diff options
Diffstat (limited to 'lib/auth')
| -rw-r--r-- | lib/auth/ChangeLog | 206 | ||||
| -rw-r--r-- | lib/auth/Makefile.am | 6 | ||||
| -rw-r--r-- | lib/auth/Makefile.in | 815 | ||||
| -rw-r--r-- | lib/auth/afskauthlib/Makefile.am | 51 | ||||
| -rw-r--r-- | lib/auth/afskauthlib/Makefile.in | 723 | ||||
| -rw-r--r-- | lib/auth/afskauthlib/verify.c | 307 | ||||
| -rw-r--r-- | lib/auth/pam/Makefile.am | 69 | ||||
| -rw-r--r-- | lib/auth/pam/Makefile.in | 733 | ||||
| -rw-r--r-- | lib/auth/pam/pam.c | 443 | ||||
| -rw-r--r-- | lib/auth/pam/pam.conf.add | 97 | ||||
| -rw-r--r-- | lib/auth/sia/Makefile.am | 116 | ||||
| -rw-r--r-- | lib/auth/sia/Makefile.in | 778 | ||||
| -rw-r--r-- | lib/auth/sia/krb4+c2_matrix.conf | 58 | ||||
| -rw-r--r-- | lib/auth/sia/krb4_matrix.conf | 59 | ||||
| -rw-r--r-- | lib/auth/sia/krb5+c2_matrix.conf | 27 | ||||
| -rw-r--r-- | lib/auth/sia/krb5_matrix.conf | 27 | ||||
| -rwxr-xr-x | lib/auth/sia/make-rpath | 34 | ||||
| -rw-r--r-- | lib/auth/sia/posix_getpw.c | 78 | ||||
| -rw-r--r-- | lib/auth/sia/security.patch | 11 | ||||
| -rw-r--r-- | lib/auth/sia/sia.c | 703 | ||||
| -rw-r--r-- | lib/auth/sia/sia_locl.h | 93 |
21 files changed, 5434 insertions, 0 deletions
diff --git a/lib/auth/ChangeLog b/lib/auth/ChangeLog new file mode 100644 index 0000000..1ef62c0 --- /dev/null +++ b/lib/auth/ChangeLog @@ -0,0 +1,206 @@ +2007-12-14 Love Hörnquist Åstrand <lha@it.su.se> + + * sia/Makefile.am: One EXTRA_DIST is enought, from dave love. + + * pam/Makefile.am: Add SRCS to EXTRA_DIST + + * afskauthlib/Makefile.am: SRCS + +2006-10-22 Love Hörnquist Åstrand <lha@it.su.se> + + * pam/Makefile.am: use libtool to build binaries + +2005-05-02 Dave Love <fx@gnu.org> + + * afskauthlib/Makefile.am (afskauthlib.so): Use libtool. + (.c.o): Use CC (like SIA module), not COMPILE. + +2005-04-19 Love Hörnquist Åstrand <lha@it.su.se> + + * sia/sia.c: fix getpw*_r calls, they return 0 even when the entry + isn't found and instead make it with setting return pointer to + NULL. From Luke Mewburn <lukem@NetBSD.org> + +2004-09-08 Johan Danielsson <joda@pdc.kth.se> + + * afskauthlib/verify.c: use krb5_appdefault_boolean instead of + krb5_config_get_bool + +2003-09-23 Love Hörnquist Åstrand <lha@it.su.se> + + * sia/sia.c: Add support for AFS when using Kerberos 5, From: + Sergio.Gelato@astro.su.se + +2003-07-07 Love Hörnquist Åstrand <lha@it.su.se> + + * pam/Makefile.am: XXX inline COMPILE since automake wont add it + + * afskauthlib/verify.c (verify_krb5): use krb5_cc_clear_mcred + +2003-05-08 Love Hörnquist Åstrand <lha@it.su.se> + + * sia/Makefile.am: inline COMPILE since (modern) automake doesn't + add it by itself for some reason + +2003-04-30 Love Hörnquist Åstrand <lha@it.su.se> + + * afskauthlib/Makefile.am: always includes kafs now that its built + +2003-03-27 Love Hörnquist Åstrand <lha@it.su.se> + + * sia/Makefile.am: libkafs is always built now, lets include it + +2002-05-19 Johan Danielsson <joda@pdc.kth.se> + + * pam/Makefile.am: set SUFFIXES with += + +2001-10-27 Assar Westerlund <assar@sics.se> + + * pam/Makefile.am: actually build the pam module + +2001-09-18 Johan Danielsson <joda@pdc.kth.se> + + * sia/Makefile.am: also don't compress krb5 library, at least + siacfg fails with compressed libraries + +2001-09-13 Assar Westerlund <assar@sics.se> + + * sia/sia.c: move krb5_error_code inside a ifdef KRB5 + * sia/sia_locl.h: move roken.h earlier to grab definition of + socklen_t + +2001-08-28 Johan Danielsson <joda@pdc.kth.se> + + * sia/krb5_matrix.conf: athena -> heimdal + +2001-07-17 Assar Westerlund <assar@sics.se> + + * sia/Makefile.am: use make-rpath to sort rpath arguments + +2001-07-15 Assar Westerlund <assar@sics.se> + + * afskauthlib/Makefile.am: use LIB_des, so that we link with + libcrypto/libdes from krb4 + +2001-07-12 Assar Westerlund <assar@sics.se> + + * sia/Makefile.am: use $(CC) instead of ld for linking + +2001-07-06 Assar Westerlund <assar@sics.se> + + * sia/Makefile.am: use LDFLAGS, and conditional libdes + +2001-03-06 Assar Westerlund <assar@sics.se> + + * sia/Makefile.am: make sure of using -rpath and not -R when + calling ld + +2001-02-15 Assar Westerlund <assar@sics.se> + + * pam/pam.c (psyslog): do not log to console + +2001-01-29 Assar Westerlund <assar@sics.se> + + * sia/Makefile.am (libsia_krb5.so): actually run ld in the case + shared library case + +2000-12-31 Assar Westerlund <assar@sics.se> + + * sia/sia.c (siad_ses_init): handle krb5_init_context failure + consistently + * afskauthlib/verify.c (verify_krb5): handle krb5_init_context + failure consistently + +2000-11-30 Johan Danielsson <joda@pdc.kth.se> + + * afskauthlib/Makefile.am: use libtool + + * afskauthlib/Makefile.am: work with krb4 only + +2000-07-30 Johan Danielsson <joda@pdc.kth.se> + + * sia/Makefile.am: don't compress library, since 5.0 seems to have + a problem