - echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6 - ;; -esac - - -if test -n "$LIB_krb_get_our_ip_for_realm"; then - LIBS="$LIB_krb_get_our_ip_for_realm $LIBS" -fi - - - - - -echo "$as_me:$LINENO: checking for krb_kdctimeofday" >&5 -echo $ECHO_N "checking for krb_kdctimeofday... $ECHO_C" >&6 -if test "${ac_cv_funclib_krb_kdctimeofday+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -if eval "test \"\$ac_cv_func_krb_kdctimeofday\" != yes" ; then - ac_save_LIBS="$LIBS" - for ac_lib in "" ; do - case "$ac_lib" in - "") ;; - yes) ac_lib="" ;; - no) continue ;; - -l*) ;; - *) ac_lib="-l$ac_lib" ;; - esac - LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -krb_kdctimeofday() - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_kdctimeofday=$ac_lib; else ac_cv_funclib_krb_kdctimeofday=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - done - eval "ac_cv_funclib_krb_kdctimeofday=\${ac_cv_funclib_krb_kdctimeofday-no}" - LIBS="$ac_save_LIBS" -fi - -fi - - -eval "ac_res=\$ac_cv_funclib_krb_kdctimeofday" - -if false; then - -for ac_func in krb_kdctimeofday -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 -if eval "test \"\${$as_ac_var+set}\" = set"; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. */ -#include <assert.h> -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func (); -char (*f) (); - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -f = $ac_func; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -eval "$as_ac_var=no" -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -fi -echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 -echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi -# krb_kdctimeofday -eval "ac_tr_func=HAVE_`echo krb_kdctimeofday | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "LIB_krb_kdctimeofday=$ac_res" - -case "$ac_res" in - yes) - eval "ac_cv_func_krb_kdctimeofday=yes" - eval "LIB_krb_kdctimeofday=" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6 - ;; - no) - eval "ac_cv_func_krb_kdctimeofday=no" - eval "LIB_krb_kdctimeofday=" - echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6 - ;; - *) - eval "ac_cv_func_krb_kdctimeofday=yes" - eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - cat >>confdefs.h <<_ACEOF -#define $ac_tr_lib 1 -_ACEOF - - echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6 - ;; -esac - - -if test -n "$LIB_krb_kdctimeofday"; then - LIBS="$LIB_krb_kdctimeofday $LIBS" -fi - - - - - - - -echo "$as_me:$LINENO: checking for krb_get_kdc_time_diff" >&5 -echo $ECHO_N "checking for krb_get_kdc_time_diff... $ECHO_C" >&6 -if test "${ac_cv_funclib_krb_get_kdc_time_diff+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -if eval "test \"\$ac_cv_func_krb_get_kdc_time_diff\" != yes" ; then - ac_save_LIBS="$LIBS" - for ac_lib in "" ; do - case "$ac_lib" in - "") ;; - yes) ac_lib="" ;; - no) continue ;; - -l*) ;; - *) ac_lib="-l$ac_lib" ;; - esac - LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -krb_get_kdc_time_diff() - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_get_kdc_time_diff=$ac_lib; else ac_cv_funclib_krb_get_kdc_time_diff=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - done - eval "ac_cv_funclib_krb_get_kdc_time_diff=\${ac_cv_funclib_krb_get_kdc_time_diff-no}" - LIBS="$ac_save_LIBS" -fi - -fi - - -eval "ac_res=\$ac_cv_funclib_krb_get_kdc_time_diff" - -if false; then - -for ac_func in krb_get_kdc_time_diff -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 -if eval "test \"\${$as_ac_var+set}\" = set"; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. */ -#include <assert.h> -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func (); -char (*f) (); - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -f = $ac_func; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -eval "$as_ac_var=no" -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -fi -echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 -echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi -# krb_get_kdc_time_diff -eval "ac_tr_func=HAVE_`echo krb_get_kdc_time_diff | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "LIB_krb_get_kdc_time_diff=$ac_res" - -case "$ac_res" in - yes) - eval "ac_cv_func_krb_get_kdc_time_diff=yes" - eval "LIB_krb_get_kdc_time_diff=" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6 - ;; - no) - eval "ac_cv_func_krb_get_kdc_time_diff=no" - eval "LIB_krb_get_kdc_time_diff=" - echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6 - ;; - *) - eval "ac_cv_func_krb_get_kdc_time_diff=yes" - eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - cat >>confdefs.h <<_ACEOF -#define $ac_tr_lib 1 -_ACEOF - - echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6 - ;; -esac - - -if test -n "$LIB_krb_get_kdc_time_diff"; then - LIBS="$LIB_krb_get_kdc_time_diff $LIBS" -fi - - - - echo "$as_me:$LINENO: checking for KRB_SENDAUTH_VERS" >&5 -echo $ECHO_N "checking for KRB_SENDAUTH_VERS... $ECHO_C" >&6 -if test "${ac_cv_func_krb_sendauth_vers+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <krb.h> - #include <prot.h> -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - char *x = KRB_SENDAUTH_VERS - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_func_krb_sendauth_vers=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -ac_cv_func_krb_sendauth_vers=no -fi -rm -f conftest.$ac_objext conftest.$ac_ext - -fi -echo "$as_me:$LINENO: result: $ac_cv_func_krb_sendauth_vers" >&5 -echo "${ECHO_T}$ac_cv_func_krb_sendauth_vers" >&6 - if test "$ac_cv_func_krb_sendauth_vers" != yes; then - -cat >>confdefs.h <<\_ACEOF -#define KRB_SENDAUTH_VERS "AUTHV0.1" -_ACEOF - - fi - echo "$as_me:$LINENO: checking for krb_mk_req with const arguments" >&5 -echo $ECHO_N "checking for krb_mk_req with const arguments... $ECHO_C" >&6 -if test "${ac_cv_func_krb_mk_req_const+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include <krb.h> - int krb_mk_req(KTEXT a, const char *s, const char *i, - const char *r, int32_t checksum) - { return 17; } -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_func_krb_mk_req_const=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -ac_cv_func_krb_mk_req_const=no -fi -rm -f conftest.$ac_objext conftest.$ac_ext - -fi -echo "$as_me:$LINENO: result: $ac_cv_func_krb_mk_req_const" >&5 -echo "${ECHO_T}$ac_cv_func_krb_mk_req_const" >&6 - if test "$ac_cv_func_krb_mk_req_const" = "yes"; then - -cat >>confdefs.h <<\_ACEOF -#define KRB_MK_REQ_CONST 1 -_ACEOF - - fi - - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" - LIB_kdb="-lkdb -lkrb" - if test "$krb4_libdir"; then - LIB_krb4="-R $krb4_libdir $LIB_krb4" - LIB_kdb="-R $krb4_libdir -L$krb4_libdir $LIB_kdb" - fi -fi - - -if test "$with_krb4" != "no"; then - KRB4_TRUE= - KRB4_FALSE='#' -else - KRB4_TRUE='#' - KRB4_FALSE= -fi - - - -if true; then - KRB5_TRUE= - KRB5_FALSE='#' -else - KRB5_TRUE='#' - KRB5_FALSE= -fi - - - -if true; then - do_roken_rename_TRUE= - do_roken_rename_FALSE='#' -else - do_roken_rename_TRUE='#' - do_roken_rename_FALSE= -fi - - - -cat >>confdefs.h <<\_ACEOF -#define KRB5 1 -_ACEOF - -# Check whether --enable-dce or --disable-dce was given. -if test "${enable_dce+set}" = set; then - enableval="$enable_dce" - -fi; -if test "$enable_dce" = yes; then - -cat >>confdefs.h <<\_ACEOF -#define DCE 1 -_ACEOF - -fi - - -if test "$enable_dce" = yes; then - DCE_TRUE= - DCE_FALSE='#' -else - DCE_TRUE='#' - DCE_FALSE= -fi - - -## XXX quite horrible: -if test -f /etc/ibmcxx.cfg; then - dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[^=]*=\(.*\)/\1/;s/,/ /gp;}'` - dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[^=]*=\(.*\)/\1/;s/-q^,*//;s/,/ /gp;}'` - dpagaix_ldflags= -else - dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce" - dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r" - dpagaix_ldflags="-Wl,-bI:dfspag.exp" -fi - - - - - # Check whether --enable-otp or --disable-otp was given. if test "${enable_otp+set}" = set; then enableval="$enable_otp" @@ -26359,6 +27800,19 @@ fi +# Check whether --enable-mmap or --disable-mmap was given. +if test "${enable_mmap+set}" = set; then + enableval="$enable_mmap" + +fi; +if test "$enable_mmap" = "no"; then + +cat >>confdefs.h <<\_ACEOF +#define NO_MMAP 1 +_ACEOF + +fi + # Extract the first word of "nroff", so it can be a program name with args. set dummy nroff; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 @@ -26736,7 +28190,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext done if test "$ires" -a "$lres" -a "$with_readline" != "no"; then INCLUDE_readline="-I$ires" - LIB_readline="-L$lres -lreadline" + LIB_readline="-L$lres -lreadline " found=yes echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5 echo "${ECHO_T}headers $ires, libraries $lres" >&6 @@ -26986,7 +28440,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext done if test "$ires" -a "$lres" -a "$with_hesiod" != "no"; then INCLUDE_hesiod="-I$ires" - LIB_hesiod="-L$lres -lhesiod" + LIB_hesiod="-L$lres -lhesiod " found=yes echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5 echo "${ECHO_T}headers $ires, libraries $lres" >&6 @@ -30268,6 +31722,8 @@ fi + + for ac_header in \ arpa/ftp.h \ arpa/telnet.h \ @@ -30281,6 +31737,7 @@ for ac_header in \ libutil.h \ limits.h \ maillock.h \ + netgroup.h \ netinet/in6_machtypes.h \ netinfo/ni.h \ pthread.h \ @@ -30296,6 +31753,7 @@ for ac_header in \ sys/file.h \ sys/filio.h \ sys/ioccom.h \ + sys/mman.h \ sys/pty.h \ sys/ptyio.h \ sys/ptyvar.h \ @@ -31315,6 +32773,369 @@ done +for ac_header in stdlib.h unistd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_header_compiler=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc in + yes:no ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};; + no:yes ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_func in getpagesize +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); + +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +f = $ac_func; +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +echo "$as_me:$LINENO: checking for working mmap" >&5 +echo $ECHO_N "checking for working mmap... $ECHO_C" >&6 +if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_mmap_fixed_mapped=no +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +$ac_includes_default +/* malloc might have been renamed as rpl_malloc. */ +#undef malloc + +/* Thanks to Mike Haertel and Jim Avera for this test. + Here is a matrix of mmap possibilities: + mmap private not fixed + mmap private fixed at somewhere currently unmapped + mmap private fixed at somewhere already mapped + mmap shared not fixed + mmap shared fixed at somewhere currently unmapped + mmap shared fixed at somewhere already mapped + For private mappings, we should verify that changes cannot be read() + back from the file, nor mmap's back from the file at a different + address. (There have been systems where private was not correctly + implemented like the infamous i386 svr4.0, and systems where the + VM page cache was not coherent with the file system buffer cache + like early versions of FreeBSD and possibly contemporary NetBSD.) + For shared mappings, we should conversely verify that changes get + propagated back to all the places they're supposed to be. + + Grep wants private fixed already mapped. + The main things grep needs to know about mmap are: + * does it exist and is it safe to write into the mmap'd area + * how to use it (BSD variants) */ + +#include <fcntl.h> +#include <sys/mman.h> + +#if !STDC_HEADERS && !HAVE_STDLIB_H +char *malloc (); +#endif + +/* This mess was copied from the GNU getpagesize.h. */ +#if !HAVE_GETPAGESIZE +/* Assume that all systems that can run configure have sys/param.h. */ +# if !HAVE_SYS_PARAM_H +# define HAVE_SYS_PARAM_H 1 +# endif + +# ifdef _SC_PAGESIZE +# define getpagesize() sysconf(_SC_PAGESIZE) +# else /* no _SC_PAGESIZE */ +# if HAVE_SYS_PARAM_H +# include <sys/param.h> +# ifdef EXEC_PAGESIZE +# define getpagesize() EXEC_PAGESIZE +# else /* no EXEC_PAGESIZE */ +# ifdef NBPG +# define getpagesize() NBPG * CLSIZE +# ifndef CLSIZE +# define CLSIZE 1 +# endif /* no CLSIZE */ +# else /* no NBPG */ +# ifdef NBPC +# define getpagesize() NBPC +# else /* no NBPC */ +# ifdef PAGESIZE +# define getpagesize() PAGESIZE +# endif /* PAGESIZE */ +# endif /* no NBPC */ +# endif /* no NBPG */ +# endif /* no EXEC_PAGESIZE */ +# else /* no HAVE_SYS_PARAM_H */ +# define getpagesize() 8192 /* punt totally */ +# endif /* no HAVE_SYS_PARAM_H */ +# endif /* no _SC_PAGESIZE */ + +#endif /* no HAVE_GETPAGESIZE */ + +int +main () +{ + char *data, *data2, *data3; + int i, pagesize; + int fd; + + pagesize = getpagesize (); + + /* First, make a file with some known garbage in it. */ + data = (char *) malloc (pagesize); + if (!data) + exit (1); + for (i = 0; i < pagesize; ++i) + *(data + i) = rand (); + umask (0); + fd = creat ("conftest.mmap", 0600); + if (fd < 0) + exit (1); + if (write (fd, data, pagesize) != pagesize) + exit (1); + close (fd); + + /* Next, try to mmap the file at a fixed address which already has + something else allocated at it. If we can, also make sure that + we see the same garbage. */ + fd = open ("conftest.mmap", O_RDWR); + if (fd < 0) + exit (1); + data2 = (char *) malloc (2 * pagesize); + if (!data2) + exit (1); + data2 += (pagesize - ((int) data2 & (pagesize - 1))) & (pagesize - 1); + if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_FIXED, fd, 0L)) + exit (1); + for (i = 0; i < pagesize; ++i) + if (*(data + i) != *(data2 + i)) + exit (1); + + /* Finally, make sure that changes to the mapped area do not + percolate back to the file as seen by read(). (This is a bug on + some variants of i386 svr4.0.) */ + for (i = 0; i < pagesize; ++i) + *(data2 + i) = *(data2 + i) + 1; + data3 = (char *) malloc (pagesize); + if (!data3) + exit (1); + if (read (fd, data3, pagesize) != pagesize) + exit (1); + for (i = 0; i < pagesize; ++i) + if (*(data + i) != *(data3 + i)) + exit (1); + close (fd); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_mmap_fixed_mapped=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +( exit $ac_status ) +ac_cv_func_mmap_fixed_mapped=no +fi +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5 +echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6 +if test $ac_cv_func_mmap_fixed_mapped = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_MMAP 1 +_ACEOF + +fi +rm -f conftest.mmap + + + + for ac_header in capability.h sys/capability.h @@ -33184,434 +35005,6 @@ fi -crypto_lib=unknown - - -# Check whether --with-openssl or --without-openssl was given. -if test "${with_openssl+set}" = set; then - withval="$with_openssl" - -fi; - - -# Check whether --with-openssl-lib or --without-openssl-lib was given. -if test "${with_openssl_lib+set}" = set; then - withval="$with_openssl_lib" - if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-openssl-lib" >&5 -echo "$as_me: error: No argument for --with-openssl-lib" >&2;} - { (exit 1); exit 1; }; } -elif test "X$with_openssl" = "X"; then - with_openssl=yes -fi -fi; - - -# Check whether --with-openssl-include or --without-openssl-include was given. -if test "${with_openssl_include+set}" = set; then - withval="$with_openssl_include" - if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-openssl-include" >&5 -echo "$as_me: error: No argument for --with-openssl-include" >&2;} - { (exit 1); exit 1; }; } -elif test "X$with_openssl" = "X"; then - with_openssl=yes -fi -fi; - -case "$with_openssl" in -yes) ;; -no) ;; -"") ;; -*) if test "$with_openssl_include" = ""; then - with_openssl_include="$with_openssl/include" - fi - if test "$with_openssl_lib" = ""; then - with_openssl_lib="$with_openssl/lib$abilibdirext" - fi - ;; -esac - - -DIR_des= - -echo "$as_me:$LINENO: checking for crypto library" >&5 -echo $ECHO_N "checking for crypto library... $ECHO_C" >&6 - -openssl=no -if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then - - save_CPPFLAGS="$CPPFLAGS" - save_LIBS="$LIBS" - INCLUDE_des= - LIB_des= - if test "$with_openssl_include" != ""; then - INCLUDE_des="-I${with_openssl}/include" - fi - if test "$with_openssl_lib" != ""; then - LIB_des="-L${with_openssl}/lib" - fi - CPPFLAGS="${INCLUDE_des} ${CPPFLAGS}" - LIB_des="${LIB_des} -lcrypto" - LIB_des_a="$LIB_des" - LIB_des_so="$LIB_des" - LIB_des_appl="$LIB_des" - LIBS="${LIBS} ${LIB_des}" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - - #include <openssl/md4.h> - #include <openssl/md5.h> - #include <openssl/sha.h> - #include <openssl/des.h> - #include <openssl/rc4.h> - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - void *schedule = 0; - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, schedule, 0, 0); - RC4(0, 0, 0, 0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - crypto_lib=libcrypto openssl=yes - echo "$as_me:$LINENO: result: libcrypto" >&5 -echo "${ECHO_T}libcrypto" >&6 -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - CPPFLAGS="$save_CPPFLAGS" - LIBS="$save_LIBS" -fi - -if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then - save_CPPFLAGS="$CPPFLAGS" - save_LIBS="$LIBS" - - cdirs= clibs= - for i in $LIB_krb4; do - case "$i" in - -L*) cdirs="$cdirs $i";; - -l*) clibs="$clibs $i";; - esac - done - - ires= - for i in $INCLUDE_krb4; do - CFLAGS="$i $save_CFLAGS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <openssl/md4.h> - #include <openssl/md5.h> - #include <openssl/sha.h> - #include <openssl/des.h> - #include <openssl/rc4.h> - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - openssl=yes ires="$i"; break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest.$ac_ext - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <md4.h> - #include <md5.h> - #include <sha.h> - #include <des.h> - #include <rc4.h> - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ires="$i"; break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest.$ac_ext - done - lres= - for i in $cdirs; do - for j in $clibs; do - LIBS="$i $j $save_LIBS" - if test "$openssl" = yes; then - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <openssl/md4.h> - #include <openssl/md5.h> - #include <openssl/sha.h> - #include <openssl/des.h> - #include <openssl/rc4.h> - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - lres="$i $j"; break 2 -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - - #undef KRB5 /* makes md4.h et al unhappy */ - #define KRB4 - #include <md4.h> - #include <md5.h> - #include <sha.h> - #include <des.h> - #include <rc4.h> - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, 0, 0, 0); - RC4(0, 0, 0, 0); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - lres="$i $j"; break 2 -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - fi - done - done - CFLAGS="$save_CFLAGS" - LIBS="$save_LIBS" - if test "$ires" -a "$lres"; then - INCLUDE_des="$ires" - LIB_des="$lres" - crypto_lib=krb4 - echo "$as_me:$LINENO: result: same as krb4" >&5 -echo "${ECHO_T}same as krb4" >&6 - LIB_des_a='$(LIB_des)' - LIB_des_so='$(LIB_des)' - LIB_des_appl='$(LIB_des)' - fi -fi - -if test "$crypto_lib" = "unknown"; then - - DIR_des='des' - LIB_des='$(top_builddir)/lib/des/libdes.la' - LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a' - LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so' - LIB_des_appl="-ldes" - - echo "$as_me:$LINENO: result: included libdes" >&5 -echo "${ECHO_T}included libdes" >&6 - -fi - -if test "$openssl" = "yes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_OPENSSL 1 -_ACEOF - -fi - - -if test "$openssl" = yes; then - HAVE_OPENSSL_TRUE= - HAVE_OPENSSL_FALSE='#' -else - HAVE_OPENSSL_TRUE='#' - HAVE_OPENSSL_FALSE= -fi - - - - - - - - - - @@ -34232,12 +35625,16 @@ fi echo "$as_me:$LINENO: checking which authentication modules should be built" >&5 echo $ECHO_N "checking which authentication modules should be built... $ECHO_C" >&6 +z='sia afskauthlib' LIB_AUTH_SUBDIRS= - +for i in $z; do +case $i in +sia) if test "$ac_cv_header_siad_h" = yes; then LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" fi - +;; +pam) case "${host}" in *-*-freebsd*) ac_cv_want_pam_krb4=no ;; *) ac_cv_want_pam_krb4=yes ;; @@ -34248,13 +35645,21 @@ if test "$ac_cv_want_pam_krb4" = yes -a \ "$enable_shared" = yes; then LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" fi - +;; +afskauthlib) case "${host}" in *-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; esac - -echo "$as_me:$LINENO: result: $LIB_AUTH_SUBDIRS" >&5 +;; +esac +done +if test "$LIB_AUTH_SUBDIRS"; then + echo "$as_me:$LINENO: result: $LIB_AUTH_SUBDIRS" >&5 echo "${ECHO_T}$LIB_AUTH_SUBDIRS" >&6 +else + echo "$as_me:$LINENO: result: none" >&5 +echo "${ECHO_T}none" >&6 +fi @@ -34425,6 +35830,41 @@ echo "$as_me: error: conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${KRB4_TRUE}" && test -z "${KRB4_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"KRB4\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"KRB4\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${KRB5_TRUE}" && test -z "${KRB5_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"KRB5\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"KRB5\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${do_roken_rename_TRUE}" && test -z "${do_roken_rename_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"do_roken_rename\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"do_roken_rename\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${HAVE_OPENSSL_TRUE}" && test -z "${HAVE_OPENSSL_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"HAVE_OPENSSL\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"HAVE_OPENSSL\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${DCE_TRUE}" && test -z "${DCE_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"DCE\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"DCE\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi if test -z "${HAVE_DB1_TRUE}" && test -z "${HAVE_DB1_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"HAVE_DB1\" was never defined. Usually this means the macro was only invoked conditionally." >&5 @@ -34481,34 +35921,6 @@ echo "$as_me: error: conditional \"have_glob_h\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi -if test -z "${KRB4_TRUE}" && test -z "${KRB4_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"KRB4\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"KRB4\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${KRB5_TRUE}" && test -z "${KRB5_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"KRB5\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"KRB5\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${do_roken_rename_TRUE}" && test -z "${do_roken_rename_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"do_roken_rename\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"do_roken_rename\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${DCE_TRUE}" && test -z "${DCE_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"DCE\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"DCE\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi if test -z "${OTP_TRUE}" && test -z "${OTP_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"OTP\" was never defined. Usually this means the macro was only invoked conditionally." >&5 @@ -34572,13 +35984,6 @@ echo "$as_me: error: conditional \"NEED_WRITEAUTH\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi -if test -z "${HAVE_OPENSSL_TRUE}" && test -z "${HAVE_OPENSSL_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"HAVE_OPENSSL\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"HAVE_OPENSSL\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi if test -z "${el_compat_TRUE}" && test -z "${el_compat_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"el_compat\" was never defined. Usually this means the macro was only invoked conditionally." >&5 @@ -35180,6 +36585,36 @@ s,@LIBTOOL@,$LIBTOOL,;t t s,@WFLAGS@,$WFLAGS,;t t s,@WFLAGS_NOUNUSED@,$WFLAGS_NOUNUSED,;t t s,@WFLAGS_NOIMPLICITINT@,$WFLAGS_NOIMPLICITINT,;t t +s,@INCLUDE_openldap@,$INCLUDE_openldap,;t t +s,@LIB_openldap@,$LIB_openldap,;t t +s,@INCLUDE_krb4@,$INCLUDE_krb4,;t t +s,@LIB_krb4@,$LIB_krb4,;t t +s,@EXTRA_LIB45@,$EXTRA_LIB45,;t t +s,@LIB_krb_enable_debug@,$LIB_krb_enable_debug,;t t +s,@LIB_krb_disable_debug@,$LIB_krb_disable_debug,;t t +s,@LIB_krb_get_our_ip_for_realm@,$LIB_krb_get_our_ip_for_realm,;t t +s,@LIB_krb_kdctimeofday@,$LIB_krb_kdctimeofday,;t t +s,@LIB_krb_get_kdc_time_diff@,$LIB_krb_get_kdc_time_diff,;t t +s,@KRB4_TRUE@,$KRB4_TRUE,;t t +s,@KRB4_FALSE@,$KRB4_FALSE,;t t +s,@KRB5_TRUE@,$KRB5_TRUE,;t t +s,@KRB5_FALSE@,$KRB5_FALSE,;t t +s,@do_roken_rename_TRUE@,$do_roken_rename_TRUE,;t t +s,@do_roken_rename_FALSE@,$do_roken_rename_FALSE,;t t +s,@LIB_kdb@,$LIB_kdb,;t t +s,@HAVE_OPENSSL_TRUE@,$HAVE_OPENSSL_TRUE,;t t +s,@HAVE_OPENSSL_FALSE@,$HAVE_OPENSSL_FALSE,;t t +s,@DIR_des@,$DIR_des,;t t +s,@INCLUDE_des@,$INCLUDE_des,;t t +s,@LIB_des@,$LIB_des,;t t +s,@LIB_des_a@,$LIB_des_a,;t t +s,@LIB_des_so@,$LIB_des_so,;t t +s,@LIB_des_appl@,$LIB_des_appl,;t t +s,@DCE_TRUE@,$DCE_TRUE,;t t +s,@DCE_FALSE@,$DCE_FALSE,;t t +s,@dpagaix_cflags@,$dpagaix_cflags,;t t +s,@dpagaix_ldadd@,$dpagaix_ldadd,;t t +s,@dpagaix_ldflags@,$dpagaix_ldflags,;t t s,@LIB_db_create@,$LIB_db_create,;t t s,@LIB_dbopen@,$LIB_dbopen,;t t s,@LIB_dbm_firstkey@,$LIB_dbm_firstkey,;t t @@ -35205,6 +36640,7 @@ s,@LIB_gethostbyname@,$LIB_gethostbyname,;t t s,@LIB_syslog@,$LIB_syslog,;t t s,@LIB_gethostbyname2@,$LIB_gethostbyname2,;t t s,@LIB_res_search@,$LIB_res_search,;t t +s,@LIB_res_nsearch@,$LIB_res_nsearch,;t t s,@LIB_dn_expand@,$LIB_dn_expand,;t t s,@LIBOBJS@,$LIBOBJS,;t t s,@have_glob_h_TRUE@,$have_glob_h_TRUE,;t t @@ -35223,28 +36659,6 @@ s,@LIB_crypt@,$LIB_crypt,;t t s,@DIR_roken@,$DIR_roken,;t t s,@LIB_roken@,$LIB_roken,;t t s,@INCLUDES_roken@,$INCLUDES_roken,;t t -s,@INCLUDE_openldap@,$INCLUDE_openldap,;t t -s,@LIB_openldap@,$LIB_openldap,;t t -s,@INCLUDE_krb4@,$INCLUDE_krb4,;t t -s,@LIB_krb4@,$LIB_krb4,;t t -s,@EXTRA_LIB45@,$EXTRA_LIB45,;t t -s,@LIB_krb_enable_debug@,$LIB_krb_enable_debug,;t t -s,@LIB_krb_disable_debug@,$LIB_krb_disable_debug,;t t -s,@LIB_krb_get_our_ip_for_realm@,$LIB_krb_get_our_ip_for_realm,;t t -s,@LIB_krb_kdctimeofday@,$LIB_krb_kdctimeofday,;t t -s,@LIB_krb_get_kdc_time_diff@,$LIB_krb_get_kdc_time_diff,;t t -s,@KRB4_TRUE@,$KRB4_TRUE,;t t -s,@KRB4_FALSE@,$KRB4_FALSE,;t t -s,@KRB5_TRUE@,$KRB5_TRUE,;t t -s,@KRB5_FALSE@,$KRB5_FALSE,;t t -s,@do_roken_rename_TRUE@,$do_roken_rename_TRUE,;t t -s,@do_roken_rename_FALSE@,$do_roken_rename_FALSE,;t t -s,@LIB_kdb@,$LIB_kdb,;t t -s,@DCE_TRUE@,$DCE_TRUE,;t t -s,@DCE_FALSE@,$DCE_FALSE,;t t -s,@dpagaix_cflags@,$dpagaix_cflags,;t t -s,@dpagaix_ldadd@,$dpagaix_ldadd,;t t -s,@dpagaix_ldflags@,$dpagaix_ldflags,;t t s,@LIB_otp@,$LIB_otp,;t t s,@OTP_TRUE@,$OTP_TRUE,;t t s,@OTP_FALSE@,$OTP_FALSE,;t t @@ -35288,14 +36702,6 @@ s,@LIB_logout@,$LIB_logout,;t t s,@LIB_openpty@,$LIB_openpty,;t t s,@LIB_tgetent@,$LIB_tgetent,;t t s,@LIB_getpwnam_r@,$LIB_getpwnam_r,;t t -s,@HAVE_OPENSSL_TRUE@,$HAVE_OPENSSL_TRUE,;t t -s,@HAVE_OPENSSL_FALSE@,$HAVE_OPENSSL_FALSE,;t t -s,@DIR_des@,$DIR_des,;t t -s,@INCLUDE_des@,$INCLUDE_des,;t t -s,@LIB_des@,$LIB_des,;t t -s,@LIB_des_a@,$LIB_des_a,;t t -s,@LIB_des_so@,$LIB_des_so,;t t -s,@LIB_des_appl@,$LIB_des_appl,;t t s,@LIB_el_init@,$LIB_el_init,;t t s,@el_compat_TRUE@,$el_compat_TRUE,;t t s,@el_compat_FALSE@,$el_compat_FALSE,;t t diff --git a/crypto/heimdal/configure.in b/crypto/heimdal/configure.in index d731642..3ef2a59 100644 --- a/crypto/heimdal/configure.in +++ b/crypto/heimdal/configure.in @@ -1,8 +1,9 @@ dnl Process this file with autoconf to produce a configure script. -AC_REVISION($Revision: 1.320 $) +AC_REVISION($Revision: 1.325 $) AC_PREREQ(2.53) #test -z "$CFLAGS" && CFLAGS="-g" AC_INIT(Heimdal, 0.4f, heimdal-bugs@pdc.kth.se) +AC_CONFIG_SRCDIR([kuser/kinit.c]) AM_CONFIG_HEADER(include/config.h) dnl Checks for programs. @@ -21,6 +22,8 @@ AC_CANONICAL_HOST CANONICAL_HOST=$host AC_SUBST(CANONICAL_HOST) +AC_SYS_LARGEFILE + dnl dnl this is needed to run the configure tests against glibc dnl @@ -48,22 +51,11 @@ AC_PROG_LIBTOOL AC_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs) -rk_DB - -dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken]) - -rk_ROKEN(lib/roken) -LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken" - rk_TEST_PACKAGE(openldap, [#include <lber.h> #include <ldap.h>], [-lldap -llber],,,OPENLDAP) -if test "$openldap_libdir"; then - LIB_openldap="-R $openldap_libdir $LIB_openldap" -fi - rk_TEST_PACKAGE(krb4,[#include <krb.h>],-lkrb,-ldes,/usr/athena, KRB4, krb4-config) LIB_kdb= @@ -156,10 +148,6 @@ if test "$with_krb4" != "no"; then LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" LIB_kdb="-lkdb -lkrb" - if test "$krb4_libdir"; then - LIB_krb4="-R $krb4_libdir $LIB_krb4" - LIB_kdb="-R $krb4_libdir -L$krb4_libdir $LIB_kdb" - fi fi AM_CONDITIONAL(KRB4, test "$with_krb4" != "no") AM_CONDITIONAL(KRB5, true) @@ -168,6 +156,8 @@ AM_CONDITIONAL(do_roken_rename, true) AC_DEFINE(KRB5, 1, [Enable Kerberos 5 support in applications.])dnl AC_SUBST(LIB_kdb)dnl +KRB_CRYPTO + AC_ARG_ENABLE(dce, AC_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's])) if test "$enable_dce" = yes; then @@ -189,10 +179,23 @@ AC_SUBST(dpagaix_cflags) AC_SUBST(dpagaix_ldadd) AC_SUBST(dpagaix_ldflags) +rk_DB + +dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken]) + +rk_ROKEN(lib/roken) +LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken" + rk_OTP AC_CHECK_OSFC2 +AC_ARG_ENABLE(mmap, + AC_HELP_STRING([--disable-mmap],[disable use of mmap])) +if test "$enable_mmap" = "no"; then + AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.]) +fi + rk_CHECK_MAN rk_TEST_PACKAGE(readline, @@ -241,6 +244,7 @@ AC_CHECK_HEADERS([\ libutil.h \ limits.h \ maillock.h \ + netgroup.h \ netinet/in6_machtypes.h \ netinfo/ni.h \ pthread.h \ @@ -256,6 +260,7 @@ AC_CHECK_HEADERS([\ sys/file.h \ sys/filio.h \ sys/ioccom.h \ + sys/mman.h \ sys/pty.h \ sys/ptyio.h \ sys/ptyvar.h \ @@ -327,6 +332,8 @@ AC_CHECK_FUNCS([ \ yp_get_default_domain \ ]) +AC_FUNC_MMAP + KRB_CAPABILITIES AC_CHECK_GETPWNAM_R_POSIX @@ -369,8 +376,6 @@ AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t, #endif ]) -KRB_CRYPTO - KRB_READLINE rk_TELNET @@ -378,7 +383,7 @@ rk_TELNET dnl Some operating systems already have com_err and compile_et CHECK_COMPILE_ET -AC_AUTH_MODULES +rk_AUTH_MODULES([sia afskauthlib]) rk_DESTDIRS diff --git a/crypto/heimdal/doc/ack.texi b/crypto/heimdal/doc/ack.texi index fe0113e..d28b816 100644 --- a/crypto/heimdal/doc/ack.texi +++ b/crypto/heimdal/doc/ack.texi @@ -1,4 +1,4 @@ -@c $Id: ack.texi,v 1.14 2001/02/24 05:09:23 assar Exp $ +@c $Id: ack.texi,v 1.15 2002/09/04 01:03:35 assar Exp $ @node Acknowledgments, , Migration, Top @comment node-name, next, previous, up @@ -19,6 +19,9 @@ of NetBSD/FreeBSD. @code{editline} was written by Simmule Turner and Rich Salz. +The @code{getifaddrs} implementation for Linux was written by Hideaki +YOSHIFUJI for the Usagi project. + Bugfixes, documentation, encouragement, and code has been contributed by: @table @asis @item Derrick J Brashear diff --git a/crypto/heimdal/doc/install.texi b/crypto/heimdal/doc/install.texi index 61c5282..d12ace9 100644 --- a/crypto/heimdal/doc/install.texi +++ b/crypto/heimdal/doc/install.texi @@ -1,4 +1,4 @@ -@c $Id: install.texi,v 1.17 2001/07/02 18:06:02 joda Exp $ +@c $Id: install.texi,v 1.18 2002/09/04 03:18:48 assar Exp $ @node Building and Installing, Setting up a realm, What is Kerberos?, Top @comment node-name, next, previous, up @@ -98,4 +98,9 @@ On Irix there are three different ABIs that can be used (@samp{32}, @samp{n32}, or @samp{64}). This option allows you to override the automatic selection. +@item @kbd{--disable-mmap} +Do not use the mmap system call. Normally, configure detects if there +is a working mmap and it is only used if there is one. Only try this +option if it fails to work anyhow. + @end table diff --git a/crypto/heimdal/include/Makefile.am b/crypto/heimdal/include/Makefile.am index fee2ac2..c283cd2 100644 --- a/crypto/heimdal/include/Makefile.am +++ b/crypto/heimdal/include/Makefile.am @@ -1,25 +1,30 @@ -# $Id: Makefile.am,v 1.32 2002/05/24 15:36:21 joda Exp $ +# $Id: Makefile.am,v 1.33 2002/09/10 19:59:25 joda Exp $ include $(top_srcdir)/Makefile.am.common SUBDIRS = kadm5 -noinst_PROGRAMS = bits +noinst_PROGRAMS = bits make_crypto CHECK_LOCAL = INCLUDES += -DHOST=\"$(CANONICAL_HOST)\" include_HEADERS = krb5-types.h +noinst_HEADERS = crypto-headers.h krb5-types.h: bits$(EXEEXT) ./bits$(EXEEXT) krb5-types.h +crypto-headers.h: make_crypto$(EXEEXT) + ./make_crypto$(EXEEXT) crypto-headers.h + CLEANFILES = \ asn1.h \ asn1_err.h \ base64.h \ com_err.h \ com_right.h \ + crypto-headers.h\ der.h \ des.h \ editline.h \ diff --git a/crypto/heimdal/include/Makefile.in b/crypto/heimdal/include/Makefile.in index 9fe6d81..1eed888 100644 --- a/crypto/heimdal/include/Makefile.in +++ b/crypto/heimdal/include/Makefile.in @@ -14,7 +14,7 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.32 2002/05/24 15:36:21 joda Exp $ +# $Id: Makefile.am,v 1.33 2002/09/10 19:59:25 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ @@ -204,10 +204,11 @@ NROFF_MAN = groff -mandoc -Tascii SUBDIRS = kadm5 -noinst_PROGRAMS = bits +noinst_PROGRAMS = bits make_crypto CHECK_LOCAL = include_HEADERS = krb5-types.h +noinst_HEADERS = crypto-headers.h CLEANFILES = \ asn1.h \ @@ -215,6 +216,7 @@ CLEANFILES = \ base64.h \ com_err.h \ com_right.h \ + crypto-headers.h\ der.h \ des.h \ editline.h \ @@ -249,7 +251,7 @@ subdir = include mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = -noinst_PROGRAMS = bits$(EXEEXT) +noinst_PROGRAMS = bits$(EXEEXT) make_crypto$(EXEEXT) PROGRAMS = $(noinst_PROGRAMS) bits_SOURCES = bits.c @@ -257,6 +259,11 @@ bits_OBJECTS = bits.$(OBJEXT) bits_LDADD = $(LDADD) bits_DEPENDENCIES = bits_LDFLAGS = +make_crypto_SOURCES = make_crypto.c +make_crypto_OBJECTS = make_crypto.$(OBJEXT) +make_crypto_LDADD = $(LDADD) +make_crypto_DEPENDENCIES = +make_crypto_LDFLAGS = DEFS = @DEFS@ DEFAULT_INCLUDES = -I. -I$(srcdir) -I. @@ -273,17 +280,18 @@ CCLD = $(CC) LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ -DIST_SOURCES = bits.c -HEADERS = $(include_HEADERS) +DIST_SOURCES = bits.c make_crypto.c +HEADERS = $(include_HEADERS) $(noinst_HEADERS) RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \ uninstall-info-recursive all-recursive install-data-recursive \ install-exec-recursive installdirs-recursive install-recursive \ uninstall-recursive check-recursive installcheck-recursive -DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in config.h.in +DIST_COMMON = $(include_HEADERS) $(noinst_HEADERS) Makefile.am \ + Makefile.in DIST_SUBDIRS = $(SUBDIRS) -SOURCES = bits.c +SOURCES = bits.c make_crypto.c all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -322,6 +330,9 @@ clean-noinstPROGRAMS: bits$(EXEEXT): $(bits_OBJECTS) $(bits_DEPENDENCIES) @rm -f bits$(EXEEXT) $(LINK) $(bits_LDFLAGS) $(bits_OBJECTS) $(bits_LDADD) $(LIBS) +make_crypto$(EXEEXT): $(make_crypto_OBJECTS) $(make_crypto_DEPENDENCIES) + @rm -f make_crypto$(EXEEXT) + $(LINK) $(make_crypto_LDFLAGS) $(make_crypto_OBJECTS) $(make_crypto_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) core *.core @@ -731,6 +742,9 @@ install-data-local: install-cat-mans krb5-types.h: bits$(EXEEXT) ./bits$(EXEEXT) krb5-types.h + +crypto-headers.h: make_crypto$(EXEEXT) + ./make_crypto$(EXEEXT) crypto-headers.h # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/include/config.h.in b/crypto/heimdal/include/config.h.in index 39fafbd..0dde992 100644 --- a/crypto/heimdal/include/config.h.in +++ b/crypto/heimdal/include/config.h.in @@ -285,6 +285,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the function `getopt'. */ #undef HAVE_GETOPT +/* Define to 1 if you have the `getpagesize' function. */ +#undef HAVE_GETPAGESIZE + /* Define to 1 if you have the `getprogname' function. */ #undef HAVE_GETPROGNAME @@ -448,6 +451,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `mktime' function. */ #undef HAVE_MKTIME +/* Define to 1 if you have a working `mmap' system call. */ +#undef HAVE_MMAP + /* define if you have a ndbm library */ #undef HAVE_NDBM @@ -457,6 +463,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the <netdb.h> header file. */ #undef HAVE_NETDB_H +/* Define to 1 if you have the <netgroup.h> header file. */ +#undef HAVE_NETGROUP_H + /* Define to 1 if you have the <netinet6/in6.h> header file. */ #undef HAVE_NETINET6_IN6_H @@ -493,6 +502,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if NDBM really is DB (creates files *.db) */ #undef HAVE_NEW_DB +/* define if you have hash functions like md4_finito() */ +#undef HAVE_OLD_HASH_NAMES + /* Define to 1 if you have the `on_exit' function. */ #undef HAVE_ON_EXIT @@ -559,6 +571,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the <resolv.h> header file. */ #undef HAVE_RESOLV_H +/* Define to 1 if you have the `res_nsearch' function. */ +#undef HAVE_RES_NSEARCH + /* Define to 1 if you have the `res_search' function. */ #undef HAVE_RES_SEARCH @@ -844,6 +859,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the <sys/ioctl.h> header file. */ #undef HAVE_SYS_IOCTL_H +/* Define to 1 if you have the <sys/mman.h> header file. */ +#undef HAVE_SYS_MMAN_H + /* Define to 1 if you have the <sys/param.h> header file. */ #undef HAVE_SYS_PARAM_H @@ -1210,6 +1228,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* define if the system is missing a prototype for vsnprintf() */ #undef NEED_VSNPRINTF_PROTO +/* Define if you don't want to use mmap. */ +#undef NO_MMAP + /* Define this to enable old environment option in telnet. */ #undef OLD_ENVIRON @@ -1290,9 +1311,15 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } `char[]'. */ #undef YYTEXT_POINTER +/* Number of bits in a file offset, on hosts where this is settable. */ +#undef _FILE_OFFSET_BITS + /* Define to enable extensions on glibc-based systems such as Linux. */ #undef _GNU_SOURCE +/* Define for large files, on AIX-style hosts. */ +#undef _LARGE_FILES + /* Define to empty if `const' does not conform to ANSI C. */ #undef const @@ -1321,6 +1348,13 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to `int' if <sys/types.h> doesn't define. */ #undef uid_t +#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4) +#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S)) +#else +#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S)) +#endif + + #if defined(ENCRYPTION) && !defined(AUTHENTICATION) #define AUTHENTICATION 1 @@ -1345,6 +1379,14 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #include "roken_rename.h" #endif +#ifndef HAVE_KRB_KDCTIMEOFDAY +#define krb_kdctimeofday(X) gettimeofday((X), NULL) +#endif + +#ifndef HAVE_KRB_GET_KDC_TIME_DIFF +#define krb_get_kdc_time_diff() (0) +#endif + #ifdef VOID_RETSIGTYPE #define SIGRETURN(x) return #else @@ -1356,21 +1398,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y)) #endif -#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4) -#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S)) -#else -#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S)) -#endif - - -#ifndef HAVE_KRB_KDCTIMEOFDAY -#define krb_kdctimeofday(X) gettimeofday((X), NULL) -#endif - -#ifndef HAVE_KRB_GET_KDC_TIME_DIFF -#define krb_get_kdc_time_diff() (0) -#endif - #if ENDIANESS_IN_SYS_PARAM_H # include <sys/types.h> diff --git a/crypto/heimdal/include/make_crypto.c b/crypto/heimdal/include/make_crypto.c new file mode 100644 index 0000000..d1b633c --- /dev/null +++ b/crypto/heimdal/include/make_crypto.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id"); +#endif +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <ctype.h> + +int +main(int argc, char **argv) +{ + char *p; + FILE *f; + if(argc != 2) { + fprintf(stderr, "Usage: make_crypto file\n"); + exit(1); + } + f = fopen(argv[1], "w"); + if(f == NULL) { + perror(argv[1]); + exit(1); + } + for(p = argv[1]; *p; p++) + if(!isalnum((int)*p)) + *p = '_'; + fprintf(f, "#ifndef __%s__\n", argv[1]); + fprintf(f, "#define __%s__\n", argv[1]); +#ifdef HAVE_OPENSSL + fputs("#include <openssl/des.h>\n", f); + fputs("#include <openssl/rc4.h>\n", f); + fputs("#include <openssl/md4.h>\n", f); + fputs("#include <openssl/md5.h>\n", f); + fputs("#include <openssl/sha.h>\n", f); +#else + fputs("#include <des.h>\n", f); + fputs("#include <md4.h>\n", f); + fputs("#include <md5.h>\n", f); + fputs("#include <sha.h>\n", f); + fputs("#include <rc4.h>\n", f); +#ifdef HAVE_OLD_HASH_NAMES + fputs("\n", f); + fputs(" typedef struct md4 MD4_CTX;\n", f); + fputs("#define MD4_Init md4_init\n", f); + fputs("#define MD4_Update md4_update\n", f); + fputs("#define MD4_Final(D, C) md4_finito((C), (D))\n", f); + fputs("\n", f); + fputs(" typedef struct md5 MD5_CTX;\n", f); + fputs("#define MD5_Init md5_init\n", f); + fputs("#define MD5_Update md5_update\n", f); + fputs("#define MD5_Final(D, C) md5_finito((C), (D))\n", f); + fputs("\n", f); + fputs(" typedef struct sha SHA_CTX;\n", f); + fputs("#define SHA1_Init sha_init\n", f); + fputs("#define SHA1_Update sha_update\n", f); + fputs("#define SHA1_Final(D, C) sha_finito((C), (D))\n", f); +#endif +#endif + fprintf(f, "#endif /* __%s__ */\n", argv[1]); + fclose(f); + exit(0); +} diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog index 4c56cc8..6e625f8 100644 --- a/crypto/heimdal/kadmin/ChangeLog +++ b/crypto/heimdal/kadmin/ChangeLog @@ -1,3 +1,21 @@ +2002-09-10 Johan Danielsson <joda@pdc.kth.se> + + * server.c: constify match_appl_version() + + * version4.c: change some lingering krb_err_base + +2002-09-09 Jacques Vidrine <nectar@kth.se> + + * server.c (kadmind_dispatch): while decoding arguments for + kadm_chpass_with_key, sanity check the number of keys given. + Potential problem pointed out by + Sebastian Krahmer <krahmer@suse.de>. + +2002-09-04 Johan Danielsson <joda@pdc.kth.se> + + * load.c (parse_generation): return if there is no generation + (spotted by Daniel Kouril) + 2002-06-07 Jacques Vidrine <n@nectar.com> * ank.c: do not attempt to free uninitialized pointer when diff --git a/crypto/heimdal/kadmin/load.c b/crypto/heimdal/kadmin/load.c index ebeee6c..3635023 100644 --- a/crypto/heimdal/kadmin/load.c +++ b/crypto/heimdal/kadmin/load.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <kadm5/private.h> -RCSID("$Id: load.c,v 1.43 2001/08/10 13:52:22 joda Exp $"); +RCSID("$Id: load.c,v 1.44 2002/09/04 20:44:35 joda Exp $"); struct entry { char *principal; @@ -288,8 +288,10 @@ parse_generation(char *str, GENERATION **gen) char *p; int v; - if(strcmp(str, "-") == 0 || *str == '\0') + if(strcmp(str, "-") == 0 || *str == '\0') { *gen = NULL; + return 0; + } *gen = calloc(1, sizeof(**gen)); p = strsep(&str, ":"); diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c index 0bda03c..143e95d 100644 --- a/crypto/heimdal/kadmin/server.c +++ b/crypto/heimdal/kadmin/server.c @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <krb5-private.h> -RCSID("$Id: server.c,v 1.34 2002/05/24 15:23:42 joda Exp $"); +RCSID("$Id: server.c,v 1.36 2002/09/10 19:23:28 joda Exp $"); static kadm5_ret_t kadmind_dispatch(void *kadm_handle, krb5_boolean initial, @@ -255,6 +255,13 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_free_principal(context->context, princ); goto fail; } + /* n_key_data will be squeezed into an int16_t below. */ + if (n_key_data < 0 || n_key_data >= 1 << 16 || + n_key_data > UINT_MAX/sizeof(*key_data)) { + ret = ERANGE; + krb5_free_principal(context->context, princ); + goto fail; + } key_data = malloc (n_key_data * sizeof(*key_data)); if (key_data == NULL) { @@ -440,7 +447,7 @@ v5_loop (krb5_context context, } static krb5_boolean -match_appl_version(void *data, const char *appl_version) +match_appl_version(const void *data, const char *appl_version) { unsigned minor; if(sscanf(appl_version, "KADM0.%u", &minor) != 1) diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c index b660ad7..9dec87c 100644 --- a/crypto/heimdal/kadmin/version4.c +++ b/crypto/heimdal/kadmin/version4.c @@ -41,7 +41,7 @@ #include <krb_err.h> #include <kadm_err.h> -RCSID("$Id: version4.c,v 1.25 2002/05/24 15:23:43 joda Exp $"); +RCSID("$Id: version4.c,v 1.26 2002/09/10 15:20:46 joda Exp $"); #define KADM_NO_OPCODE -1 #define KADM_NO_ENCRYPT -2 @@ -868,7 +868,7 @@ decode_packet(krb5_context context, client_addr->sin_addr.s_addr, &ad, NULL); if(ret) { - make_you_loose_packet(krb_err_base + ret, reply); + make_you_loose_packet(ERROR_TABLE_BASE_krb + ret, reply); krb5_warnx(context, "krb_rd_req: %d", ret); return; } @@ -905,7 +905,7 @@ decode_packet(krb5_context context, ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session, client_addr, admin_addr, &msg_dat); if (ret) { - make_you_loose_packet (krb_err_base + ret, reply); + make_you_loose_packet (ERROR_TABLE_BASE_krb + ret, reply); krb5_warnx(context, "krb_rd_priv: %d", ret); goto out; } diff --git a/crypto/heimdal/kdc/hprop.c b/crypto/heimdal/kdc/hprop.c index 5def363..3bc066f 100644 --- a/crypto/heimdal/kdc/hprop.c +++ b/crypto/heimdal/kdc/hprop.c @@ -33,7 +33,7 @@ #include "hprop.h" -RCSID("$Id: hprop.c,v 1.69 2002/04/18 10:18:35 joda Exp $"); +RCSID("$Id: hprop.c,v 1.70 2002/09/04 18:19:41 joda Exp $"); static int version_flag; static int help_flag; @@ -691,7 +691,7 @@ propagate_database (krb5_context context, int type, HPROP_VERSION, NULL, server, - AP_OPTS_MUTUAL_REQUIRED, + AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY, NULL, /* in_data */ NULL, /* in_creds */ ccache, diff --git a/crypto/heimdal/kdc/kaserver.c b/crypto/heimdal/kdc/kaserver.c index a346411..a281c00 100644 --- a/crypto/heimdal/kdc/kaserver.c +++ b/crypto/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c,v 1.19 2002/04/18 16:07:39 joda Exp $"); +RCSID("$Id: kaserver.c,v 1.20 2002/09/09 14:03:02 nectar Exp $"); #include <rx.h> @@ -186,6 +186,8 @@ krb5_ret_xdr_data(krb5_storage *sp, ret = krb5_ret_int32(sp, &size); if(ret) return ret; + if(size < 0) + return ERANGE; data->length = size; if (size) { u_char foo[4]; diff --git a/crypto/heimdal/kdc/kerberos5.c b/crypto/heimdal/kdc/kerberos5.c index 8b1c3c1..7ba9680 100644 --- a/crypto/heimdal/kdc/kerberos5.c +++ b/crypto/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.140 2002/07/31 09:42:43 joda Exp $"); +RCSID("$Id: kerberos5.c,v 1.143 2002/09/09 14:03:02 nectar Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -156,51 +156,69 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, krb5_enctype etype, int skvno, EncryptionKey *skey, int ckvno, EncryptionKey *ckey, + const char **e_text, krb5_data *reply) { - unsigned char buf[8192]; /* XXX The data could be indefinite */ + unsigned char *buf; + size_t buf_size; size_t len; krb5_error_code ret; krb5_crypto crypto; - ret = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et, &len); + ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret); if(ret) { kdc_log(0, "Failed to encode ticket: %s", krb5_get_err_text(context, ret)); return ret; } - + if(buf_size != len) { + free(buf); + kdc_log(0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + return KRB5KRB_ERR_GENERIC; + } ret = krb5_crypto_init(context, skey, etype, &crypto); if (ret) { + free(buf); kdc_log(0, "krb5_crypto_init failed: %s", krb5_get_err_text(context, ret)); return ret; } - krb5_encrypt_EncryptedData(context, - crypto, - KRB5_KU_TICKET, - buf + sizeof(buf) - len, - len, - skvno, - &rep->ticket.enc_part); - + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_TICKET, + buf, + len, + skvno, + &rep->ticket.enc_part); + free(buf); krb5_crypto_destroy(context, crypto); + if(ret) { + kdc_log(0, "Failed to encrypt data: %s", + krb5_get_err_text(context, ret)); + return ret; + } if(rep->msg_type == krb_as_rep && !encode_as_rep_as_tgs_rep) - ret = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf), - ek, &len); + ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret); else - ret = encode_EncTGSRepPart(buf + sizeof(buf) - 1, sizeof(buf), - ek, &len); + ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret); if(ret) { kdc_log(0, "Failed to encode KDC-REP: %s", krb5_get_err_text(context, ret)); return ret; } + if(buf_size != len) { + free(buf); + kdc_log(0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + return KRB5KRB_ERR_GENERIC; + } ret = krb5_crypto_init(context, ckey, 0, &crypto); if (ret) { + free(buf); kdc_log(0, "krb5_crypto_init failed: %s", krb5_get_err_text(context, ret)); return ret; @@ -209,20 +227,22 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_AS_REP_ENC_PART, - buf + sizeof(buf) - len, + buf, len, ckvno, &rep->enc_part); - ret = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len); + free(buf); + ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret); } else { krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_TGS_REP_ENC_PART_SESSION, - buf + sizeof(buf) - len, + buf, len, ckvno, &rep->enc_part); - ret = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len); + free(buf); + ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret); } krb5_crypto_destroy(context, crypto); if(ret) { @@ -230,7 +250,14 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, krb5_get_err_text(context, ret)); return ret; } - krb5_data_copy(reply, buf + sizeof(buf) - len, len); + if(buf_size != len) { + free(buf); + kdc_log(0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + return KRB5KRB_ERR_GENERIC; + } + reply->data = buf; + reply->length = buf_size; return 0; } @@ -297,6 +324,8 @@ get_pa_etype_info(METHOD_DATA *md, hdb_entry *client, pa.len = client->keys.len; + if(pa.len > UINT_MAX/sizeof(*pa.val)) + return ERANGE; pa.val = malloc(pa.len * sizeof(*pa.val)); if(pa.val == NULL) return ENOMEM; @@ -333,18 +362,10 @@ get_pa_etype_info(METHOD_DATA *md, hdb_entry *client, pa.len = n; } - len = length_ETYPE_INFO(&pa); - buf = malloc(len); - if (buf == NULL) { - free_ETYPE_INFO(&pa); - return ENOMEM; - } - ret = encode_ETYPE_INFO(buf + len - 1, len, &pa, &len); + ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret); free_ETYPE_INFO(&pa); - if(ret) { - free(buf); + if(ret) return ret; - } ret = realloc_method_data(md); if(ret) { free(buf); @@ -657,15 +678,10 @@ as_rep(KDC_REQ *req, ret = get_pa_etype_info(&method_data, client, b->etype.val, b->etype.len); /* XXX check ret */ - len = length_METHOD_DATA(&method_data); - buf = malloc(len); - encode_METHOD_DATA(buf + len - 1, - len, - &method_data, - &len); + ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret); free_METHOD_DATA(&method_data); - foo_data.length = len; foo_data.data = buf; + foo_data.length = len; ret = KRB5KDC_ERR_PREAUTH_REQUIRED; krb5_mk_error(context, @@ -895,7 +911,7 @@ as_rep(KDC_REQ *req, set_salt_padata (&rep.padata, ckey->salt); ret = encode_reply(&rep, &et, &ek, setype, server->kvno, &skey->key, - client->kvno, &ckey->key, reply); + client->kvno, &ckey->key, &e_text, reply); free_EncTicketPart(&et); free_EncKDCRepPart(&ek); free_AS_REP(&rep); @@ -1065,6 +1081,10 @@ fix_transited_encoding(TransitedEncoding *tr, return ret; } } + if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) { + ret = ERANGE; + goto free_realms; + } tmp = realloc(realms, (num_realms + 1) * sizeof(*realms)); if(tmp == NULL){ ret = ENOMEM; @@ -1101,6 +1121,7 @@ tgs_make_reply(KDC_REQ_BODY *b, krb5_principal client_principal, hdb_entry *krbtgt, krb5_enctype cetype, + const char **e_text, krb5_data *reply) { KDC_REP rep; @@ -1256,7 +1277,7 @@ tgs_make_reply(KDC_REQ_BODY *b, etype list, even if we don't want a session key with DES3? */ ret = encode_reply(&rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey, - 0, &tgt->key, reply); + 0, &tgt->key, e_text, reply); out: free_TGS_REP(&rep); free_TransitedEncoding(&et.transited); @@ -1273,11 +1294,13 @@ out: static krb5_error_code tgs_check_authenticator(krb5_auth_context ac, KDC_REQ_BODY *b, + const char **e_text, krb5_keyblock *key) { krb5_authenticator auth; size_t len; - unsigned char buf[8192]; + unsigned char *buf; + size_t buf_size; krb5_error_code ret; krb5_crypto crypto; @@ -1304,15 +1327,22 @@ tgs_check_authenticator(krb5_auth_context ac, } /* XXX should not re-encode this */ - ret = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf), - b, &len); + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret); if(ret){ kdc_log(0, "Failed to encode KDC-REQ-BODY: %s", krb5_get_err_text(context, ret)); goto out; } + if(buf_size != len) { + free(buf); + kdc_log(0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + ret = KRB5KRB_ERR_GENERIC; + goto out; + } ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { + free(buf); kdc_log(0, "krb5_crypto_init failed: %s", krb5_get_err_text(context, ret)); goto out; @@ -1320,9 +1350,10 @@ tgs_check_authenticator(krb5_auth_context ac, ret = krb5_verify_checksum(context, crypto, KRB5_KU_TGS_REQ_AUTH_CKSUM, - buf + sizeof(buf) - len, + buf, len, auth->cksum); + free(buf); krb5_crypto_destroy(context, crypto); if(ret){ kdc_log(0, "Failed to verify checksum: %s", @@ -1506,7 +1537,7 @@ tgs_rep2(KDC_REQ_BODY *b, tgt = &ticket->ticket; - ret = tgs_check_authenticator(ac, b, &tgt->key); + ret = tgs_check_authenticator(ac, b, &e_text, &tgt->key); if (b->enc_authorization_data) { krb5_keyblock *subkey; @@ -1723,6 +1754,7 @@ tgs_rep2(KDC_REQ_BODY *b, cp, krbtgt, cetype, + &e_text, reply); out: diff --git a/crypto/heimdal/kpasswd/kpasswd_locl.h b/crypto/heimdal/kpasswd/kpasswd_locl.h index f0b7fbc..c254f6f 100644 --- a/crypto/heimdal/kpasswd/kpasswd_locl.h +++ b/crypto/heimdal/kpasswd/kpasswd_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kpasswd_locl.h,v 1.12 2001/08/22 20:30:26 assar Exp $ */ +/* $Id: kpasswd_locl.h,v 1.13 2002/09/10 20:03:48 joda Exp $ */ #ifndef __KPASSWD_LOCL_H__ #define __KPASSWD_LOCL_H__ @@ -98,11 +98,7 @@ #include <err.h> #include <roken.h> #include <getarg.h> -#ifdef HAVE_OPENSSL -#include <openssl/des.h> -#else -#include <des.h> -#endif #include <krb5.h> +#include "crypto-headers.h" /* for des_read_pw_string */ #endif /* __KPASSWD_LOCL_H__ */ diff --git a/crypto/heimdal/kuser/kinit.1 b/crypto/heimdal/kuser/kinit.1 index 59c2e63..f020b61 100644 --- a/crypto/heimdal/kuser/kinit.1 +++ b/crypto/heimdal/kuser/kinit.1 @@ -1,4 +1,4 @@ -.\" $Id: kinit.1,v 1.20 2002/08/28 16:09:36 joda Exp $ +.\" $Id: kinit.1,v 1.21 2002/09/13 14:50:27 joda Exp $ .