with this + +2000-07-02 Assar Westerlund <assar@sics.se> + + * afskauthlib/verify.c: fixes for pag setting + +1999-12-30 Assar Westerlund <assar@sics.se> + + * sia/Makefile.am: try to link with shared libraries if we don't + find any static ones + +1999-12-20 Johan Danielsson <joda@pdc.kth.se> + + * sia/sia.c: don't use string concatenation with TKT_ROOT + +1999-11-15 Assar Westerlund <assar@sics.se> + + * */lib/Makefile.in: set LIBNAME. From Enrico Scholz + <Enrico.Scholz@informatik.tu-chemnitz.de> + +1999-10-17 Assar Westerlund <assar@sics.se> + + * afskauthlib/verify.c (verify_krb5): need realm for v5 -> v4 + +1999-10-03 Assar Westerlund <assar@sics.se> + + * afskauthlib/verify.c (verify_krb5): update to new + krb524_convert_creds_kdc + +1999-09-28 Assar Westerlund <assar@sics.se> + + * sia/sia.c (doauth): use krb5_get_local_realms and + krb5_verify_user_lrealm + + * afskauthlib/verify.c (verify_krb5): remove krb5_kuserok. use + krb5_verify_user_lrealm + +1999-08-27 Johan Danielsson <joda@pdc.kth.se> + + * pam/Makefile.in: link with res_search/dn_expand libraries + +1999-08-11 Johan Danielsson <joda@pdc.kth.se> + + * afskauthlib/verify.c: make this compile w/o krb4 + +1999-08-04 Assar Westerlund <assar@sics.se> + + * afskauthlib/verify.c: incorporate patches from Miroslav Ruda + <ruda@ics.muni.cz> + +Thu Apr 8 14:35:34 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * sia/sia.c: remove definition of KRB_VERIFY_USER (moved to + config.h) + + * sia/Makefile.am: make it build w/o krb4 + + * afskauthlib/verify.c: add krb5 support + + * afskauthlib/Makefile.am: build afskauthlib.so + +Wed Apr 7 14:06:22 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * sia/sia.c: make it compile w/o krb4 + + * sia/Makefile.am: make it compile w/o krb4 + +Thu Apr 1 18:09:23 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * sia/sia_locl.h: POSIX_GETPWNAM_R is defined in config.h + +Sun Mar 21 14:08:30 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * sia/Makefile.in: add posix_getpw.c + + * sia/Makefile.am: makefile for sia + + * sia/posix_getpw.c: move from sia.c + + * sia/sia_locl.h: merge with krb5 version + + * sia/sia.c: merge with krb5 version + + * sia/sia5.c: remove unused variables diff --git a/lib/auth/Makefile.am b/lib/auth/Makefile.am new file mode 100644 index 0000000..c62903c --- /dev/null +++ b/lib/auth/Makefile.am @@ -0,0 +1,6 @@ +# $Id: Makefile.am 5683 1999-03-21 17:11:08Z joda $ + +include $(top_srcdir)/Makefile.am.common + +SUBDIRS = @LIB_AUTH_SUBDIRS@ +DIST_SUBDIRS = afskauthlib pam sia diff --git a/lib/auth/Makefile.in b/lib/auth/Makefile.in new file mode 100644 index 0000000..d7200ce --- /dev/null +++ b/lib/auth/Makefile.in @@ -0,0 +1,815 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id: Makefile.am 5683 1999-03-21 17:11:08Z joda $ + +# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ + +# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/Makefile.am.common \ + $(top_srcdir)/cf/Makefile.am.common ChangeLog +subdir = lib/auth +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ + $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/broken-getaddrinfo.m4 \ + $(top_srcdir)/cf/broken-glob.m4 \ + $(top_srcdir)/cf/broken-realloc.m4 \ + $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ + $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ + $(top_srcdir)/cf/capabilities.m4 \ + $(top_srcdir)/cf/check-compile-et.m4 \ + $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ + $(top_srcdir)/cf/check-man.m4 \ + $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ + $(top_srcdir)/cf/check-type-extra.m4 \ + $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ + $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ + $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ + $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/find-func-no-libs.m4 \ + $(top_srcdir)/cf/find-func-no-libs2.m4 \ + $(top_srcdir)/cf/find-func.m4 \ + $(top_srcdir)/cf/find-if-not-broken.m4 \ + $(top_srcdir)/cf/framework-security.m4 \ + $(top_srcdir)/cf/have-struct-field.m4 \ + $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ + $(top_srcdir)/cf/krb-bigendian.m4 \ + $(top_srcdir)/cf/krb-func-getlogin.m4 \ + $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ + $(top_srcdir)/cf/krb-readline.m4 \ + $(top_srcdir)/cf/krb-struct-spwd.m4 \ + $(top_srcdir)/cf/krb-struct-winsize.