\" .Dd May 29, 1998 .Dt KINIT 1 @@ -91,7 +91,7 @@ Get ticket that can be forwarded to another host. Don't ask for a password, but instead get the key from the specified keytab. .It Xo -.Fl l Ar time Ns , +.Fl l Ar time , .Fl -lifetime= Ns Ar time .Xc Specifies the lifetime of the ticket. The argument can either be in diff --git a/crypto/heimdal/kuser/kinit.c b/crypto/heimdal/kuser/kinit.c index 7f61605..5ce4642 100644 --- a/crypto/heimdal/kuser/kinit.c +++ b/crypto/heimdal/kuser/kinit.c @@ -32,7 +32,7 @@ */ #include "kuser_locl.h" -RCSID("$Id: kinit.c,v 1.89 2002/08/21 12:21:31 joda Exp $"); +RCSID("$Id: kinit.c,v 1.90 2002/09/09 22:17:53 joda Exp $"); int forwardable_flag = -1; int proxiable_flag = -1; @@ -290,9 +290,11 @@ do_524init(krb5_context context, krb5_ccache ccache, krb5_cc_get_principal(context, ccache, &client); memset(&in_creds, 0, sizeof(in_creds)); ret = get_server(context, client, server, &in_creds.server); + krb5_free_principal(context, client); if(ret) return ret; ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds); + krb5_free_principal(context, in_creds.server); if(ret) return ret; } diff --git a/crypto/heimdal/lib/asn1/der_get.c b/crypto/heimdal/lib/asn1/der_get.c index 5edb43a..429fd66 100644 --- a/crypto/heimdal/lib/asn1/der_get.c +++ b/crypto/heimdal/lib/asn1/der_get.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c,v 1.32 2002/08/22 19:11:07 assar Exp $"); +RCSID("$Id: der_get.c,v 1.33 2002/09/03 16:21:49 nectar Exp $"); #include <version.h> @@ -252,6 +252,8 @@ decode_integer (const unsigned char *p, size_t len, p += l; len -= l; ret += l; + if (reallen > len) + return ASN1_OVERRUN; e = der_get_int (p, reallen, num, &l); if (e) return e; p += l; @@ -279,6 +281,8 @@ decode_unsigned (const unsigned char *p, size_t len, p += l; len -= l; ret += l; + if (reallen > len) + return ASN1_OVERRUN; e = der_get_unsigned (p, reallen, num, &l); if (e) return e; p += l; diff --git a/crypto/heimdal/lib/asn1/gen.c b/crypto/heimdal/lib/asn1/gen.c index 6d03db6..5b85a48 100644 --- a/crypto/heimdal/lib/asn1/gen.c +++ b/crypto/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.48 2002/08/26 13:27:20 assar Exp $"); +RCSID("$Id: gen.c,v 1.49 2002/09/04 15:06:18 joda Exp $"); FILE *headerfile, *codefile, *logfile; @@ -102,20 +102,29 @@ init_generate (const char *filename, const char *base) " void *data;\n" "} octet_string;\n\n"); fprintf (headerfile, -#if 0 - "typedef struct general_string {\n" - " size_t length;\n" - " char *data;\n" - "} general_string;\n\n" -#else "typedef char *general_string;\n\n" -#endif ); fprintf (headerfile, "typedef struct oid {\n" " size_t length;\n" " unsigned *components;\n" "} oid;\n\n"); + fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \\\n" + " do { \\\n" + " (BL) = length_##T((S)); \\\n" + " (B) = malloc((BL)); \\\n" + " if((B) == NULL) { \\\n" + " (R) = ENOMEM; \\\n" + " } else { \\\n" + " (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \\\n" + " (S), (L)); \\\n" + " if((R) != 0) { \\\n" + " free((B)); \\\n" + " (B) = NULL; \\\n" + " } \\\n" + " } \\\n" + " } while (0)\n\n", + headerfile); fprintf (headerfile, "#endif\n\n"); logfile = fopen(STEM "_files", "w"); if (logfile == NULL) diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/k5.asn1 index 381aaf6..53436c8 100644 --- a/crypto/heimdal/lib/asn1/k5.asn1 +++ b/crypto/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.26 2002/03/18 19:00:43 joda Exp $ +-- $Id: k5.asn1,v 1.27 2002/09/03 17:32:09 joda Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -97,8 +97,7 @@ ENCTYPE ::= INTEGER { ETYPE_DES_CBC_NONE(-0x1000), ETYPE_DES3_CBC_NONE(-0x1001), ETYPE_DES_CFB64_NONE(-0x1002), - ETYPE_DES_PCBC_NONE(-0x1003), - ETYPE_DES3_CBC_NONE_IVEC(-0x1004) + ETYPE_DES_PCBC_NONE(-0x1003) } -- this is sugar to make something ASN1 does not have: unsigned diff --git a/crypto/heimdal/lib/auth/pam/pam.c b/crypto/heimdal/lib/auth/pam/pam.c index eeb2d25..68446c3 100644 --- a/crypto/heimdal/lib/auth/pam/pam.c +++ b/crypto/heimdal/lib/auth/pam/pam.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include<config.h> -RCSID("$Id: pam.c,v 1.27 2001/02/15 04:30:05 assar Exp $"); +RCSID("$Id: pam.c,v 1.28 2002/09/09 15:57:24 joda Exp $"); #endif #include <stdio.h> @@ -128,7 +128,7 @@ pdeb(const char *format, ...) if (ctrl_off(KRB4_DEBUG)) return; va_start(args, format); - openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH); + openlog("pam_krb4", LOG_PID, LOG_AUTH); vsyslog(LOG_DEBUG, format, args); va_end(args); closelog(); diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog index a369cf8..cd9d9c1 100644 --- a/crypto/heimdal/lib/gssapi/ChangeLog +++ b/crypto/heimdal/lib/gssapi/ChangeLog @@ -1,3 +1,13 @@ +2002-09-03 Johan Danielsson <joda@pdc.kth.se> + + * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE + + * unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE + +2002-09-02 Johan Danielsson <joda@pdc.kth.se> + + * init_sec_context.c: we need to generate a local subkey here + 2002-08-20 Jacques Vidrine <n@nectar.com> * acquire_cred.c, inquire_cred.c, release_cred.c: Use default diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c index 1be73e1..2cef3a9 100644 --- a/crypto/heimdal/lib/gssapi/init_sec_context.c +++ b/crypto/heimdal/lib/gssapi/init_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.29 2001/08/29 02:21:09 assar Exp $"); +RCSID("$Id: init_sec_context.c,v 1.31 2002/09/02 17:16:12 joda Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -367,6 +367,16 @@ init_auth } #endif + kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, + (*context_handle)->auth_context, + &cred->session); + if(kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + kret = krb5_build_authenticator (gssapi_krb5_context, (*context_handle)->auth_context, enctype, diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c index e5e9695..5acb2e9 100644 --- a/crypto/heimdal/lib/gssapi/unwrap.c +++ b/crypto/heimdal/lib/gssapi/unwrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: unwrap.c,v 1.20 2002/05/20 15:14:00 nectar Exp $"); +RCSID("$Id: unwrap.c,v 1.21 2002/09/03 17:33:11 joda Exp $"); OM_uint32 gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, @@ -296,7 +296,7 @@ unwrap_des3 p -= 28; ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE_IVEC, &crypto); + ETYPE_DES3_CBC_NONE, &crypto); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c index 4e232c5..1a9d7ea 100644 --- a/crypto/heimdal/lib/gssapi/wrap.c +++ b/crypto/heimdal/lib/gssapi/wrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: wrap.c,v 1.19 2001/06/18 02:53:52 assar Exp $"); +RCSID("$Id: wrap.c,v 1.20 2002/09/03 17:33:36 joda Exp $"); OM_uint32 gss_krb5_get_localkey(const gss_ctx_id_t context_handle, @@ -330,7 +330,7 @@ wrap_des3 4); - ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE_IVEC, + ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { free (output_message_buffer->value); diff --git a/crypto/heimdal/lib/hdb/common.c b/crypto/heimdal/lib/hdb/common.c index 73bddf2..9375525 100644 --- a/crypto/heimdal/lib/hdb/common.c +++ b/crypto/heimdal/lib/hdb/common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,35 +33,21 @@ #include "hdb_locl.h" -RCSID("$Id: common.c,v 1.10 2001/07/13 06:30:41 assar Exp $"); +RCSID("$Id: common.c,v 1.11 2002/09/04 16:32:30 joda Exp $"); int hdb_principal2key(krb5_context context, krb5_principal p, krb5_data *key) { Principal new; size_t len; - unsigned char *buf; int ret; ret = copy_Principal(p, &new); - if(ret) - goto out; + if(ret) + return ret; new.name.name_type = 0; - len = length_Principal(&new); - buf = malloc(len); - if(buf == NULL){ - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ret = encode_Principal(buf + len - 1, len, &new, &len); - if(ret){ - free(buf); - goto out; - } - key->data = buf; - key->length = len; -out: + + ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret); free_Principal(&new); return ret; } @@ -75,24 +61,11 @@ hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p) int hdb_entry2value(krb5_context context, hdb_entry *ent, krb5_data *value) { - unsigned char *buf; size_t len; int ret; - - len = length_hdb_entry(ent); - buf = malloc(len); - if(buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_hdb_entry(buf + len - 1, len, ent, &len); - if(ret){ - free(buf); - return ret; - } - value->data = buf; - value->length = len; - return 0; + + ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret); + return ret; } int diff --git a/crypto/heimdal/lib/hdb/hdb-ldap.c b/crypto/heimdal/lib/hdb/hdb-ldap.c index a92285c..8e90798 100644 --- a/crypto/heimdal/lib/hdb/hdb-ldap.c +++ b/crypto/heimdal/lib/hdb/hdb-ldap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001, PADL Software Pty Ltd. + * Copyright (c) 1999-2001, PADL Software Pty Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -32,7 +32,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb-ldap.c,v 1.9 2001/08/31 18:19:49 joda Exp $"); +RCSID("$Id: hdb-ldap.c,v 1.10 2002/09/04 18:42:22 joda Exp $"); #ifdef OPENLDAP @@ -451,29 +451,10 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent, for (i = 0; i < ent->keys.len; i++) { unsigned char *buf; size_t len; - Key new; - ret = copy_Key(&ent->keys.val[i], &new); - if (ret != 0) { - goto out; - } - - len = length_Key(&new); - buf = malloc(len); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - free_Key(&new); + ASN1_MALLOC_ENCODE(Key, buf, len, &ent->keys.val[i], &len, ret); + if (ret != 0) goto out; - } - - ret = encode_Key(buf + len - 1, len, &new, &len); - if (ret != 0) { - free(buf); - free_Key(&new); - goto out; - } - free_Key(&new); /* addmod_len _owns_ the key, doesn't need to copy it */ ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len); diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index e88a28e..ae75808 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $ +# $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -13,7 +13,8 @@ TESTS = \ string-to-key-test \ derived-key-test \ store-test \ - parse-name-test + parse-name-test \ + name-45-test check_PROGRAMS = $(TESTS) @@ -133,10 +134,10 @@ libkrb5_la_LDFLAGS = -version-info 18:3:1 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h -$(srcdir)/krb5-protos.h: $(ERR_FILES) +$(srcdir)/krb5-protos.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h -$(srcdir)/krb5-private.h: $(ERR_FILES) +$(srcdir)/krb5-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h #libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index 7126546..80ce39f 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -14,7 +14,7 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $ +# $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ @@ -211,7 +211,8 @@ TESTS = \ string-to-key-test \ derived-key-test \ store-test \ - parse-name-test + parse-name-test \ + name-45-test check_PROGRAMS = $(TESTS) @@ -406,7 +407,7 @@ libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS) bin_PROGRAMS = verify_krb5_conf$(EXEEXT) check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \ derived-key-test$(EXEEXT) store-test$(EXEEXT) \ - parse-name-test$(EXEEXT) + parse-name-test$(EXEEXT) name-45-test$(EXEEXT) noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \ krbhst-test$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) @@ -435,6 +436,12 @@ n_fold_test_LDADD = $(LDADD) n_fold_test_DEPENDENCIES = libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la n_fold_test_LDFLAGS = +name_45_test_SOURCES = name-45-test.c +name_45_test_OBJECTS = name-45-test.$(OBJEXT) +name_45_test_LDADD = $(LDADD) +name_45_test_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +name_45_test_LDFLAGS = parse_name_test_SOURCES = parse-name-test.c parse_name_test_OBJECTS = parse-name-test.$(OBJEXT) parse_name_test_LDADD = $(LDADD) @@ -481,13 +488,14 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \ - krbhst-test.c n-fold-test.c parse-name-test.c store-test.c \ - string-to-key-test.c test_get_addrs.c verify_krb5_conf.c + krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c \ + store-test.c string-to-key-test.c test_get_addrs.c \ + verify_krb5_conf.c MANS = $(man_MANS) HEADERS = $(include_HEADERS) DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in -SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c +SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c all: all-am @@ -583,6 +591,9 @@ krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES) n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) @rm -f n-fold-test$(EXEEXT) $(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS) +name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES) + @rm -f name-45-test$(EXEEXT) + $(LINK) $(name_45_test_LDFLAGS) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS) parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES) @rm -f parse-name-test$(EXEEXT) $(LINK) $(parse_name_test_LDFLAGS) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS) @@ -1121,10 +1132,10 @@ install-data-local: install-cat-mans $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h -$(srcdir)/krb5-protos.h: $(ERR_FILES) +$(srcdir)/krb5-protos.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h -$(srcdir)/krb5-private.h: $(ERR_FILES) +$(srcdir)/krb5-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h $(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c index 3b42ce7..2e7a8f4 100644 --- a/crypto/heimdal/lib/krb5/auth_context.c +++ b/crypto/heimdal/lib/krb5/auth_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c,v 1.58 2002/08/15 08:23:07 joda Exp $"); +RCSID("$Id: auth_context.c,v 1.59 2002/09/02 17:11:02 joda Exp $"); krb5_error_code krb5_auth_con_init(krb5_context context, @@ -292,6 +292,24 @@ krb5_auth_con_setlocalsubkey(krb5_context context, } krb5_error_code +krb5_auth_con_generatelocalsubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *key) +{ + krb5_error_code ret; + krb5_keyblock *subkey; + + ret = krb5_generate_subkey (context, key, &subkey); + if(ret) + return ret; + if(auth_context->local_subkey) + krb5_free_keyblock(context, auth_context->local_subkey); + auth_context->local_subkey = subkey; + return 0; +} + + +krb5_error_code krb5_auth_con_setremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) diff --git a/crypto/heimdal/lib/krb5/build_ap_req.c b/crypto/heimdal/lib/krb5/build_ap_req.c index e4f7d4e..cab5e6f 100644 --- a/crypto/heimdal/lib/krb5/build_ap_req.c +++ b/crypto/heimdal/lib/krb5/build_ap_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_ap_req.c,v 1.17 2001/05/14 06:14:44 assar Exp $"); +RCSID("$Id: build_ap_req.c,v 1.18 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_build_ap_req (krb5_context context, @@ -66,15 +66,10 @@ krb5_build_ap_req (krb5_context context, ap.authenticator.kvno = NULL; ap.authenticator.cipher = authenticator; - retdata->length = length_AP_REQ(&ap); - retdata->data = malloc(retdata->length); - if(retdata->data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - } else - encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1, - retdata->length, &ap, &len); + ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length, + &ap, &len, ret); + free_AP_REQ(&ap); - return ret; + } diff --git a/crypto/heimdal/lib/krb5/build_auth.c b/crypto/heimdal/lib/krb5/build_auth.c index b1650fd..9a2ca3e 100644 --- a/crypto/heimdal/lib/krb5/build_auth.c +++ b/crypto/heimdal/lib/krb5/build_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_auth.c,v 1.35 2001/05/14 06:14:44 assar Exp $"); +RCSID("$Id: build_auth.c,v 1.38 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_build_authenticator (krb5_context context, @@ -74,13 +74,6 @@ krb5_build_authenticator (krb5_context context, if(ret) goto fail; - if(auth->subkey == NULL) { - krb5_generate_subkey (context, &cred->session, &auth->subkey); - ret = krb5_auth_con_setlocalsubkey(context, auth_context, auth->subkey); - if(ret) - goto fail; - } - if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { krb5_generate_seq_number (context, &cred->session, @@ -99,36 +92,10 @@ krb5_build_authenticator (krb5_context context, auth_context->authenticator->cusec = auth->cusec; } - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } + ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret); - do { - ret = krb5_encode_Authenticator (context, - buf + buf_size - 1, - buf_size, - auth, &len); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } - buf = tmp; - } else { - goto fail; - } - } - } while(ret == ASN1_OVERFLOW); + if (ret) + goto fail; ret = krb5_crypto_init(context, &cred->session, enctype, &crypto); if (ret) diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c index e930d87..f765a97 100644 --- a/crypto/heimdal/lib/krb5/changepw.c +++ b/crypto/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.35 2002/06/06 13:33:13 joda Exp $"); +RCSID("$Id: changepw.c,v 1.37 2002/09/03 16:14:34 nectar Exp $"); static krb5_error_code send_request (krb5_context context, @@ -57,7 +57,7 @@ send_request (krb5_context context, ret = krb5_mk_req_extended (context, auth_context, - AP_OPTS_MUTUAL_REQUIRED, + AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY, NULL, /* in_data */ creds, &ap_req_data); @@ -144,7 +144,7 @@ process_reply (krb5_context context, u_char reply[BUFSIZ]; size_t len; u_int16_t pkt_len, pkt_ver; - krb5_data ap_rep_data; + krb5_data ap_rep_data, priv_data; int save_errno; ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); @@ -173,10 +173,13 @@ process_reply (krb5_context context, ap_rep_data.data = reply + 6; ap_rep_data.length = (reply[4] << 8) | (reply[5]); + priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length; + priv_data.length = len - ap_rep_data.length - 6; + if ((u_char *)priv_data.data + priv_data.length >= reply + len) + return KRB5_KPASSWD_MALFORMED; if (ap_rep_data.length) { krb5_ap_rep_enc_part *ap_rep; - krb5_data priv_data; u_char *p; ret = krb5_rd_rep (context, @@ -188,9 +191,6 @@ process_reply (krb5_context context, krb5_free_ap_rep_enc_part (context, ap_rep); - priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length; - priv_data.length = len - ap_rep_data.length - 6; - ret = krb5_rd_priv (context, auth_context, &priv_data, diff --git a/crypto/heimdal/lib/krb5/config_file.c b/crypto/heimdal/lib/krb5/config_file.c index 77920a8..845b14c 100644 --- a/crypto/heimdal/lib/krb5/config_file.c +++ b/crypto/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c,v 1.45 2002/08/14 17:35:03 joda Exp $"); +RCSID("$Id: config_file.c,v 1.46 2002/09/10 19:04:55 joda Exp $"); #ifndef HAVE_NETINFO @@ -341,7 +341,7 @@ vget_next(krb5_context context, { const char *p = va_arg(args, const char *); while(b != NULL) { - if(strcmp(b->name, name) == NULL) { + if(strcmp(b->name, name) == 0) { if(b->type == type && p == NULL) { *pointer = b; return b->u.generic; diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index d21ea71..75fe347 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <com_err.h> -RCSID("$Id: context.c,v 1.80 2002/08/28 15:27:24 joda Exp $"); +RCSID("$Id: context.c,v 1.81 2002/09/02 17:03:12 joda Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -173,14 +173,9 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); - INIT_FIELD(context, bool, srv_lookup, TRUE, "dns_lookup_kdc"); - /* srv_lookup backwards compatibility. */ - { - const char **p; - p = krb5_config_get_strings(context, NULL, "libdefaults", "srv_lookup", NULL); - if (p != NULL) - INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); - } + /* prefer dns_lookup_kdc over srv_lookup. */ + INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); + INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); return 0; } diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c index 256234b..7aa61a3 100644 --- a/crypto/heimdal/lib/krb5/get_cred.c +++ b/crypto/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_cred.c,v 1.88 2002/03/10 23:11:29 assar Exp $"); +RCSID("$Id: get_cred.c,v 1.91 2002/09/04 21:12:46 joda Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -54,36 +54,14 @@ make_pa_tgs_req(krb5_context context, krb5_data in_data; krb5_error_code ret; - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - do { - ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size, - body, &len); - if (ret){ - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - buf = tmp; - } else { - goto out; - } - } - } while (ret == ASN1_OVERFLOW); + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret); + if (ret) + goto out; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); in_data.length = len; - in_data.data = buf + buf_size - len; + in_data.data = buf; ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds, &padata->padata_value, KRB5_KU_TGS_REQ_AUTH_CKSUM, @@ -113,18 +91,9 @@ set_auth_data (krb5_context context, krb5_crypto crypto; krb5_error_code ret; - len = length_AuthorizationData(authdata); - buf = malloc(len); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_AuthorizationData(buf + len - 1, - len, authdata, &len); - if (ret) { - free (buf); + ASN1_MALLOC_ENCODE(AuthorizationData, buf, len, authdata, &len, ret); + if (ret) return ret; - } ALLOC(req_body->enc_authorization_data, 1); if (req_body->enc_authorization_data == NULL) { @@ -173,16 +142,19 @@ init_tgs_req (krb5_context context, TGS_REQ *t, krb5_key_usage usage) { - krb5_error_code ret; + krb5_error_code ret = 0; memset(t, 0, sizeof(*t)); t->pvno = 5; t->msg_type = krb_tgs_req; if (in_creds->session.keytype) { - ret = krb5_keytype_to_enctypes_default (context, - in_creds->session.keytype, - &t->req_body.etype.len, - &t->req_body.etype.val); + ALLOC_SEQ(&t->req_body.etype, 1); + if(t->req_body.etype.val == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + t->req_body.etype.val[0] = in_creds->session.keytype; } else { ret = krb5_init_etype(context, &t->req_body.etype.len, @@ -431,34 +403,11 @@ get_cred_kdc_usage(krb5_context context, if (ret) goto out; - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; + ASN1_MALLOC_ENCODE(TGS_REQ, buf, buf_size, &req, &enc.length, ret); + if (ret) goto out; - } - - do { - ret = encode_TGS_REQ (buf + buf_size - 1, buf_size, - &req, &enc.length); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - buf = tmp; - } else { - goto out; - } - } - } while (ret == ASN1_OVERFLOW); + if(enc.length != buf_size) + krb5_abortx(context, "internal error in ASN.1 encoder"); /* don't free addresses */ req.req_body.addresses = NULL; diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c index 53a3f2b..2bec9f7 100644 --- a/crypto/heimdal/lib/krb5/get_for_creds.c +++ b/crypto/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_for_creds.c,v 1.32 2002/03/10 23:12:23 assar Exp $"); +RCSID("$Id: get_for_creds.c,v 1.34 2002/09/04 16:26:04 joda Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -162,12 +162,14 @@ krb5_get_forwarded_creds (krb5_context context, KrbCredInfo *krb_cred_info; EncKrbCredPart enc_krb_cred_part; size_t len; - u_char buf[1024]; + unsigned char *buf; + size_t buf_size; int32_t sec, usec; krb5_kdc_flags kdc_flags; krb5_crypto crypto; struct addrinfo *ai; int save_errno; + krb5_keyblock *key; addrs.len = 0; addrs.val = NULL; @@ -319,45 +321,51 @@ krb5_get_forwarded_creds (krb5_context context, /* encode EncKrbCredPart */ - ret = krb5_encode_EncKrbCredPart (context, - buf + sizeof(buf) - 1, sizeof(buf), - &enc_krb_cred_part, &len); + ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, + &enc_krb_cred_part, &len, ret); free_EncKrbCredPart (&enc_krb_cred_part); if (ret) { free_KRB_CRED(&cred); return ret; - } + } + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + if (auth_context->local_subkey) + key = auth_context->local_subkey; + else if (auth_context->remote_subkey) + key = auth_context->remote_subkey; + else + key = auth_context->keyblock; - ret = krb5_crypto_init(context, auth_context->local_subkey, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { + free(buf); free_KRB_CRED(&cred); return ret; } ret = krb5_encrypt_EncryptedData (context, crypto, KRB5_KU_KRB_CRED, - buf + sizeof(buf) - len, + buf, len, 0, &cred.enc_part); + free(buf); krb5_crypto_destroy(context, crypto); if (ret) { free_KRB_CRED(&cred); return ret; } - ret = encode_KRB_CRED (buf + sizeof(buf) - 1, sizeof(buf), - &cred, &len); + ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret); free_KRB_CRED (&cred); if (ret) return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); out_data->length = len; - out_data->data = malloc(len); - if (out_data->data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy (out_data->data, buf + sizeof(buf) - len, len); + out_data->data = buf; return 0; out4: free_EncKrbCredPart(&enc_krb_cred_part); diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c index 04587ea..74a0204 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.104 2002/04/18 09:11:39 joda Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.106 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_init_etype (krb5_context context, @@ -158,22 +158,12 @@ _krb5_extract_ticket(krb5_context context, creds->client = tmp_principal; /* extract ticket */ - { - unsigned char *buf; - size_t len; - len = length_Ticket(&rep->kdc_rep.ticket); - buf = malloc(len); - if(buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - encode_Ticket(buf + len - 1, len, &rep->kdc_rep.ticket, &len); - creds->ticket.data = buf; - creds->ticket.length = len; - creds->second_ticket.length = 0; - creds->second_ticket.data = NULL; - } + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + &rep->kdc_rep.ticket, &creds->ticket.length, ret); + if(ret) + goto out; + creds->second_ticket.length = 0; + creds->second_ticket.data = NULL; /* compare server */ @@ -223,7 +213,8 @@ _krb5_extract_ticket(krb5_context context, /* set kdc-offset */ krb5_timeofday (context, &sec_now); - if (context->kdc_sec_offset == 0 + if (rep->enc_part.flags.initial + && context->kdc_sec_offset == 0 && krb5_config_get_bool (context, NULL, "libdefaults", "kdc_timesync", @@ -314,7 +305,8 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, krb5_enctype etype, krb5_keyblock *key) { PA_ENC_TS_ENC p; - u_char buf[1024]; + unsigned char *buf; + size_t buf_size; size_t len; EncryptedData encdata; krb5_error_code ret; @@ -327,39 +319,37 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, usec2 = usec; p.pausec = &usec2; - ret = encode_PA_ENC_TS_ENC(buf + sizeof(buf) - 1, - sizeof(buf), - &p, - &len); + ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret); if (ret) return ret; - + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret) + if (ret) { + free(buf); return ret; + } ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_PA_ENC_TIMESTAMP, - buf + sizeof(buf) - len, + buf, len, 0, &encdata); + free(buf); krb5_crypto_destroy(context, crypto); if (ret) return ret; - ret = encode_EncryptedData(buf + sizeof(buf) - 1, - sizeof(buf), - &encdata, - &len); + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret); free_EncryptedData(&encdata); if (ret) return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP; - pa->padata_value.length = 0; - krb5_data_copy(&pa->padata_value, - buf + sizeof(buf) - len, - len); + pa->padata_value.length = len; + pa->padata_value.data = buf; return 0; } @@ -656,7 +646,7 @@ krb5_get_in_cred(krb5_context context, AS_REQ a; krb5_kdc_rep rep; krb5_data req, resp; - char buf[BUFSIZ]; + size_t len; krb5_salt salt; krb5_keyblock *key; size_t size; @@ -692,17 +682,15 @@ krb5_get_in_cred(krb5_context context, if (ret) return ret; - ret = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1, - sizeof(buf), - &a, - &req.length); + ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret); free_AS_REQ(&a); if (ret) return ret; - - req.data = buf + sizeof(buf) - req.length; + if(len != req.length) + krb5_abortx(context, "internal error in ASN.1 encoder"); ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp); + krb5_data_free(&req); if (ret) return ret; diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c index 7dd0cd9..e4c4eb6 100644 --- a/crypto/heimdal/lib/krb5/keytab_keyfile.c +++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.13 2002/04/18 14:04:21 joda Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.14 2002/09/09 14:22:26 nectar Exp $"); /* afs keyfile operations --------------------------------------- */ @@ -297,7 +297,7 @@ akf_add_entry(krb5_context context, fd = open (d->filename, O_RDWR | O_BINARY); if (fd < 0) { fd = open (d->filename, - O_RDWR | O_BINARY | O_CREAT, 0600); + O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); if (fd < 0) { ret = errno; krb5_set_error_string(context, "open(%s): %s", d->filename, diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 30ebf50..91a28f1 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -194,6 +194,12 @@ krb5_auth_con_genaddrs ( int /*flags*/); krb5_error_code +krb5_auth_con_generatelocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*key*/); + +krb5_error_code krb5_auth_con_getaddrs ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, @@ -806,6 +812,12 @@ krb5_crypto_destroy ( krb5_crypto /*crypto*/); krb5_error_code +krb5_crypto_getblocksize ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t */*blocksize*/); + +krb5_error_code krb5_crypto_init ( krb5_context /*context*/, const krb5_keyblock */*key*/, diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h index c50833e..cb035bc 100644 --- a/crypto/heimdal/lib/krb5/krb5.h +++ b/crypto/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.203 2002/08/22 10:06:20 joda Exp $ */ +/* $Id: krb5.h,v 1.205 2002/09/03 17:31:47 joda Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -99,7 +99,6 @@ enum { ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE, - ENCTYPE_DES3_CBC_NONE_IVEC = ETYPE_DES3_CBC_NONE_IVEC }; typedef PADATA_TYPE krb5_preauthtype; @@ -208,7 +207,8 @@ typedef enum krb5_address_type { enum { AP_OPTS_USE_SESSION_KEY = 1, - AP_OPTS_MUTUAL_REQUIRED = 2 + AP_OPTS_MUTUAL_REQUIRED = 2, + AP_OPTS_USE_SUBKEY = 4 /* library internal */ }; typedef HostAddress krb5_address; diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3 index 750bb75..f82ec7a 100644 --- a/crypto/heimdal/lib/krb5/krb5_appdefault.3 +++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_appdefault.3,v 1.7 2002/08/28 15:30:46 joda Exp $ +.\" $Id: krb5_appdefault.3,v 1.8 2002/09/13 14:49:31 joda Exp $ .Dd July 25, 2000 .Dt KRB5_APPDEFAULT 3 .Os HEIMDAL @@ -19,7 +19,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Ft void .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val" .Sh DESCRIPTION -These functions get application application defaults from the +These functions get application defaults from the .Dv appdefaults section of the .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3 index afc81e8..2afaec5 100644 --- a/crypto/heimdal/lib/krb5/krb5_auth_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_auth_context.3,v 1.4 2002/08/28 14:46:20 joda Exp $ +.\" $Id: krb5_auth_context.3,v 1.5 2002/09/02 12:42:00 joda Exp $ .Dd January 21, 2001 .Dt KRB5_AUTH_CONTEXT 3 .Os HEIMDAL @@ -34,7 +34,7 @@ .Nm krb5_auth_con_setrcache , .Nm krb5_auth_con_initivector , .Nm krb5_auth_con_setivector -.Nd manage authetication on connection level +.Nd manage authentication on connection level .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3 index 6794f5a..a90ab72 100644 --- a/crypto/heimdal/lib/krb5/krb5_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_context.3,v 1.3 2002/08/28 15:30:48 joda Exp $ +.\" $Id: krb5_context.3,v 1.4 2002/09/02 12:42:00 joda Exp $ .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL @@ -10,8 +10,8 @@ The .Nm structure is designed to hold all per thread state. All global -variables that are context specific are stored in this struture, -including default encryption types, credential-cache (ticket file), and +variables that are context specific are stored in this structure, +including default encryption types, credentials-cache (ticket file), and default realms. .Pp The internals of the structure should never be accessed directly, diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3 index e59b0d0..8a1141a 100644 --- a/crypto/heimdal/lib/krb5/krb5_init_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_init_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_init_context.3,v 1.5 2002/08/28 15:30:53 joda Exp $ +.\" $Id: krb5_init_context.3,v 1.6 2002/09/02 12:42:00 joda Exp $ .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL @@ -20,7 +20,7 @@ The .Fn krb5_init_context function initializes the .Fa context -structure and reads the configration file +structure and reads the configuration file .Pa /etc/krb5.conf . .Pp The structure should be freed by calling diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3 index 1491117..285c4e2 100644 --- a/crypto/heimdal/lib/krb5/krb5_parse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_parse_name.3,v 1.5 2002/08/28 15:30:55 joda Exp $ +.\" $Id: krb5_parse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ .Dd August 8, 1997 .Dt KRB5_PARSE_NAME 3 .Os HEIMDAL @@ -14,7 +14,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal" .Sh DESCRIPTION .Fn krb5_parse_name -converts a string representation of a princpal name to +converts a string representation of a principal name to .Nm krb5_principal . The .Fa principal diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 index 0eee63b..e58b911 100644 --- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_unparse_name.3,v 1.5 2002/08/28 15:30:57 joda Exp $ +.\" $Id: krb5_unparse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ .Dd August 8, 1997 .Dt KRB5_UNPARSE_NAME 3 .Os HEIMDAL @@ -18,7 +18,8 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Sh DESCRIPTION This function takes a .Fa principal , -and will convert in to a printable representation with the same syntax as decribed in +and will convert in to a printable representation with the same syntax +as described in .Xr krb5_parse_name 3 . .Fa *name will point to allocated data and should be freed by the caller. diff --git a/crypto/heimdal/lib/krb5/kuserok.c b/crypto/heimdal/lib/krb5/kuserok.c index ae8ddec..17770c1 100644 --- a/crypto/heimdal/lib/krb5/kuserok.c +++ b/crypto/heimdal/lib/krb5/kuserok.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: kuserok.c,v 1.5 1999/12/02 17:05:11 joda Exp $"); +RCSID("$Id: kuserok.c,v 1.6 2002/09/16 17:32:11 nectar Exp $"); /* * Return TRUE iff `principal' is allowed to login as `luser'. @@ -88,9 +88,7 @@ krb5_kuserok (krb5_context context, while (fgets (buf, sizeof(buf), f) != NULL) { krb5_principal tmp; - if(buf[strlen(buf) - 1] == '\n') - buf[strlen(buf) - 1] = '\0'; - + buf[strcspn(buf, "\n")] = '\0'; ret = krb5_parse_name (context, buf, &tmp); if (ret) { fclose (f); diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c index ecdb753..bd7451b 100644 --- a/crypto/heimdal/lib/krb5/log.c +++ b/crypto/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c,v 1.30 2002/08/20 09:49:09 joda Exp $"); +RCSID("$Id: log.c,v 1.31 2002/09/05 14:59:14 joda Exp $"); struct facility { int min; @@ -382,24 +382,33 @@ krb5_vlog_msg(krb5_context context, va_list ap) __attribute__((format (printf, 5, 0))) { - char *msg; - const char *actual; + + char *msg = NULL; + const char *actual = NULL; char buf[64]; - time_t t; + time_t t = 0; int i; - vasprintf(&msg, fmt, ap); - if (msg != NULL) - actual = msg; - else - actual = fmt; - t = time(NULL); - krb5_format_time(context, t, buf, sizeof(buf), TRUE); - for(i = 0; i < fac->len; i++) + for(i = 0; fac && i < fac->len; i++) if(fac->val[i].min <= level && - (fac->val[i].max < 0 || fac->val[i].max >= level)) + (fac->val[i].max < 0 || fac->val[i].max >= level)) { + if(t == 0) { + t = time(NULL); + krb5_format_time(context, t, buf, sizeof(buf), TRUE); + } + if(actual == NULL) { + vasprintf(&msg, fmt, ap); + if(msg == NULL) + actual = fmt; + else + actual = msg; + } (*fac->val[i].log)(buf, actual, fac->val[i].data); - *reply = msg; + } + if(reply == NULL) + free(msg); + else + *reply = msg; return 0; } @@ -411,12 +420,7 @@ krb5_vlog(krb5_context context, va_list ap) __attribute__((format (printf, 4, 0))) { - char *msg; - krb5_error_code ret; - - ret = krb5_vlog_msg(context, fac, &msg, level, fmt, ap); - free(msg); - return ret; + return krb5_vlog_msg(context, fac, NULL, level, fmt, ap); } krb5_error_code diff --git a/crypto/heimdal/lib/krb5/mk_error.c b/crypto/heimdal/lib/krb5/mk_error.c index 249f478..ae9e10a 100644 --- a/crypto/heimdal/lib/krb5/mk_error.c +++ b/crypto/heimdal/lib/krb5/mk_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mk_error.c,v 1.17 2002/03/27 09:29:43 joda Exp $"); +RCSID("$Id: mk_error.c,v 1.18 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_mk_error(krb5_context context, @@ -47,8 +47,6 @@ krb5_mk_error(krb5_context context, krb5_data *reply) { KRB_ERROR msg; - u_char *buf; - size_t buf_size; int32_t sec, usec; size_t len; krb5_error_code ret = 0; @@ -84,45 +82,10 @@ krb5_mk_error(krb5_context context, msg.cname = &client->name; } - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - - do { - ret = encode_KRB_ERROR(buf + buf_size - 1, - buf_size, - &msg, - &len); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - buf = tmp; - } else { - goto out; - } - } - } while (ret == ASN1_OVERFLOW); - - reply->length = len; - reply->data = malloc(len); - if (reply->data == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - memcpy (reply->data, buf + buf_size - len, len); -out: - free (buf); - return ret; + ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret); + if (ret) + return ret; + if(reply->length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + return 0; } diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c index 3f49a41..b89f7e9 100644 --- a/crypto/heimdal/lib/krb5/mk_priv.c +++ b/crypto/heimdal/lib/krb5/mk_priv.