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ + $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ + $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ + $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ + $(top_srcdir)/cf/roken-frag.m4 \ + $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ + $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ + $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ + $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/include/config.h +CONFIG_CLEAN_FILES = +depcomp = +am__depfiles_maybe = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +CFLAGS = @CFLAGS@ +COMPILE_ET = @COMPILE_ET@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DBLIB = @DBLIB@ +DEFS = @DEFS@ +DIR_com_err = @DIR_com_err@ +DIR_hcrypto = @DIR_hcrypto@ +DIR_hdbdir = @DIR_hdbdir@ +DIR_roken = @DIR_roken@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_hcrypto = @INCLUDE_hcrypto@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_openldap = @INCLUDE_openldap@ +INCLUDE_readline = @INCLUDE_readline@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBADD_roken = @LIBADD_roken@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_NDBM = @LIB_NDBM@ +LIB_XauFileName = @LIB_XauFileName@ +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_XauWriteAuth = @LIB_XauWriteAuth@ +LIB_bswap16 = @LIB_bswap16@ +LIB_bswap32 = @LIB_bswap32@ +LIB_com_err = @LIB_com_err@ +LIB_com_err_a = @LIB_com_err_a@ +LIB_com_err_so = @LIB_com_err_so@ +LIB_crypt = @LIB_crypt@ +LIB_db_create = @LIB_db_create@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_door_create = @LIB_door_create@ +LIB_el_init = @LIB_el_init@ +LIB_freeaddrinfo = @LIB_freeaddrinfo@ +LIB_gai_strerror = @LIB_gai_strerror@ +LIB_getaddrinfo = @LIB_getaddrinfo@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_gethostbyname2 = @LIB_gethostbyname2@ +LIB_getnameinfo = @LIB_getnameinfo@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_hcrypto = @LIB_hcrypto@ +LIB_hcrypto_a = @LIB_hcrypto_a@ +LIB_hcrypto_appl = @LIB_hcrypto_appl@ +LIB_hcrypto_so = @LIB_hcrypto_so@ +LIB_hesiod = @LIB_hesiod@ +LIB_hstrerror = @LIB_hstrerror@ +LIB_kdb = @LIB_kdb@ +LIB_krb4 = @LIB_krb4@ +LIB_loadquery = @LIB_loadquery@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_openldap = @LIB_openldap@ +LIB_openpty = @LIB_openpty@ +LIB_otp = @LIB_otp@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_ndestroy = @LIB_res_ndestroy@ +LIB_res_nsearch = @LIB_res_nsearch@ +LIB_res_search = @LIB_res_search@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NROFF = @NROFF@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ +PTHREADS_LIBS = @PTHREADS_LIBS@ +RANLIB = @RANLIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VERSIONING = @VERSIONING@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +XMKMF = @XMKMF@ +X_CFLAGS = @X_CFLAGS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_LIBS = @X_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__leading_dot = @am__leading_dot@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dpagaix_cflags = @dpagaix_cflags@ +dpagaix_ldadd = @dpagaix_ldadd@ +dpagaix_ldflags = @dpagaix_ldflags@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME +AM_CFLAGS = $(WFLAGS) +CP = cp +buildinclude = $(top_builddir)/include +LIB_getattr = @LIB_getattr@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_setpcred = @LIB_setpcred@ +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +NROFF_MAN = groff -mandoc -Tascii +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la + +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la +@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la +SUBDIRS = @LIB_AUTH_SUBDIRS@ +DIST_SUBDIRS = afskauthlib pam sia +all: all-recursive + +.SUFFIXES: +.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign --ignore-deps lib/auth/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + distdir=`$(am__cd) $(distdir) && pwd`; \ + top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ + (cd $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$top_distdir" \ + distdir="$$distdir/$$subdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-recursive +all-am: Makefile all-local +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +info: info-recursive + +info-am: + +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook + +install-dvi: install-dvi-recursive + +install-exec-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + +install-html: install-html-recursive + +install-info: install-info-recursive + +install-man: + +install-pdf: install-pdf-recursive + +install-ps: install-ps-recursive + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-hook + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ + install-data-am install-exec-am install-strip uninstall-am + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am all-local check check-am check-local clean \ + clean-generic clean-libtool ctags ctags-recursive dist-hook \ + distclean distclean-generic distclean-libtool distclean-tags \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-data install-data-am install-data-hook \ + install-dvi install-dvi-am install-exec install-exec-am \ + install-exec-hook install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am uninstall-hook + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) + @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done ; \ + foo='$(nobase_include_HEADERS)'; \ + for f in $$foo; do \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers + +check-local:: + @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ + foo=''; elif test '$(CHECK_LOCAL)'; then \ + foo='$(CHECK_LOCAL)'; else \ + foo='$(PROGRAMS)'; fi; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0 || exit 1; \ + fi + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +uninstall-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-hook: install-cat-mans +uninstall-hook: uninstall-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +# +# Useful target for debugging +# + +check-valgrind: + tobjdir=`cd $(top_builddir) && pwd` ; \ + tsrcdir=`cd $(top_srcdir) && pwd` ; \ + env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + +# +# Target to please samba build farm, builds distfiles in-tree. +# Will break when automake changes... +# + +distdir-in-tree: $(DISTFILES) $(INFO_DEPS) + list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" != .; then \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ + fi ; \ + done +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/lib/auth/afskauthlib/Makefile.am b/lib/auth/afskauthlib/Makefile.am new file mode 100644 index 0000000..1eec4f5 --- /dev/null +++ b/lib/auth/afskauthlib/Makefile.am @@ -0,0 +1,51 @@ +# $Id: Makefile.am 22298 2007-12-14 06:38:06Z lha $ + +include $(top_srcdir)/Makefile.am.common + +AM_CPPFLAGS += $(INCLUDE_krb4) + +DEFS = @DEFS@ + +foodir = $(libdir) +foo_DATA = afskauthlib.so + +SUFFIXES += .c .o + +SRCS = verify.c +OBJS = verify.o + +CLEANFILES = $(foo_DATA) $(OBJS) so_locations + +afskauthlib.so: $(OBJS) + $(LIBTOOL) --mode=link $(CC) -shared -o $@ $(OBJS) $(L) $(LDFLAGS) + +.c.o: + $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ + -c `test -f '$<' || echo '$(srcdir)/'`$< + +KAFS = $(top_builddir)/lib/kafs/libkafs.la + +if KRB5 +L = \ + $(KAFS) \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(LIB_krb4) \ + $(LIB_hcrypto) \ + $(top_builddir)/lib/roken/libroken.la \ + -lc + +else + +L = \ + $(KAFS) \ + $(LIB_krb4) \ + $(LIB_hcrypto) \ + $(top_builddir)/lib/roken/libroken.la \ + -lc +endif + +$(OBJS): $(top_builddir)/include/config.h + +EXTRA_DIST = $(SRCS) diff --git a/lib/auth/afskauthlib/Makefile.in b/lib/auth/afskauthlib/Makefile.in new file mode 100644 index 0000000..89c966a --- /dev/null +++ b/lib/auth/afskauthlib/Makefile.in @@ -0,0 +1,723 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id: Makefile.am 22298 2007-12-14 06:38:06Z lha $ + +# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ + +# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/Makefile.am.common \ + $(top_srcdir)/cf/Makefile.am.common +subdir = lib/auth/afskauthlib +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ + $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/broken-getaddrinfo.m4 \ + $(top_srcdir)/cf/broken-glob.m4 \ + $(top_srcdir)/cf/broken-realloc.m4 \ + $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ + $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ + $(top_srcdir)/cf/capabilities.m4 \ + $(top_srcdir)/cf/check-compile-et.m4 \ + $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ + $(top_srcdir)/cf/check-man.m4 \ + $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ + $(top_srcdir)/cf/check-type-extra.m4 \ + $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ + $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ + $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ + $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/find-func-no-libs.m4 \ + $(top_srcdir)/cf/find-func-no-libs2.m4 \ + $(top_srcdir)/cf/find-func.m4 \ + $(top_srcdir)/cf/find-if-not-broken.m4 \ + $(top_srcdir)/cf/framework-security.m4 \ + $(top_srcdir)/cf/have-struct-field.m4 \ + $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ + $(top_srcdir)/cf/krb-bigendian.m4 \ + $(top_srcdir)/cf/krb-func-getlogin.m4 \ + $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ + $(top_srcdir)/cf/krb-readline.m4 \ + $(top_srcdir)/cf/krb-struct-spwd.m4 \ + $(top_srcdir)/cf/krb-struct-winsize.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ + $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ + $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ + $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ + $(top_srcdir)/cf/roken-frag.m4 \ + $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ + $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ + $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ + $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/include/config.h +CONFIG_CLEAN_FILES = +depcomp = +am__depfiles_maybe = +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(foodir)" +fooDATA_INSTALL = $(INSTALL_DATA) +DATA = $(foo_DATA) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +CFLAGS = @CFLAGS@ +COMPILE_ET = @COMPILE_ET@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DBLIB = @DBLIB@ +DEFS = @DEFS@ +DIR_com_err = @DIR_com_err@ +DIR_hcrypto = @DIR_hcrypto@ +DIR_hdbdir = @DIR_hdbdir@ +DIR_roken = @DIR_roken@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_hcrypto = @INCLUDE_hcrypto@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_openldap = @INCLUDE_openldap@ +INCLUDE_readline = @INCLUDE_readline@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBADD_roken = @LIBADD_roken@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_NDBM = @LIB_NDBM@ +LIB_XauFileName = @LIB_XauFileName@ +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_XauWriteAuth = @LIB_XauWriteAuth@ +LIB_bswap16 = @LIB_bswap16@ +LIB_bswap32 = @LIB_bswap32@ +LIB_com_err = @LIB_com_err@ +LIB_com_err_a = @LIB_com_err_a@ +LIB_com_err_so = @LIB_com_err_so@ +LIB_crypt = @LIB_crypt@ +LIB_db_create = @LIB_db_create@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_door_create = @LIB_door_create@ +LIB_el_init = @LIB_el_init@ +LIB_freeaddrinfo = @LIB_freeaddrinfo@ +LIB_gai_strerror = @LIB_gai_strerror@ +LIB_getaddrinfo = @LIB_getaddrinfo@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_gethostbyname2 = @LIB_gethostbyname2@ +LIB_getnameinfo = @LIB_getnameinfo@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_hcrypto = @LIB_hcrypto@ +LIB_hcrypto_a = @LIB_hcrypto_a@ +LIB_hcrypto_appl = @LIB_hcrypto_appl@ +LIB_hcrypto_so = @LIB_hcrypto_so@ +LIB_hesiod = @LIB_hesiod@ +LIB_hstrerror = @LIB_hstrerror@ +LIB_kdb = @LIB_kdb@ +LIB_krb4 = @LIB_krb4@ +LIB_loadquery = @LIB_loadquery@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_openldap = @LIB_openldap@ +LIB_openpty = @LIB_openpty@ +LIB_otp = @LIB_otp@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_ndestroy = @LIB_res_ndestroy@ +LIB_res_nsearch = @LIB_res_nsearch@ +LIB_res_search = @LIB_res_search@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NROFF = @NROFF@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ +PTHREADS_LIBS = @PTHREADS_LIBS@ +RANLIB = @RANLIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VERSIONING = @VERSIONING@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +XMKMF = @XMKMF@ +X_CFLAGS = @X_CFLAGS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_LIBS = @X_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__leading_dot = @am__leading_dot@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dpagaix_cflags = @dpagaix_cflags@ +dpagaix_ldadd = @dpagaix_ldadd@ +dpagaix_ldflags = @dpagaix_ldflags@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o +AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ + $(INCLUDE_krb4) +@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME +AM_CFLAGS = $(WFLAGS) +CP = cp +buildinclude = $(top_builddir)/include +LIB_getattr = @LIB_getattr@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_setpcred = @LIB_setpcred@ +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +NROFF_MAN = groff -mandoc -Tascii +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la + +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la +@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la +foodir = $(libdir) +foo_DATA = afskauthlib.so +SRCS = verify.c +OBJS = verify.o +CLEANFILES = $(foo_DATA) $(OBJS) so_locations +KAFS = $(top_builddir)/lib/kafs/libkafs.la +@KRB5_FALSE@L = \ +@KRB5_FALSE@ $(KAFS) \ +@KRB5_FALSE@ $(LIB_krb4) \ +@KRB5_FALSE@ $(LIB_hcrypto) \ +@KRB5_FALSE@ $(top_builddir)/lib/roken/libroken.la \ +@KRB5_FALSE@ -lc + +@KRB5_TRUE@L = \ +@KRB5_TRUE@ $(KAFS) \ +@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ +@KRB5_TRUE@ $(LIB_krb4) \ +@KRB5_TRUE@ $(LIB_hcrypto) \ +@KRB5_TRUE@ $(top_builddir)/lib/roken/libroken.la \ +@KRB5_TRUE@ -lc + +EXTRA_DIST = $(SRCS) +all: all-am + +.SUFFIXES: +.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/afskauthlib/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign --ignore-deps lib/auth/afskauthlib/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-fooDATA: $(foo_DATA) + @$(NORMAL_INSTALL) + test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)" + @list='$(foo_DATA)'; for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + f=$(am__strip_dir) \ + echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \ + $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \ + done + +uninstall-fooDATA: + @$(NORMAL_UNINSTALL) + @list='$(foo_DATA)'; for p in $$list; do \ + f=$(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \ + rm -f "$(DESTDIR)$(foodir)/$$f"; \ + done +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +all-am: Makefile $(DATA) all-local +installdirs: + for dir in "$(DESTDIR)$(foodir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook + +install-dvi: install-dvi-am + +install-exec-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + +install-html: install-html-am + +install-info: install-info-am + +install-man: + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-hook + +.MAKE: install-am install-data-am install-exec-am install-strip \ + uninstall-am + +.PHONY: all all-am all-local check check-am check-local clean \ + clean-generic clean-libtool dist-hook distclean \ + distclean-generic distclean-libtool distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-fooDATA \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am uninstall uninstall-am uninstall-fooDATA \ + uninstall-hook + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) + @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done ; \ + foo='$(nobase_include_HEADERS)'; \ + for f in $$foo; do \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers + +check-local:: + @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ + foo=''; elif test '$(CHECK_LOCAL)'; then \ + foo='$(CHECK_LOCAL)'; else \ + foo='$(PROGRAMS)'; fi; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0 || exit 1; \ + fi + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +uninstall-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-hook: install-cat-mans +uninstall-hook: uninstall-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +# +# Useful target for debugging +# + +check-valgrind: + tobjdir=`cd $(top_builddir) && pwd` ; \ + tsrcdir=`cd $(top_srcdir) && pwd` ; \ + env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + +# +# Target to please samba build farm, builds distfiles in-tree. +# Will break when automake changes... +# + +distdir-in-tree: $(DISTFILES) $(INFO_DEPS) + list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" != .; then \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ + fi ; \ + done + +afskauthlib.so: $(OBJS) + $(LIBTOOL) --mode=link $(CC) -shared -o $@ $(OBJS) $(L) $(LDFLAGS) + +.c.o: + $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ + -c `test -f '$<' || echo '$(srcdir)/'`$< + +$(OBJS): $(top_builddir)/include/config.h +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/lib/auth/afskauthlib/verify.c b/lib/auth/afskauthlib/verify.c new file mode 100644 index 0000000..ff0141b --- /dev/null +++ b/lib/auth/afskauthlib/verify.c @@ -0,0 +1,307 @@ +/* + * Copyright (c) 1995-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: verify.c 14203 2004-09-08 09:02:59Z joda $"); +#endif +#include <unistd.h> +#include <sys/types.h> +#include <pwd.h> +#ifdef KRB5 +#include <krb5.h> +#endif +#ifdef KRB4 +#include <krb.h> +#include <kafs.h> +#endif +#include <roken.h> + +#ifdef KRB5 +static char krb5ccname[128]; +#endif +#ifdef KRB4 +static char krbtkfile[128]; +#endif + +/* + In some cases is afs_gettktstring called twice (once before + afs_verify and once after afs_verify). + In some cases (rlogin with access allowed via .rhosts) + afs_verify is not called! + So we can't rely on correct value in krbtkfile in some + cases! +*/ + +static int correct_tkfilename=0; +static int pag_set=0; + +#ifdef KRB4 +static void +set_krbtkfile(uid_t uid) +{ + snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid); + krb_set_tkt_string (krbtkfile); + correct_tkfilename = 1; +} +#endif + +/* XXX this has to be the default cache name, since the KRB5CCNAME + * environment variable isn't exported by login/xdm + */ + +#ifdef KRB5 +static void +set_krb5ccname(uid_t uid) +{ + snprintf (krb5ccname, sizeof(krb5ccname), "FILE:/tmp/krb5cc_%d", uid); +#ifdef KRB4 + snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid); +#endif + correct_tkfilename = 1; +} +#endif + +static void +set_spec_krbtkfile(void) +{ + int fd; +#ifdef KRB4 + snprintf (krbtkfile, sizeof(krbtkfile), "%s_XXXXXX", TKT_ROOT); + fd = mkstemp(krbtkfile); + close(fd); + unlink(krbtkfile); + krb_set_tkt_string (krbtkfile); +#endif +#ifdef KRB5 + snprintf(krb5ccname, sizeof(krb5ccname),"FILE:/tmp/krb5cc_XXXXXX"); + fd=mkstemp(krb5ccname+5); + close(fd); + unlink(krb5ccname+5); +#endif +} + +#ifdef KRB5 +static int +verify_krb5(struct passwd *pwd, + char *password, + int32_t *exp, + int quiet) +{ + krb5_context context; + krb5_error_code ret; + krb5_ccache ccache; + krb5_principal principal; + + ret = krb5_init_context(&context); + if (ret) { + syslog(LOG_AUTH|LOG_DEBUG, "krb5_init_context failed: %d", ret); + goto out; + } + + ret = krb5_parse_name (context, pwd->pw_name, &principal); + if (ret) { + syslog(LOG_AUTH|LOG_DEBUG, "krb5_parse_name: %s", + krb5_get_err_text(context, ret)); + goto out; + } + + set_krb5ccname(pwd->pw_uid); + ret = krb5_cc_resolve(context, krb5ccname, &ccache); + if(ret) { + syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_resolve: %s", + krb5_get_err_text(context, ret)); + goto out; + } + + ret = krb5_verify_user_lrealm(context, + principal, + ccache, + password, + TRUE, + NULL); + if(ret) { + syslog(LOG_AUTH|LOG_DEBUG, "krb5_verify_user: %s", + krb5_get_err_text(context, ret)); + goto