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,12 +33,9 @@ #include <krb5_locl.h> -RCSID("$Id: mk_priv.c,v 1.30 2001/06/18 02:44:54 assar Exp $"); - -/* - * - */ +RCSID("$Id: mk_priv.c,v 1.31 2002/09/04 16:26:04 joda Exp $"); + krb5_error_code krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, @@ -83,35 +80,11 @@ krb5_mk_priv(krb5_context context, part.s_address = auth_context->local_address; part.r_address = auth_context->remote_address; - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - krb5_data_zero (&s.enc_part.cipher); - do { - ret = encode_EncKrbPrivPart (buf + buf_size - 1, buf_size, - &part, &len); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } - buf = tmp; - } else { - goto fail; - } - } - } while(ret == ASN1_OVERFLOW); + ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret); + if (ret) + goto fail; s.pvno = 5; s.msg_type = krb_priv; @@ -134,37 +107,21 @@ krb5_mk_priv(krb5_context context, free(buf); return ret; } + free(buf); + - do { - ret = encode_KRB_PRIV (buf + buf_size - 1, buf_size, &s, &len); - - if (ret){ - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } - buf = tmp; - } else { - goto fail; - } - } - } while(ret == ASN1_OVERFLOW); + ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret); + + if(ret) + goto fail; krb5_data_free (&s.enc_part.cipher); - outbuf->length = len; - outbuf->data = malloc (len); - if (outbuf->data == NULL) { + ret = krb5_data_copy(outbuf, buf + buf_size - len, len); + if (ret) { krb5_set_error_string (context, "malloc: out of memory"); free(buf); return ENOMEM; } - memcpy (outbuf->data, buf + buf_size - len, len); free (buf); if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) auth_context->local_seqnumber = diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c index fc6b4f2..b955555 100644 --- a/crypto/heimdal/lib/krb5/mk_rep.c +++ b/crypto/heimdal/lib/krb5/mk_rep.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_rep.c,v 1.19 2001/05/14 06:14:49 assar Exp $"); +RCSID("$Id: mk_rep.c,v 1.20 2002/09/04 16:26:05 joda Exp $"); krb5_error_code krb5_mk_rep(krb5_context context, @@ -72,21 +72,10 @@ krb5_mk_rep(krb5_context context, ap.enc_part.etype = auth_context->keyblock->keytype; ap.enc_part.kvno = NULL; - buf_size = length_EncAPRepPart(&body); - buf = malloc (buf_size); - if (buf == NULL) { - free_EncAPRepPart (&body); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - - ret = krb5_encode_EncAPRepPart (context, - buf + buf_size - 1, - buf_size, - &body, - &len); - + ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); free_EncAPRepPart (&body); + if(ret) + return ret; ret = krb5_crypto_init(context, auth_context->keyblock, 0 /* ap.enc_part.etype */, &crypto); if (ret) { @@ -105,20 +94,7 @@ krb5_mk_rep(krb5_context context, return ret; } - buf_size = length_AP_REP(&ap); - buf = realloc(buf, buf_size); - if(buf == NULL) { - free_AP_REP (&ap); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len); - + ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); free_AP_REP (&ap); - - if(len != buf_size) - krb5_abortx(context, "krb5_mk_rep: encoded length != calculated length"); - outbuf->data = buf; - outbuf->length = len; - return 0; + return ret; } diff --git a/crypto/heimdal/lib/krb5/mk_req_ext.c b/crypto/heimdal/lib/krb5/mk_req_ext.c index 5ab7a1c..aa5e3c4 100644 --- a/crypto/heimdal/lib/krb5/mk_req_ext.c +++ b/crypto/heimdal/lib/krb5/mk_req_ext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_req_ext.c,v 1.25 2001/05/09 07:15:00 assar Exp $"); +RCSID("$Id: mk_req_ext.c,v 1.26 2002/09/02 17:13:52 joda Exp $"); krb5_error_code krb5_mk_req_internal(krb5_context context, @@ -62,6 +62,12 @@ krb5_mk_req_internal(krb5_context context, if(ret) return ret; + if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) { + ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session); + if(ret) + return ret; + } + #if 0 { /* This is somewhat bogus since we're possibly overwriting a diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c index 114aa8e..a839df4 100644 --- a/crypto/heimdal/lib/krb5/mk_safe.c +++ b/crypto/heimdal/lib/krb5/mk_safe.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_safe.c,v 1.27 2001/06/18 02:45:15 assar Exp $"); +RCSID("$Id: mk_safe.c,v 1.28 2002/09/04 16:26:05 joda Exp $"); krb5_error_code krb5_mk_safe(krb5_context context, @@ -48,7 +48,6 @@ krb5_mk_safe(krb5_context context, KerberosTime sec2; int usec2; u_char *buf = NULL; - void *tmp; size_t buf_size; size_t len; u_int32_t tmp_seq; @@ -85,17 +84,11 @@ krb5_mk_safe(krb5_context context, s.cksum.checksum.data = NULL; s.cksum.checksum.length = 0; - buf_size = length_KRB_SAFE(&s); - buf = malloc(buf_size + 128); /* add some for checksum */ - if(buf == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); - if (ret) { - free (buf); + ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret); + if (ret) return ret; - } + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { free (buf); @@ -105,7 +98,7 @@ krb5_mk_safe(krb5_context context, crypto, KRB5_KU_KRB_SAFE_CKSUM, 0, - buf + buf_size - len, + buf, len, &s.cksum); krb5_crypto_destroy(context, crypto); @@ -114,27 +107,16 @@ krb5_mk_safe(krb5_context context, return ret; } - buf_size = length_KRB_SAFE(&s); - tmp = realloc(buf, buf_size); - if(tmp == NULL) { - free(buf); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - buf = tmp; - - ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); + free(buf); + ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret); free_Checksum (&s.cksum); + if(ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); outbuf->length = len; - outbuf->data = malloc (len); - if (outbuf->data == NULL) { - free (buf); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - memcpy (outbuf->data, buf + buf_size - len, len); - free (buf); + outbuf->data = buf; if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) auth_context->local_seqnumber = (auth_context->local_seqnumber + 1) & 0xFFFFFFFF; diff --git a/crypto/heimdal/lib/krb5/name-45-test.c b/crypto/heimdal/lib/krb5/name-45-test.c new file mode 100644 index 0000000..373586e --- /dev/null +++ b/crypto/heimdal/lib/krb5/name-45-test.c @@ -0,0 +1,277 @@ +/* + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" + +RCSID("$Id: name-45-test.c,v 1.2 2002/08/31 03:33:07 assar Exp $"); + +enum { MAX_COMPONENTS = 3 }; + +static struct testcase { + const char *v4_name; + const char *v4_inst; + const char *v4_realm; + + krb5_realm v5_realm; + unsigned ncomponents; + char *comp_val[MAX_COMPONENTS]; + + const char *config_file; + krb5_error_code ret; /* expected error code from 524 */ + + krb5_error_code ret2; /* expected error code from 425 */ +} tests[] = { + {"", "", "", "", 1, {""}, NULL, 0, 0}, + {"a", "", "", "", 1, {"a"}, NULL, 0, 0}, + {"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0}, + {"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0}, + + {"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2, + {"krbtgt", "FOO.SE"}, NULL, 0, 0}, + + {"foo", "bar", "BAZ", "BAZ", 2, + {"foo", "bar"}, NULL, 0, 0}, + {"foo", "bar", "BAZ", "BAZ", 2, + {"foo", "bar"}, + "[libdefaults]\n" + " v4_name_convert = {\n" + " host = {\n" + " foo = foo5\n" + " }\n" + "}\n", + HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"foo", "bar", "BAZ", "BAZ", 2, + {"foo5", "bar.baz"}, + "[realms]\n" + " BAZ = {\n" + " v4_name_convert = {\n" + " host = {\n" + " foo = foo5\n" + " }\n" + " }\n" + " v4_instance_convert = {\n" + " bar = bar.baz\n" + " }\n" + " }\n", + 0, 0}, + + {"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL, + HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"}, + "[realms]\n" + " realm = {\n" + " v4_instance_convert = {\n" + " foo = foo.realm\n" + " }\n" + " }\n", + 0, 0}, + + {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"pop", "mail0.nada.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"pop", "mail0.nada.kth.se"}, + "[realms]\n" + " NADA.KTH.SE = {\n" + " default_domain = nada.kth.se\n" + " }\n", + 0, 0}, + {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"pop", "mail0.nada.kth.se"}, + "[libdefaults]\n" + " v4_instance_resolve = true\n", + HEIM_ERR_V4_PRINC_NO_CONV, 0}, + + {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "ratatosk.pdc.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "ratatosk.pdc.kth.se"}, + "[libdefaults]\n" + " v4_instance_resolve = true\n" + "[realms]\n" + " NADA.KTH.SE = {\n" + " v4_name_convert = {\n" + " host = {\n" + " rcmd = host\n" + " }\n" + " }\n" + " default_domain = pdc.kth.se\n" + " }\n", + 0, 0}, + + {"0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789", + 2, {"0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789"}, NULL, + 0, KRB5_PARSE_MALFORMED}, + + {"012345678901234567890123456789012345678", + "012345678901234567890123456789012345678", + "012345678901234567890123456789012345678", + "012345678901234567890123456789012345678", + 2, {"012345678901234567890123456789012345678", + "012345678901234567890123456789012345678"}, NULL, + 0, 0}, + + {NULL, NULL, NULL, NULL, 0, {}, NULL, 0} +}; + +int +main(int argc, char **argv) +{ + struct testcase *t; + krb5_context context; + krb5_error_code ret; + int val = 0; + + for (t = tests; t->v4_name; ++t) { + krb5_principal princ; + int i; + char name[40], inst[40], realm[40]; + char printable_princ[256]; + + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + if (t->config_file != NULL) { + char template[] = "/tmp/krb5-conf-XXXXXX"; + int fd = mkstemp(template); + char *files[2]; + + if (fd < 0) + krb5_err (context, 1, errno, "mkstemp %s", template); + + if (write (fd, t->config_file, strlen(t->config_file)) + != strlen(t->config_file)) + krb5_err (context, 1, errno, "write %s", template); + close (fd); + files[0] = template; + files[1] = NULL; + + ret = krb5_set_config_files (context, files); + unlink (template); + if (ret) + krb5_err (context, 1, ret, "krb5_set_config_files"); + } + + ret = krb5_425_conv_principal (context, + t->v4_name, + t->v4_inst, + t->v4_realm, + &princ); + if (ret) { + if (ret != t->ret) { + krb5_warn (context, ret, + "krb5_425_conv_principal %s.%s@%s", + t->v4_name, t->v4_inst, t->v4_realm); + val = 1; + } + } else { + if (t->ret) { + krb5_warnx (context, + "krb5_425_conv_principal %s.%s@%s " + "passed unexpected", + t->v4_name, t->v4_inst, t->v4_realm); + val = 1; + continue; + } + } + + if (ret) + continue; + + if (strcmp (t->v5_realm, princ->realm) != 0) { + printf ("wrong realm (\"%s\" should be \"%s\")" + " for \"%s.%s@%s\"\n", + princ->realm, t->v5_realm, + t->v4_name, + t->v4_inst, + t->v4_realm); + val = 1; + } + + if (t->ncomponents != princ->name.name_string.len) { + printf ("wrong number of components (%u should be %u)" + " for \"%s.%s@%s\"\n", + princ->name.name_string.len, t->ncomponents, + t->v4_name, + t->v4_inst, + t->v4_realm); + val = 1; + } else { + for (i = 0; i < t->ncomponents; ++i) { + if (strcmp(t->comp_val[i], + princ->name.name_string.val[i]) != 0) { + printf ("bad component %d (\"%s\" should be \"%s\")" + " for \"%s.%s@%s\"\n", + i, + princ->name.name_string.val[i], + t->comp_val[i], + t->v4_name, + t->v4_inst, + t->v4_realm); + val = 1; + } + } + } + ret = krb5_524_conv_principal (context, princ, + name, inst, realm); + if (krb5_unparse_name_fixed(context, princ, + printable_princ, sizeof(printable_princ))) + strlcpy(printable_princ, "unknown principal", + sizeof(printable_princ)); + if (ret) { + if (ret != t->ret2) { + krb5_warn (context, ret, + "krb5_524_conv_principal %s", printable_princ); + val = 1; + } + } else { + if (t->ret2) { + krb5_warnx (context, + "krb5_524_conv_principal %s " + "passed unexpected", printable_princ); + val = 1; + continue; + } + } + if (ret) { + krb5_free_principal (context, princ); + continue; + } + + krb5_free_principal (context, princ); + } + return val; +} diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c index 4b9c573..4aea3a4 100644 --- a/crypto/heimdal/lib/krb5/prompter_posix.c +++ b/crypto/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c,v 1.6 2001/05/11 20:26:49 assar Exp $"); +RCSID("$Id: prompter_posix.c,v 1.7 2002/09/16 17:32:11 nectar Exp $"); int krb5_prompter_posix (krb5_context context, @@ -65,8 +65,7 @@ krb5_prompter_posix (krb5_context context, prompts[i].reply->length, stdin) == NULL) return 1; - if(s[strlen(s) - 1] == '\n') - s[strlen(s) - 1] = '\0'; + s[strcspn(s, "\n")] = '\0'; } } return 0; diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c index 401770b..4a7d74c 100644 --- a/crypto/heimdal/lib/krb5/rd_cred.c +++ b/crypto/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_cred.c,v 1.17 2002/08/09 17:07:12 joda Exp $"); +RCSID("$Id: rd_cred.c,v 1.18 2002/09/04 16:26:05 joda Exp $"); krb5_error_code krb5_rd_cred(krb5_context context, @@ -214,7 +214,6 @@ krb5_rd_cred(krb5_context context, for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) { KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i]; krb5_creds *creds; - u_char buf[1024]; size_t len; creds = calloc(1, sizeof(*creds)); @@ -224,12 +223,12 @@ krb5_rd_cred(krb5_context context, goto out; } - ret = encode_Ticket (buf + sizeof(buf) - 1, sizeof(buf), - &cred.tickets.val[i], - &len); + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + &cred.tickets.val[i], &len, ret); if (ret) goto out; - krb5_data_copy (&creds->ticket, buf + sizeof(buf) - len, len); + if(creds->ticket.length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); copy_EncryptionKey (&kci->key, &creds->session); if (kci->prealm && kci->pname) principalname2krb5_principal (&creds->client, diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c index 71271c6..bbba237 100644 --- a/crypto/heimdal/lib/krb5/rd_safe.c +++ b/crypto/heimdal/lib/krb5/rd_safe.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_safe.c,v 1.26 2002/02/14 12:47:47 joda Exp $"); +RCSID("$Id: rd_safe.c,v 1.27 2002/09/04 16:26:05 joda Exp $"); static krb5_error_code verify_checksum(krb5_context context, @@ -53,19 +53,11 @@ verify_checksum(krb5_context context, safe->cksum.checksum.data = NULL; safe->cksum.checksum.length = 0; - buf_size = length_KRB_SAFE(safe); - buf = malloc(buf_size); - - if (buf == NULL) { - ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); - goto out; - } - - ret = encode_KRB_SAFE (buf + buf_size - 1, - buf_size, - safe, - &len); + ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret); + if(ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); if (auth_context->remote_subkey) key = auth_context->remote_subkey; diff --git a/crypto/heimdal/lib/krb5/sendauth.c b/crypto/heimdal/lib/krb5/sendauth.c index 8f2c544..c2889ee 100644 --- a/crypto/heimdal/lib/krb5/sendauth.c +++ b/crypto/heimdal/lib/krb5/sendauth.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: sendauth.c,v 1.18 2001/05/14 06:14:51 assar Exp $"); +RCSID("$Id: sendauth.c,v 1.19 2002/09/04 21:34:43 joda Exp $"); /* * The format seems to be: @@ -86,6 +86,7 @@ krb5_sendauth(krb5_context context, krb5_principal this_client = NULL; krb5_creds *creds; ssize_t sret; + krb5_boolean my_ccache = FALSE; len = strlen(version) + 1; net_len = htonl(len); @@ -125,12 +126,16 @@ krb5_sendauth(krb5_context context, ret = krb5_cc_default (context, &ccache); if (ret) return ret; + my_ccache = TRUE; } if (client == NULL) { ret = krb5_cc_get_principal (context, ccache, &this_client); - if (ret) + if (ret) { + if(my_ccache) + krb5_cc_close(context, ccache); return ret; + } client = this_client; } memset(&this_cred, 0, sizeof(this_cred)); @@ -142,11 +147,16 @@ krb5_sendauth(krb5_context context, } if (in_creds->ticket.length == 0) { ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds); - if (ret) + if (ret) { + if(my_ccache) + krb5_cc_close(context, ccache); return ret; + } } else { creds = in_creds; } + if(my_ccache) + krb5_cc_close(context, ccache); ret = krb5_mk_req_extended (context, auth_context, ap_req_options, diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index dbe6c80..b587c63 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.8 2001/05/14 06:14:52 assar Exp $"); +RCSID("$Id: transited.c,v 1.9 2002/09/09 14:03:03 nectar Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -318,8 +318,9 @@ krb5_domain_x500_decode(krb5_context context, if(ret) return ret; - /* remove empty components */ + /* remove empty components and count realms */ q = &r; + *num_realms = 0; for(p = r; p; ){ if(p->realm[0] == '\0'){ free(p->realm); @@ -329,22 +330,20 @@ krb5_domain_x500_decode(krb5_context context, }else{ q = &p->next; p = p->next; + (*num_realms)++; } } + if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms)) + return ERANGE; + { char **R; - *realms = NULL; - *num_realms = 0; + R = malloc((*num_realms + 1) * sizeof(*R)); + if (R == NULL) + return ENOMEM; + *realms = R; while(r){ - R = realloc(*realms, (*num_realms + 1) * sizeof(**realms)); - if(R == NULL) { - free(*realms); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - R[*num_realms] = r->realm; - (*num_realms)++; - *realms = R; + *R++ = r->realm; p = r->next; free(r); r = p; diff --git a/crypto/heimdal/lib/roken/ChangeLog b/crypto/heimdal/lib/roken/ChangeLog index 9f209a8..6097a89 100644 --- a/crypto/heimdal/lib/roken/ChangeLog +++ b/crypto/heimdal/lib/roken/ChangeLog @@ -1,3 +1,45 @@ +2002-09-10 Johan Danielsson <joda@pdc.kth.se> + + * roken.awk: include config.h before stdio.h (breaks with + _FILE_OFFSET_BITS on solaris otherwise) + +2002-09-09 Johan Danielsson <joda@pdc.kth.se> + + * resolve.c: fix res_nsearch call, but don't use it for now, AIX5 + has a broken version that trashes memory + + * roken-common.h: fix typo in previous + + * roken-common.h: change IRIX == 4 to IRIX4 + +2002-09-04 Assar Westerlund <assar@kth.se> + + * getifaddrs.c: remove some warnings from the linux-portion + + * getnameinfo_verified.c (getnameinfo_verified): handle the case + of forward but no backward DNS information, and also describe the + desired behaviour. from Love <lha@stacken.kth.se> + +2002-09-04 Johan Danielsson <joda@pdc.kth.se> + + * rtbl.c (rtbl_destroy): free whole table + + * resolve.c: use res_nsearch if we have it (from Larry Greenfield) + +2002-09-03 Assar Westerlund <assar@kth.se> + + * getifaddrs.c: add Linux AF_NETLINK getifaddrs from Hideaki + YOSHIFUJI of the Usagi project + + * parse_reply-test.c: make this build and return 77 if there is no + mmap + + * Makefile.am (parse_reply-test): add + * parse_reply-test.c: add a test case for parse_reply reading past + the given buffer + * resolve.c (parse_reply): update the arguments to more reasonable + types. allow parse_reply-test to call it + 2002-08-28 Johan Danielsson <joda@pdc.kth.se> * resolve.c (dns_srv_order): do alignment tricks with the random() diff --git a/crypto/heimdal/lib/roken/Makefile.am b/crypto/heimdal/lib/roken/Makefile.am index 13121ad..a1dc45d 100644 --- a/crypto/heimdal/lib/roken/Makefile.am +++ b/crypto/heimdal/lib/roken/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.120 2002/05/31 02:44:37 assar Exp $ +# $Id: Makefile.am,v 1.122 2002/09/09 19:17:01 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -7,7 +7,7 @@ ACLOCAL_AMFLAGS = -I ../../cf CLEANFILES = roken.h make-roken.c $(XHEADERS) lib_LTLIBRARIES = libroken.la -libroken_la_LDFLAGS = -version-info 16:0:7 +libroken_la_LDFLAGS = -version-info 16:0:0 noinst_PROGRAMS = make-roken snprintf-test @@ -17,6 +17,7 @@ check_PROGRAMS = \ base64-test \ getaddrinfo-test \ parse_bytes-test \ + parse_reply-test \ snprintf-test \ strpftime-test @@ -29,6 +30,9 @@ noinst_LTLIBRARIES = libtest.la libtest_la_SOURCES = strftime.c strptime.c snprintf.c libtest_la_CFLAGS = -DTEST_SNPRINTF +parse_reply_test_SOURCES = parse_reply-test.c resolve.c +parse_reply_test_CFLAGS = -DTEST_RESOLVE + strpftime_test_SOURCES = strpftime-test.c strpftime_test_LDADD = libtest.la $(LDADD) snprintf_test_SOURCES = snprintf-test.c diff --git a/crypto/heimdal/lib/roken/Makefile.in b/crypto/heimdal/lib/roken/Makefile.in index 7969334..730821f 100644 --- a/crypto/heimdal/lib/roken/Makefile.in +++ b/crypto/heimdal/lib/roken/Makefile.in @@ -14,7 +14,7 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.120 2002/05/31 02:44:37 assar Exp $ +# $Id: Makefile.am,v 1.122 2002/09/09 19:17:01 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ @@ -207,7 +207,7 @@ ACLOCAL_AMFLAGS = -I ../../cf CLEANFILES = roken.h make-roken.c $(XHEADERS) lib_LTLIBRARIES = libroken.la -libroken_la_LDFLAGS = -version-info 16:0:7 +libroken_la_LDFLAGS = -version-info 16:0:0 noinst_PROGRAMS = make-roken snprintf-test @@ -217,6 +217,7 @@ check_PROGRAMS = \ base64-test \ getaddrinfo-test \ parse_bytes-test \ + parse_reply-test \ snprintf-test \ strpftime-test @@ -230,6 +231,9 @@ noinst_LTLIBRARIES = libtest.la libtest_la_SOURCES = strftime.c strptime.c snprintf.c libtest_la_CFLAGS = -DTEST_SNPRINTF +parse_reply_test_SOURCES = parse_reply-test.c resolve.c +parse_reply_test_CFLAGS = -DTEST_RESOLVE + strpftime_test_SOURCES = strpftime-test.c strpftime_test_LDADD = libtest.la $(LDADD) snprintf_test_SOURCES = snprintf-test.c @@ -422,8 +426,8 @@ am_libtest_la_OBJECTS = libtest_la-strftime.lo libtest_la-strptime.lo \ libtest_la-snprintf.lo libtest_la_OBJECTS = $(am_libtest_la_OBJECTS) check_PROGRAMS = base64-test$(EXEEXT) getaddrinfo-test$(EXEEXT) \ - parse_bytes-test$(EXEEXT) snprintf-test$(EXEEXT) \ - strpftime-test$(EXEEXT) + parse_bytes-test$(EXEEXT) parse_reply-test$(EXEEXT) \ + snprintf-test$(EXEEXT) strpftime-test$(EXEEXT) noinst_PROGRAMS = make-roken$(EXEEXT) snprintf-test$(EXEEXT) PROGRAMS = $(noinst_PROGRAMS) @@ -446,6 +450,13 @@ parse_bytes_test_OBJECTS = parse_bytes-test.$(OBJEXT) parse_bytes_test_LDADD = $(LDADD) parse_bytes_test_DEPENDENCIES = libroken.la parse_bytes_test_LDFLAGS = +am_parse_reply_test_OBJECTS = \ + parse_reply_test-parse_reply-test.$(OBJEXT) \ + parse_reply_test-resolve.$(OBJEXT) +parse_reply_test_OBJECTS = $(am_parse_reply_test_OBJECTS) +parse_reply_test_LDADD = $(LDADD) +parse_reply_test_DEPENDENCIES = libroken.la +parse_reply_test_LDFLAGS = am_snprintf_test_OBJECTS = snprintf_test-snprintf-test.$(OBJEXT) snprintf_test_OBJECTS = $(am_snprintf_test_OBJECTS) snprintf_test_DEPENDENCIES = libtest.la libroken.la @@ -472,15 +483,15 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ CFLAGS = @CFLAGS@ DIST_SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) \ $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c \ - parse_bytes-test.c $(snprintf_test_SOURCES) \ - $(strpftime_test_SOURCES) + parse_bytes-test.c $(parse_reply_test_SOURCES) \ + $(snprintf_test_SOURCES) $(strpftime_test_SOURCES) MANS = $(man_MANS) HEADERS = $(include_HEADERS) $(nodist_include_HEADERS) DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in \ acinclude.m4 freeaddrinfo.c getaddrinfo.c getcap.c \ getnameinfo.c glob.c install-sh missing mkinstalldirs -SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c $(snprintf_test_SOURCES) $(strpftime_test_SOURCES) +SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c $(parse_reply_test_SOURCES) $(snprintf_test_SOURCES) $(strpftime_test_SOURCES) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am @@ -562,6 +573,11 @@ make-roken$(EXEEXT): $(make_roken_OBJECTS) $(make_roken_DEPENDENCIES) parse_bytes-test$(EXEEXT): $(parse_bytes_test_OBJECTS) $(parse_bytes_test_DEPENDENCIES) @rm -f parse_bytes-test$(EXEEXT) $(LINK) $(parse_bytes_test_LDFLAGS) $(parse_bytes_test_OBJECTS) $(parse_bytes_test_LDADD) $(LIBS) +parse_reply_test-parse_reply-test.$(OBJEXT): parse_reply-test.c +parse_reply_test-resolve.$(OBJEXT): resolve.c +parse_reply-test$(EXEEXT): $(parse_reply_test_OBJECTS) $(parse_reply_test_DEPENDENCIES) + @rm -f parse_reply-test$(EXEEXT) + $(LINK) $(parse_reply_test_LDFLAGS) $(parse_reply_test_OBJECTS) $(parse_reply_test_LDADD) $(LIBS) snprintf_test-snprintf-test.$(OBJEXT): snprintf-test.c snprintf-test$(EXEEXT): $(snprintf_test_OBJECTS) $(snprintf_test_DEPENDENCIES) @rm -f snprintf-test$(EXEEXT) @@ -612,6 +628,24 @@ libtest_la-snprintf.obj: snprintf.c libtest_la-snprintf.lo: snprintf.c $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c +parse_reply_test-parse_reply-test.o: parse_reply-test.c + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.o `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c + +parse_reply_test-parse_reply-test.obj: parse_reply-test.c + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.obj `cygpath -w parse_reply-test.c` + +parse_reply_test-parse_reply-test.lo: parse_reply-test.c + $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.lo `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c + +parse_reply_test-resolve.o: resolve.c + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.o `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c + +parse_reply_test-resolve.obj: resolve.c + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.obj `cygpath -w resolve.c` + +parse_reply_test-resolve.lo: resolve.c + $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.lo `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c + snprintf_test-snprintf-test.o: snprintf-test.c $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c diff --git a/crypto/heimdal/lib/roken/getifaddrs.c b/crypto/heimdal/lib/roken/getifaddrs.c index d8cf1eb..e8c53f8 100644 --- a/crypto/heimdal/lib/roken/getifaddrs.c +++ b/crypto/heimdal/lib/roken/getifaddrs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: getifaddrs.c,v 1.7 2001/11/30 03:27:30 assar Exp $"); +RCSID("$Id: getifaddrs.c,v 1.9 2002/09/05 03:36:23 assar Exp $"); #endif #include "roken.h" @@ -56,6 +56,782 @@ struct mbuf; #include <ifaddrs.h> +#ifdef AF_NETLINK + +/* + * The linux - AF_NETLINK version of getifaddrs - from Usagi. + * Linux does not return v6 addresses from SIOCGIFCONF. + */ + +/* $USAGI: ifaddrs.c,v 1.18 2002/03/06 01:50:46 yoshfuji Exp $ */ + +/************************************************************************** + * ifaddrs.c + * Copyright (C)2000 Hideaki YOSHIFUJI, All Rights Reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the author nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#include <string.h> +#include <time.h> +#include <malloc.h> +#include <errno.h> +#include <unistd.h> + +#include <sys/socket.h> +#include <asm/types.h> +#include <linux/netlink.h> +#include <linux/rtnetlink.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netpacket/packet.h> +#include <net/ethernet.h> /* the L2 protocols */ +#include <sys/uio.h> +#include <net/if.h> +#include <net/if_arp.h> +#include <ifaddrs.h> +#include <netinet/in.h> + +#define __set_errno(e) (errno = (e)) +#define __close(fd) (close(fd)) +#undef ifa_broadaddr +#define ifa_broadaddr ifa_dstaddr +#define IFA_NETMASK + +/* ====================================================================== */ +struct nlmsg_list{ + struct nlmsg_list *nlm_next; + struct nlmsghdr *nlh; + int size; + time_t seq; +}; + +struct rtmaddr_ifamap { + void *address; + void *local; +#ifdef IFA_NETMASK + void *netmask; +#endif + void *broadcast; +#ifdef HAVE_IFADDRS_IFA_ANYCAST + void *anycast; +#endif + int address_len; + int local_len; +#ifdef IFA_NETMASK + int netmask_len; +#endif + int broadcast_len; +#ifdef HAVE_IFADDRS_IFA_ANYCAST + int anycast_len; +#endif +}; + +/* ====================================================================== */ +static size_t +ifa_sa_len(sa_family_t family, int len) +{ + size_t size; + switch(family){ + case AF_INET: + size = sizeof(struct sockaddr_in); + break; + case AF_INET6: + size = sizeof(struct sockaddr_in6); + break; + case AF_PACKET: + size = (size_t)(((struct sockaddr_ll *)NULL)->sll_addr) + len; + if (size < sizeof(struct sockaddr_ll)) + size = sizeof(struct sockaddr_ll); + break; + default: + size = (size_t)(((struct sockaddr *)NULL)->sa_data) + len; + if (size < sizeof(struct sockaddr)) + size = sizeof(struct sockaddr); + } + return size; +} + +static void +ifa_make_sockaddr(sa_family_t family, + struct sockaddr *sa, + void *p, size_t len, + uint32_t scope, uint32_t scopeid) +{ + if (sa == NULL) return; + switch(family){ + case AF_INET: + memcpy(&((struct sockaddr_in*)sa)->sin_addr, (char *)p, len); + break; + case AF_INET6: + memcpy(&((struct sockaddr_in6*)sa)->sin6_addr, (char *)p, len); + if (IN6_IS_ADDR_LINKLOCAL(p) || + IN6_IS_ADDR_MC_LINKLOCAL(p)){ + ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid; + } + break; + case AF_PACKET: + memcpy(((struct sockaddr_ll*)sa)->sll_addr, (char *)p, len); + ((struct sockaddr_ll*)sa)->sll_halen = len; + break; + default: + memcpy(sa->sa_data, p, len); /*XXX*/ + break; + } + sa->sa_family = family; +#ifdef HAVE_SOCKADDR_SA_LEN + sa->sa_len = ifa_sa_len(family, len); +#endif +} + +#ifndef IFA_NETMASK +static struct sockaddr * +ifa_make_sockaddr_mask(sa_family_t family, + struct sockaddr *sa, + uint32_t prefixlen) +{ + int i; + char *p = NULL, c; + uint32_t max_prefixlen = 0; + + if (sa == NULL) return NULL; + switch(family){ + case AF_INET: + memset(&((struct sockaddr_in*)sa)->sin_addr, 0, sizeof(((struct sockaddr_in*)sa)->sin_addr)); + p = (char *)&((struct sockaddr_in*)sa)->sin_addr; + max_prefixlen = 32; + break; + case AF_INET6: + memset(&((struct sockaddr_in6*)sa)->sin6_addr, 0, sizeof(((struct sockaddr_in6*)sa)->sin6_addr)); + p = (char *)&((struct sockaddr_in6*)sa)->sin6_addr; +#if 0 /* XXX: fill scope-id? */ + if (IN6_IS_ADDR_LINKLOCAL(p) || + IN6_IS_ADDR_MC_LINKLOCAL(p)){ + ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid; + } +#endif + max_prefixlen = 128; + break; + default: + return NULL; + } + sa->sa_family = family; +#ifdef HAVE_SOCKADDR_SA_LEN + sa->sa_len = ifa_sa_len(family, len); +#endif + if (p){ + if (prefixlen > max_prefixlen) + prefixlen = max_prefixlen; + for (i=0; i<(prefixlen / 8); i++) + *p++ = 0xff; + c = 0xff; + c <<= (8 - (prefixlen % 8)); + *p = c; + } + return sa; +} +#endif + +/* ====================================================================== */ +static int +nl_sendreq(int sd, int request, int flags, int *seq) +{ + char reqbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) + + NLMSG_ALIGN(sizeof(struct rtgenmsg))]; + struct sockaddr_nl nladdr; + struct nlmsghdr *req_hdr; + struct rtgenmsg *req_msg; + time_t t = time(NULL); + + if (seq) *seq = t; + memset(&reqbuf, 0, sizeof(reqbuf)); + req_hdr = (struct nlmsghdr *)reqbuf; + req_msg = (struct rtgenmsg *)NLMSG_DATA(req_hdr); + req_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*req_msg)); + req_hdr->nlmsg_type = request; + req_hdr->nlmsg_flags = flags | NLM_F_REQUEST; + req_hdr->nlmsg_pid = 0; + req_hdr->nlmsg_seq = t; + req_msg->rtgen_family = AF_UNSPEC; + memset(&nladdr, 0, sizeof(nladdr)); + nladdr.nl_family = AF_NETLINK; + return (sendto(sd, (void *)req_hdr, req_hdr->nlmsg_len, 0, + (struct sockaddr *)&nladdr, sizeof(nladdr))); +} + +static int +nl_recvmsg(int sd, int request, int seq, + void *buf, size_t buflen, + int *flags) +{ + struct msghdr msg; + struct iovec iov = { buf, buflen }; + struct sockaddr_nl nladdr; + int read_len; + + for (;;){ + msg.msg_name = (void *)&nladdr; + msg.msg_namelen = sizeof(nladdr); + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_flags = 0; + read_len = recvmsg(sd, &msg, 0); + if ((read_len < 0 && errno == EINTR) || (msg.msg_flags & MSG_TRUNC)) + continue; + if (flags) *flags = msg.msg_flags; + break; + } + return read_len; +} + +static int +nl_getmsg(int sd, int request, int seq, + struct nlmsghdr **nlhp, + int *done) +{ + struct nlmsghdr *nh; + size_t bufsize = 65536, lastbufsize = 0; + void *buff = NULL; + int result = 0, read_size; + int msg_flags; + pid_t pid = getpid(); + for (;;){ + void *newbuff = realloc(buff, bufsize); + if (newbuff == NULL || bufsize < lastbufsize) { + result = -1; + break; + } + buff = newbuff; + result = read_size = nl_recvmsg(sd, request, seq, buff, bufsize, &msg_flags); + if (read_size < 0 || (msg_flags & MSG_TRUNC)){ + lastbufsize = bufsize; + bufsize *= 2; + continue; + } + if (read_size == 0) break; + nh = (struct nlmsghdr *)buff; + for (nh = (struct nlmsghdr *)buff; + NLMSG_OK(nh, read_size); + nh = (struct nlmsghdr *)NLMSG_NEXT(nh, read_size)){ + if (nh->nlmsg_pid != pid || + nh->nlmsg_seq != seq) + continue; + if (nh->nlmsg_type == NLMSG_DONE){ + (*done)++; + break; /* ok */ + } + if (nh->nlmsg_type == NLMSG_ERROR){ + struct nlmsgerr *nlerr = (struct nlmsgerr *)NLMSG_DATA(nh); + result = -1; + if (nh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) + __set_errno(EIO); + else + __set_errno(-nlerr->error); + break; + } + } + break; + } + if (result < 0) + if (buff){ + int saved_errno = errno; + free(buff); + __set_errno(saved_errno); + } + *nlhp = (struct nlmsghdr *)buff; + return result; +} + +static int +nl_getlist(int sd, int seq, + int request, + struct nlmsg_list **nlm_list, + struct nlmsg_list **nlm_end) +{ + struct nlmsghdr *nlh = NULL; + int status; + int done = 0; + + status = nl_sendreq(sd, request, NLM_F_ROOT|NLM_F_MATCH, &seq); + if (status < 0) + return status; + if (seq == 0) + seq = (int)time(NULL); + while(!done){ + status = nl_getmsg(sd, request, seq, &nlh, &done); + if (status < 0) + return status; + if (nlh){ + struct nlmsg_list *nlm_next = (struct nlmsg_list *)malloc(sizeof(struct nlmsg_list)); + if (nlm_next == NULL){ + int saved_errno = errno; + free(nlh); + __set_errno(saved_errno); + status = -1; + } else { + nlm_next->nlm_next = NULL; + nlm_next->nlh = (struct nlmsghdr *)nlh; + nlm_next->size = status; + nlm_next->seq = seq; + if (*nlm_list == NULL){ + *nlm_list = nlm_next; + *nlm_end = nlm_next; + } else { + (*nlm_end)->nlm_next = nlm_next; + *nlm_end = nlm_next; + } + } + } + } + return status >= 0 ? seq : status; +} + +/* ---------------------------------------------------------------------- */ +static void +free_nlmsglist(struct nlmsg_list *nlm0) +{ + struct nlmsg_list *nlm; + int saved_errno; + if (!nlm0) + return; + saved_errno = errno; + for (nlm=nlm0; nlm; nlm=nlm->nlm_next){ + if (nlm->nlh) + free(nlm->nlh); + } + free(nlm0); + __set_errno(saved_errno); +} + +static void +free_data(void *data, void *ifdata) +{ + int saved_errno = errno; + if (data != NULL) free(data); + if (ifdata != NULL) free(ifdata); + __set_errno(saved_errno); +} + +/* ---------------------------------------------------------------------- */ +static void +nl_close(int sd) +{ + int saved_errno = errno; + if (sd >= 0) __close(sd); + __set_errno(saved_errno); +} + +/* ---------------------------------------------------------------------- */ +static int +nl_open(void) +{ + struct sockaddr_nl nladdr; + int sd; + + sd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (sd < 0) return -1; + memset(&nladdr, 0, sizeof(nladdr)); + nladdr.nl_family = AF_NETLINK; + if (bind(sd, (struct sockaddr*)&nladdr, sizeof(nladdr)) < 0){ + nl_close(sd); + return -1; + } + return sd; +} + +/* ====================================================================== */ +int getifaddrs(struct ifaddrs **ifap) +{ + int sd; + struct nlmsg_list *nlmsg_list, *nlmsg_end, *nlm; + /* - - - - - - - - - - - - - - - */ + int icnt; + size_t dlen, xlen, nlen; + uint32_t max_ifindex = 0; + + pid_t pid = getpid(); + int seq; + int result; + int build ; /* 0 or 1 */ + +/* ---------------------------------- */ + /* initialize */ + icnt = dlen = xlen = nlen = 0; + nlmsg_list = nlmsg_end = NULL; + + if (ifap) + *ifap = NULL; + +/* ---------------------------------- */ + /* open socket and bind */ + sd = nl_open(); + if (sd < 0) + return -1; + +/* ---------------------------------- */ + /* gather info */ + if ((seq = nl_getlist(sd, 0, RTM_GETLINK, + &nlmsg_list, &nlmsg_end)) < 0){ + free_nlmsglist(nlmsg_list); + nl_close(sd); + return -1; + } + if ((seq = nl_getlist(sd, seq+1, RTM_GETADDR, + &nlmsg_list, &nlmsg_end)) < 0){ + free_nlmsglist(nlmsg_list); + nl_close(sd); + return -1; + } + +/* ---------------------------------- */ + /* Estimate size of result buffer and fill it */ + for (build=0; build<=1; build++){ + struct ifaddrs *ifl = NULL, *ifa = NULL; + struct nlmsghdr *nlh, *nlh0; + char *data = NULL, *xdata = NULL; + void *ifdata = NULL; + char *ifname = NULL, **iflist = NULL; + uint16_t *ifflist = NULL; + struct rtmaddr_ifamap ifamap; + + if (build){ + data = calloc(1, + NLMSG_ALIGN(sizeof(struct ifaddrs[icnt])) + + dlen + xlen + nlen); + ifa = (struct ifaddrs *)data; + ifdata = calloc(1, + NLMSG_ALIGN(sizeof(char *[max_ifindex+1])) + + NLMSG_ALIGN(sizeof(uint16_t [max_ifindex+1]))); + if (ifap != NULL) + *ifap = (ifdata != NULL) ? ifa : NULL; + else{ + free_data(data, ifdata); + result = 0; + break; + } + if (data == NULL || ifdata == NULL){ + free_data(data, ifdata); + result = -1; + break; + } + ifl = NULL; + data += NLMSG_ALIGN(sizeof(struct ifaddrs)) * icnt; + xdata = data + dlen; + ifname = xdata + xlen; + iflist = ifdata; + ifflist = (uint16_t *)(((char *)iflist) + NLMSG_ALIGN(sizeof(char *[max_ifindex+1]))); + } + + for (nlm=nlmsg_list; nlm; nlm=nlm->nlm_next){ + int nlmlen = nlm->size; + if (!