out; + } + + if(chown(krb5_cc_get_name(context, ccache), pwd->pw_uid, pwd->pw_gid)) { + syslog(LOG_AUTH|LOG_DEBUG, "chown: %s", + krb5_get_err_text(context, errno)); + goto out; + } + +#ifdef KRB4 + { + krb5_realm realm = NULL; + krb5_boolean get_v4_tgt; + + krb5_get_default_realm(context, &realm); + krb5_appdefault_boolean(context, "afskauthlib", + realm, + "krb4_get_tickets", FALSE, &get_v4_tgt); + if (get_v4_tgt) { + CREDENTIALS c; + krb5_creds mcred, cred; + + krb5_cc_clear_mcred(&mcred); + + krb5_make_principal(context, &mcred.server, realm, + "krbtgt", + realm, + NULL); + ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); + if(ret == 0) { + ret = krb524_convert_creds_kdc_ccache(context, ccache, &cred, &c); + if(ret) + krb5_warn(context, ret, "converting creds"); + else { + set_krbtkfile(pwd->pw_uid); + tf_setup(&c, c.pname, c.pinst); + } + memset(&c, 0, sizeof(c)); + krb5_free_cred_contents(context, &cred); + } else + syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_retrieve_cred: %s", + krb5_get_err_text(context, ret)); + + krb5_free_principal(context, mcred.server); + } + free (realm); + if (!pag_set && k_hasafs()) { + k_setpag(); + pag_set = 1; + } + + if (pag_set) + krb5_afslog_uid_home(context, ccache, NULL, NULL, + pwd->pw_uid, pwd->pw_dir); + } +#endif + out: + if(ret && !quiet) + printf ("%s\n", krb5_get_err_text (context, ret)); + return ret; +} +#endif + +#ifdef KRB4 +static int +verify_krb4(struct passwd *pwd, + char *password, + int32_t *exp, + int quiet) +{ + int ret = 1; + char lrealm[REALM_SZ]; + + if (krb_get_lrealm (lrealm, 1) != KFAILURE) { + set_krbtkfile(pwd->pw_uid); + ret = krb_verify_user (pwd->pw_name, "", lrealm, password, + KRB_VERIFY_SECURE, NULL); + if (ret == KSUCCESS) { + if (!pag_set && k_hasafs()) { + k_setpag (); + pag_set = 1; + } + if (pag_set) + krb_afslog_uid_home (0, 0, pwd->pw_uid, pwd->pw_dir); + } else if (!quiet) + printf ("%s\n", krb_get_err_text (ret)); + } + return ret; +} +#endif + +int +afs_verify(char *name, + char *password, + int32_t *exp, + int quiet) +{ + int ret = 1; + struct passwd *pwd = k_getpwnam (name); + + if(pwd == NULL) + return 1; + + if (!pag_set && k_hasafs()) { + k_setpag(); + pag_set=1; + } + + if (ret) + ret = unix_verify_user (name, password); +#ifdef KRB5 + if (ret) + ret = verify_krb5(pwd, password, exp, quiet); +#endif +#ifdef KRB4 + if(ret) + ret = verify_krb4(pwd, password, exp, quiet); +#endif + return ret; +} + +char * +afs_gettktstring (void) +{ + char *ptr; + struct passwd *pwd; + + if (!correct_tkfilename) { + ptr = getenv("LOGNAME"); + if (ptr != NULL && ((pwd = getpwnam(ptr)) != NULL)) { + set_krb5ccname(pwd->pw_uid); +#ifdef KRB4 + set_krbtkfile(pwd->pw_uid); + if (!pag_set && k_hasafs()) { + k_setpag(); + pag_set=1; + } +#endif + } else { + set_spec_krbtkfile(); + } + } +#ifdef KRB5 + esetenv("KRB5CCNAME",krb5ccname,1); +#endif +#ifdef KRB4 + esetenv("KRBTKFILE",krbtkfile,1); + return krbtkfile; +#else + return ""; +#endif +} diff --git a/lib/auth/pam/Makefile.am b/lib/auth/pam/Makefile.am new file mode 100644 index 0000000..c4d0eb5 --- /dev/null +++ b/lib/auth/pam/Makefile.am @@ -0,0 +1,69 @@ +# $Id: Makefile.am 22299 2007-12-14 06:39:19Z lha $ + +include $(top_srcdir)/Makefile.am.common + +AM_CPPFLAGS += $(INCLUDE_krb4) + +WFLAGS += $(WFLAGS_NOIMPLICITINT) + +DEFS = @DEFS@ + +## this is horribly ugly, but automake/libtool doesn't allow us to +## unconditionally build shared libraries, and it does not allow us to +## link with non-installed libraries + +if KRB4 +KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a +KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so + +L = \ + $(KAFS) \ + $(top_builddir)/lib/krb/.libs/libkrb.a \ + $(LIB_hcrypto_a) \ + $(top_builddir)/lib/roken/.libs/libroken.a \ + -lc + +L_shared = \ + $(KAFS_S) \ + $(top_builddir)/lib/krb/.libs/libkrb.so \ + $(LIB_hcrypto_so) \ + $(top_builddir)/lib/roken/.libs/libroken.so \ + $(LIB_getpwnam_r) \ + -lc + +MOD = pam_krb4.so + +endif + +foodir = $(libdir) +foo_DATA = $(MOD) + +LDFLAGS = @LDFLAGS@ + +SRCS = pam.c +OBJS = pam.o + +pam_krb4.so: $(OBJS) + @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \ + echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \ + $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \ + elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \ + echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \ + $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \ + else \ + echo "missing libraries"; exit 1; \ + fi + +CLEANFILES = $(MOD) $(OBJS) + +SUFFIXES += .c .o + +# XXX inline COMPILE since automake wont add it + +.c.o: + $(LIBTOOL) --mode=compile --tag=CC $(CC) \ + $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ + -c `test -f '$<' || echo '$(srcdir)/'`$< + +EXTRA_DIST = pam.conf.add $(SRCS) diff --git a/lib/auth/pam/Makefile.in