(nlh0 = nlm->nlh)) + continue; + for (nlh = nlh0; + NLMSG_OK(nlh, nlmlen); + nlh=NLMSG_NEXT(nlh,nlmlen)){ + struct ifinfomsg *ifim = NULL; + struct ifaddrmsg *ifam = NULL; + struct rtattr *rta; + + size_t nlm_struct_size = 0; + sa_family_t nlm_family = 0; + uint32_t nlm_scope = 0, nlm_index = 0; + size_t sockaddr_size = 0; + uint32_t nlm_prefixlen = 0; + size_t rtasize; + + memset(&ifamap, 0, sizeof(ifamap)); + + /* check if the message is what we want */ + if (nlh->nlmsg_pid != pid || + nlh->nlmsg_seq != nlm->seq) + continue; + if (nlh->nlmsg_type == NLMSG_DONE){ + break; /* ok */ + } + switch (nlh->nlmsg_type){ + case RTM_NEWLINK: + ifim = (struct ifinfomsg *)NLMSG_DATA(nlh); + nlm_struct_size = sizeof(*ifim); + nlm_family = ifim->ifi_family; + nlm_scope = 0; + nlm_index = ifim->ifi_index; + nlm_prefixlen = 0; + if (build) + ifflist[nlm_index] = ifa->ifa_flags = ifim->ifi_flags; + break; + case RTM_NEWADDR: + ifam = (struct ifaddrmsg *)NLMSG_DATA(nlh); + nlm_struct_size = sizeof(*ifam); + nlm_family = ifam->ifa_family; + nlm_scope = ifam->ifa_scope; + nlm_index = ifam->ifa_index; + nlm_prefixlen = ifam->ifa_prefixlen; + if (build) + ifa->ifa_flags = ifflist[nlm_index]; + break; + default: + continue; + } + + if (!build){ + if (max_ifindex < nlm_index) + max_ifindex = nlm_index; + } else { + if (ifl != NULL) + ifl->ifa_next = ifa; + } + + rtasize = NLMSG_PAYLOAD(nlh, nlmlen) - NLMSG_ALIGN(nlm_struct_size); + for (rta = (struct rtattr *)(((char *)NLMSG_DATA(nlh)) + NLMSG_ALIGN(nlm_struct_size)); + RTA_OK(rta, rtasize); + rta = RTA_NEXT(rta, rtasize)){ + struct sockaddr **sap = NULL; + void *rtadata = RTA_DATA(rta); + size_t rtapayload = RTA_PAYLOAD(rta); + socklen_t sa_len; + + switch(nlh->nlmsg_type){ + case RTM_NEWLINK: + switch(rta->rta_type){ + case IFLA_ADDRESS: + case IFLA_BROADCAST: + if (build){ + sap = (rta->rta_type == IFLA_ADDRESS) ? &ifa->ifa_addr : &ifa->ifa_broadaddr; + *sap = (struct sockaddr *)data; + } + sa_len = ifa_sa_len(AF_PACKET, rtapayload); + if (rta->rta_type == IFLA_ADDRESS) + sockaddr_size = NLMSG_ALIGN(sa_len); + if (!build){ + dlen += NLMSG_ALIGN(sa_len); + } else { + memset(*sap, 0, sa_len); + ifa_make_sockaddr(AF_PACKET, *sap, rtadata,rtapayload, 0,0); + ((struct sockaddr_ll *)*sap)->sll_ifindex = nlm_index; + ((struct sockaddr_ll *)*sap)->sll_hatype = ifim->ifi_type; + data += NLMSG_ALIGN(sa_len); + } + break; + case IFLA_IFNAME:/* Name of Interface */ + if (!build) + nlen += NLMSG_ALIGN(rtapayload + 1); + else{ + ifa->ifa_name = ifname; + if (iflist[nlm_index] == NULL) + iflist[nlm_index] = ifa->ifa_name; + strncpy(ifa->ifa_name, rtadata, rtapayload); + ifa->ifa_name[rtapayload] = '\0'; + ifname += NLMSG_ALIGN(rtapayload + 1); + } + break; + case IFLA_STATS:/* Statistics of Interface */ + if (!build) + xlen += NLMSG_ALIGN(rtapayload); + else{ + ifa->ifa_data = xdata; + memcpy(ifa->ifa_data, rtadata, rtapayload); + xdata += NLMSG_ALIGN(rtapayload); + } + break; + case IFLA_UNSPEC: + break; + case IFLA_MTU: + break; + case IFLA_LINK: + break; + case IFLA_QDISC: + break; + default: + } + break; + case RTM_NEWADDR: + if (nlm_family == AF_PACKET) break; + switch(rta->rta_type){ + case IFA_ADDRESS: + ifamap.address = rtadata; + ifamap.address_len = rtapayload; + break; + case IFA_LOCAL: + ifamap.local = rtadata; + ifamap.local_len = rtapayload; + break; + case IFA_BROADCAST: + ifamap.broadcast = rtadata; + ifamap.broadcast_len = rtapayload; + break; +#ifdef HAVE_IFADDRS_IFA_ANYCAST + case IFA_ANYCAST: + ifamap.anycast = rtadata; + ifamap.anycast_len = rtapayload; + break; +#endif + case IFA_LABEL: + if (!build) + nlen += NLMSG_ALIGN(rtapayload + 1); + else{ + ifa->ifa_name = ifname; + if (iflist[nlm_index] == NULL) + iflist[nlm_index] = ifname; + strncpy(ifa->ifa_name, rtadata, rtapayload); + ifa->ifa_name[rtapayload] = '\0'; + ifname += NLMSG_ALIGN(rtapayload + 1); + } + break; + case IFA_UNSPEC: + break; + case IFA_CACHEINFO: + break; + default: + } + } + } + if (nlh->nlmsg_type == RTM_NEWADDR && + nlm_family != AF_PACKET) { + if (!ifamap.local) { + ifamap.local = ifamap.address; + ifamap.local_len = ifamap.address_len; + } + if (!ifamap.address) { + ifamap.address = ifamap.local; + ifamap.address_len = ifamap.local_len; + } + if (ifamap.address_len != ifamap.local_len || + (ifamap.address != NULL && + memcmp(ifamap.address, ifamap.local, ifamap.address_len))) { + /* p2p; address is peer and local is ours */ + ifamap.broadcast = ifamap.address; + ifamap.broadcast_len = ifamap.address_len; + ifamap.address = ifamap.local; + ifamap.address_len = ifamap.local_len; + } + if (ifamap.address) { +#ifndef IFA_NETMASK + sockaddr_size = NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len)); +#endif + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len)); + else { + ifa->ifa_addr = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_addr, ifamap.address, ifamap.address_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.address_len)); + } + } +#ifdef IFA_NETMASK + if (ifamap.netmask) { + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.netmask_len)); + else { + ifa->ifa_netmask = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_netmask, ifamap.netmask, ifamap.netmask_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.netmask_len)); + } + } +#endif + if (ifamap.broadcast) { + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.broadcast_len)); + else { + ifa->ifa_broadaddr = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_broadaddr, ifamap.broadcast, ifamap.broadcast_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.broadcast_len)); + } + } +#ifdef HAVE_IFADDRS_IFA_ANYCAST + if (ifamap.anycast) { + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.anycast_len)); + else { + ifa->ifa_anycast = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_anyaddr, ifamap.anycast, ifamap.anycast_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.anycast_len)); + } + } +#endif + } + if (!build){ +#ifndef IFA_NETMASK + dlen += sockaddr_size; +#endif + icnt++; + } else { + if (ifa->ifa_name == NULL) + ifa->ifa_name = iflist[nlm_index]; +#ifndef IFA_NETMASK + if (ifa->ifa_addr && + ifa->ifa_addr->sa_family != AF_UNSPEC && + ifa->ifa_addr->sa_family != AF_PACKET){ + ifa->ifa_netmask = (struct sockaddr *)data; + ifa_make_sockaddr_mask(ifa->ifa_addr->sa_family, ifa->ifa_netmask, nlm_prefixlen); + } + data += sockaddr_size; +#endif + ifl = ifa++; + } + } + } + if (!build){ + if (icnt == 0 && (dlen + nlen + xlen == 0)){ + if (ifap != NULL) + *ifap = NULL; + break; /* cannot found any addresses */ + } + } + else + free_data(NULL, ifdata); + } + +/* ---------------------------------- */ + /* Finalize */ + free_nlmsglist(nlmsg_list); + nl_close(sd); + return 0; +} + +/* ---------------------------------------------------------------------- */ +void +freeifaddrs(struct ifaddrs *ifa) +{ + free(ifa); +} + + +#else /* !AF_NETLINK */ + +/* + * The generic SIOCGIFCONF version. + */ + static int getifaddrs2(struct ifaddrs **ifap, int af, int siocgifconf, int siocgifflags, @@ -355,6 +1131,8 @@ freeifaddrs(struct ifaddrs *ifp) } } +#endif /* !AF_NETLINK */ + #ifdef TEST void diff --git a/crypto/heimdal/lib/roken/getnameinfo_verified.c b/crypto/heimdal/lib/roken/getnameinfo_verified.c index de3c8bf..0145262 100644 --- a/crypto/heimdal/lib/roken/getnameinfo_verified.c +++ b/crypto/heimdal/lib/roken/getnameinfo_verified.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,11 +33,19 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: getnameinfo_verified.c,v 1.5 2001/02/12 13:55:07 assar Exp $"); +RCSID("$Id: getnameinfo_verified.c,v 1.6 2002/09/05 01:36:27 assar Exp $"); #endif #include "roken.h" +/* + * Try to obtain a verified name for the address in `sa, salen' (much + * similar to getnameinfo). + * Verified in this context means that forwards and backwards lookups + * in DNS are consistent. If that fails, return an error if the + * NI_NAMEREQD flag is set or return the numeric address as a string. + */ + int getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, char *host, size_t hostlen, @@ -60,13 +68,13 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, ret = getnameinfo (sa, salen, host, hostlen, serv, servlen, flags | NI_NUMERICSERV); if (ret) - return ret; + goto fail; memset (&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_STREAM; ret = getaddrinfo (host, serv, &hints, &ai); if (ret) - return ret; + goto fail; for (a = ai; a != NULL; a = a->ai_next) { if (a->ai_addrlen == salen && memcmp (a->ai_addr, sa, salen) == 0) { @@ -75,6 +83,7 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, } } freeaddrinfo (ai); + fail: if (flags & NI_NAMEREQD) return EAI_NONAME; ret = getnameinfo (sa, salen, host, hostlen, serv, servlen, diff --git a/crypto/heimdal/lib/roken/parse_reply-test.c b/crypto/heimdal/lib/roken/parse_reply-test.c new file mode 100644 index 0000000..47e12d1 --- /dev/null +++ b/crypto/heimdal/lib/roken/parse_reply-test.c @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: parse_reply-test.c,v 1.2 2002/09/04 03:25:06 assar Exp $"); +#endif + +#include <sys/types.h> +#ifdef HAVE_SYS_MMAN_H +#include <sys/mman.h> +#endif +#include <fcntl.h> + +#include "roken.h" +#include "resolve.h" + +struct dns_reply* +parse_reply(const unsigned char *, size_t); + +enum { MAX_BUF = 36}; + +static struct testcase { + unsigned char buf[MAX_BUF]; + size_t buf_len; +} tests[] = { + {{0x12, 0x67, 0x84, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x03, 'f', 'o', 'o', 0x00, + 0x00, 0x10, 0x00, 0x01, + 0x03, 'f', 'o', 'o', 0x00, + 0x00, 0x10, 0x00, 0x01, + 0x00, 0x00, 0x12, 0x67, 0xff, 0xff}, 36} +}; + +#ifndef MAP_FAILED +#define MAP_FAILED (-1) +#endif + +static sig_atomic_t val = 0; + +static RETSIGTYPE +segv_handler(int sig) +{ + val = 1; +} + +int +main(int argc, char **argv) +{ +#ifndef HAVE_MMAP + return 77; /* signal to automake that this test + cannot be run */ +#else /* HAVE_MMAP */ + int ret; + int i; + struct sigaction sa; + + sigemptyset (&sa.sa_mask); + sa.sa_flags = 0; + sa.sa_handler = segv_handler; + sigaction (SIGSEGV, &sa, NULL); + + for (i = 0; val == 0 && i < sizeof(tests)/sizeof(tests[0]); ++i) { + const struct testcase *t = &tests[i]; + unsigned char *p1, *p2; + int flags; + int fd; + size_t pagesize = getpagesize(); + unsigned char *buf; + +#ifdef MAP_ANON + flags = MAP_ANON; + fd = -1; +#else + flags = 0; + fd = open ("/dev/zero", O_RDONLY); + if(fd < 0) + err (1, "open /dev/zero"); +#endif + flags |= MAP_PRIVATE; + + p1 = (char *)mmap(0, 2 * pagesize, PROT_READ | PROT_WRITE, + flags, fd, 0); + if (p1 == (unsigned char *)MAP_FAILED) + err (1, "mmap"); + p2 = p1 + pagesize; + ret = mprotect (p2, pagesize, 0); + if (ret < 0) + err (1, "mprotect"); + buf = p2 - t->buf_len; + memcpy (buf, t->buf, t->buf_len); + parse_reply (buf, t->buf_len); + ret = munmap (p1, 2 * pagesize); + if (ret < 0) + err (1, "munmap"); + } + return val; +#endif /* HAVE_MMAP */ +} diff --git a/crypto/heimdal/lib/roken/resolve.c b/crypto/heimdal/lib/roken/resolve.c index f17ae4c..ac380d7 100644 --- a/crypto/heimdal/lib/roken/resolve.c +++ b/crypto/heimdal/lib/roken/resolve.c @@ -45,9 +45,10 @@ #include <assert.h> -RCSID("$Id: resolve.c,v 1.33 2002/08/28 20:07:24 joda Exp $"); +RCSID("$Id: resolve.c,v 1.36 2002/09/09 21:39:19 joda Exp $"); -#if defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) +#undef HAVE_RES_NSEARCH +#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND) #define DECL(X) {#X, T_##X} @@ -110,8 +111,11 @@ dns_free_data(struct dns_reply *r) free (r); } -static struct dns_reply* -parse_reply(unsigned char *data, int len) +#ifndef TEST_RESOLVE +static +#endif +struct dns_reply* +parse_reply(const unsigned char *data, size_t len) { const unsigned char *p; char host[128]; @@ -366,26 +370,40 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) { unsigned char reply[1024]; int len; -#ifdef HAVE__RES +#ifdef HAVE_RES_NSEARCH + struct __res_state stat; + memset(&stat, 0, sizeof(stat)); + if(res_ninit(&stat)) + return NULL; /* is this the best we can do? */ +#elif defined(HAVE__RES) u_long old_options = 0; #endif if (_resolve_debug) { -#ifdef HAVE__RES +#ifdef HAVE_RES_NSEARCH + stat.options |= RES_DEBUG; +#elif defined(HAVE__RES) old_options = _res.options; _res.options |= RES_DEBUG; #endif fprintf(stderr, "dns_lookup(%s, %d, %s)\n", domain, rr_class, dns_type_to_string(rr_type)); } +#ifdef HAVE_RES_NSEARCH + len = res_nsearch(&stat, domain, rr_class, rr_type, reply, sizeof(reply)); +#else len = res_search(domain, rr_class, rr_type, reply, sizeof(reply)); +#endif if (_resolve_debug) { -#ifdef HAVE__RES +#if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH) _res.options = old_options; #endif fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n", domain, rr_class, dns_type_to_string(rr_type), len); } +#ifdef HAVE_RES_NSEARCH + res_nclose(&stat); +#endif if(len < 0) { return NULL; } else { diff --git a/crypto/heimdal/lib/roken/roken-common.h b/crypto/heimdal/lib/roken/roken-common.h index 2e604ac..6e29be8 100644 --- a/crypto/heimdal/lib/roken/roken-common.h +++ b/crypto/heimdal/lib/roken/roken-common.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: roken-common.h,v 1.49 2002/08/20 11:55:04 joda Exp $ */ +/* $Id: roken-common.h,v 1.51 2002/09/09 13:41:12 joda Exp $ */ #ifndef __ROKEN_COMMON_H__ #define __ROKEN_COMMON_H__ @@ -252,7 +252,7 @@ ROKEN_CPP_START -#if IRIX != 4 /* fix for compiler bug */ +#ifndef IRIX4 /* fix for compiler bug */ #ifdef RETSIGTYPE typedef RETSIGTYPE (*SigAction)(int); SigAction signal(int iSig, SigAction pAction); /* BSD compatible */ diff --git a/crypto/heimdal/lib/roken/roken.awk b/crypto/heimdal/lib/roken/roken.awk index 057b4fd..b6a181c 100644 --- a/crypto/heimdal/lib/roken/roken.awk +++ b/crypto/heimdal/lib/roken/roken.awk @@ -1,10 +1,10 @@ -# $Id: roken.awk,v 1.7 2001/03/26 09:26:35 joda Exp $ +# $Id: roken.awk,v 1.8 2002/09/10 20:05:55 joda Exp $ BEGIN { - print "#include <stdio.h>" print "#ifdef HAVE_CONFIG_H" print "#include <config.h>" print "#endif" + print "#include <stdio.h>" print "" print "int main()" print "{" diff --git a/crypto/heimdal/lib/roken/rtbl.c b/crypto/heimdal/lib/roken/rtbl.c index 098b601..5a3bc00 100644 --- a/crypto/heimdal/lib/roken/rtbl.c +++ b/crypto/heimdal/lib/roken/rtbl.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000, 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID ("$Id: rtbl.c,v 1.3 2000/07/20 14:42:31 assar Exp $"); +RCSID ("$Id: rtbl.c,v 1.4 2002/09/04 21:25:09 joda Exp $"); #endif #include "roken.h" #include "rtbl.h" @@ -83,12 +83,14 @@ rtbl_destroy (rtbl_t table) for (j = 0; j < c->num_rows; j++) free (c->rows[j].data); + free (c->rows); free (c->header); free (c->prefix); free (c); } free (table->column_prefix); free (table->columns); + free (table); } int diff --git a/crypto/heimdal/tools/Makefile.am b/crypto/heimdal/tools/Makefile.am index 4f02904..b7a9d24 100644 --- a/crypto/heimdal/tools/Makefile.am +++ b/crypto/heimdal/tools/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.5 2001/01/29 06:56:33 assar Exp $ +# $Id: Makefile.am,v 1.6 2002/09/09 22:29:26 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -19,6 +19,7 @@ krb5-config: krb5-config.in -e "s,@includedir\@,$(includedir),g" \ -e "s,@LIB_crypt\@,$(LIB_crypt),g" \ -e "s,@LIB_dbopen\@,$(LIB_dbopen),g" \ + -e "s,@INCLUDE_des\@,$(INCLUDE_des),g" \ -e "s,@LIB_des_appl\@,$(LIB_des_appl),g" \ -e "s,@LIBS\@,$(LIBS),g" \ $(srcdir)/krb5-config.in > $@ diff --git a/crypto/heimdal/tools/Makefile.in b/crypto/heimdal/tools/Makefile.in index 48303ca..0f7496f 100644 --- a/crypto/heimdal/tools/Makefile.in +++ b/crypto/heimdal/tools/Makefile.in @@ -14,7 +14,7 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.5 2001/01/29 06:56:33 assar Exp $ +# $Id: Makefile.am,v 1.6 2002/09/09 22:29:26 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ @@ -566,6 +566,7 @@ krb5-config: krb5-config.in -e "s,@includedir\@,$(includedir),g" \ -e "s,@LIB_crypt\@,$(LIB_crypt),g" \ -e "s,@LIB_dbopen\@,$(LIB_dbopen),g" \ + -e "s,@INCLUDE_des\@,$(INCLUDE_des),g" \ -e "s,@LIB_des_appl\@,$(LIB_des_appl),g" \ -e "s,@LIBS\@,$(LIBS),g" \ $(srcdir)/krb5-config.in > $@ diff --git a/crypto/heimdal/tools/krb5-config.in b/crypto/heimdal/tools/krb5-config.in index e1235ac..bdaa397 100755 --- a/crypto/heimdal/tools/krb5-config.in +++ b/crypto/heimdal/tools/krb5-config.in @@ -1,5 +1,5 @@ #!/bin/sh -# $Id: krb5-config.in,v 1.8 2001/01/29 06:56:51 assar Exp $ +# $Id: krb5-config.in,v 1.9 2002/09/09 22:29:06 joda Exp $ do_libs=no do_cflags=no @@ -21,7 +21,7 @@ for i in $*; do ;; --version) echo "@PACKAGE@ @VERSION@" - echo '$Id: krb5-config.in,v 1.8 2001/01/29 06:56:51 assar Exp $' + echo '$Id: krb5-config.in,v 1.9 2002/09/09 22:29:06 joda Exp $' exit 0 ;; --prefix=*) @@ -104,7 +104,7 @@ if test "$do_libs" = "yes"; then echo $lib_flags fi if test "$do_cflags" = "yes"; then - echo "-I${includedir}" + echo "-I${includedir} @INCLUDE_des@" fi exit 0 |