b/lib/auth/pam/Makefile.in new file mode 100644 index 0000000..0f9e084 --- /dev/null +++ b/lib/auth/pam/Makefile.in @@ -0,0 +1,733 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id: Makefile.am 22299 2007-12-14 06:39:19Z lha $ + +# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ + +# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/Makefile.am.common \ + $(top_srcdir)/cf/Makefile.am.common +subdir = lib/auth/pam +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ + $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/broken-getaddrinfo.m4 \ + $(top_srcdir)/cf/broken-glob.m4 \ + $(top_srcdir)/cf/broken-realloc.m4 \ + $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ + $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ + $(top_srcdir)/cf/capabilities.m4 \ + $(top_srcdir)/cf/check-compile-et.m4 \ + $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ + $(top_srcdir)/cf/check-man.m4 \ + $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ + $(top_srcdir)/cf/check-type-extra.m4 \ + $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ + $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ + $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ + $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/find-func-no-libs.m4 \ + $(top_srcdir)/cf/find-func-no-libs2.m4 \ + $(top_srcdir)/cf/find-func.m4 \ + $(top_srcdir)/cf/find-if-not-broken.m4 \ + $(top_srcdir)/cf/framework-security.m4 \ + $(top_srcdir)/cf/have-struct-field.m4 \ + $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ + $(top_srcdir)/cf/krb-bigendian.m4 \ + $(top_srcdir)/cf/krb-func-getlogin.m4 \ + $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ + $(top_srcdir)/cf/krb-readline.m4 \ + $(top_srcdir)/cf/krb-struct-spwd.m4 \ + $(top_srcdir)/cf/krb-struct-winsize.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ + $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ + $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ + $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ + $(top_srcdir)/cf/roken-frag.m4 \ + $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ + $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ + $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ + $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/include/config.h +CONFIG_CLEAN_FILES = +depcomp = +am__depfiles_maybe = +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(foodir)" +fooDATA_INSTALL = $(INSTALL_DATA) +DATA = $(foo_DATA) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +CFLAGS = @CFLAGS@ +COMPILE_ET = @COMPILE_ET@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DBLIB = @DBLIB@ +DEFS = @DEFS@ +DIR_com_err = @DIR_com_err@ +DIR_hcrypto = @DIR_hcrypto@ +DIR_hdbdir = @DIR_hdbdir@ +DIR_roken = @DIR_roken@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_hcrypto = @INCLUDE_hcrypto@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_openldap = @INCLUDE_openldap@ +INCLUDE_readline = @INCLUDE_readline@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBADD_roken = @LIBADD_roken@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_NDBM = @LIB_NDBM@ +LIB_XauFileName = @LIB_XauFileName@ +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_XauWriteAuth = @LIB_XauWriteAuth@ +LIB_bswap16 = @LIB_bswap16@ +LIB_bswap32 = @LIB_bswap32@ +LIB_com_err = @LIB_com_err@ +LIB_com_err_a = @LIB_com_err_a@ +LIB_com_err_so = @LIB_com_err_so@ +LIB_crypt = @LIB_crypt@ +LIB_db_create = @LIB_db_create@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_door_create = @LIB_door_create@ +LIB_el_init = @LIB_el_init@ +LIB_freeaddrinfo = @LIB_freeaddrinfo@ +LIB_gai_strerror = @LIB_gai_strerror@ +LIB_getaddrinfo = @LIB_getaddrinfo@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_gethostbyname2 = @LIB_gethostbyname2@ +LIB_getnameinfo = @LIB_getnameinfo@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_hcrypto = @LIB_hcrypto@ +LIB_hcrypto_a = @LIB_hcrypto_a@ +LIB_hcrypto_appl = @LIB_hcrypto_appl@ +LIB_hcrypto_so = @LIB_hcrypto_so@ +LIB_hesiod = @LIB_hesiod@ +LIB_hstrerror = @LIB_hstrerror@ +LIB_kdb = @LIB_kdb@ +LIB_krb4 = @LIB_krb4@ +LIB_loadquery = @LIB_loadquery@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_openldap = @LIB_openldap@ +LIB_openpty = @LIB_openpty@ +LIB_otp = @LIB_otp@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_ndestroy = @LIB_res_ndestroy@ +LIB_res_nsearch = @LIB_res_nsearch@ +LIB_res_search = @LIB_res_search@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NROFF = @NROFF@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ +PTHREADS_LIBS = @PTHREADS_LIBS@ +RANLIB = @RANLIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VERSIONING = @VERSIONING@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT) +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +XMKMF = @XMKMF@ +X_CFLAGS = @X_CFLAGS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_LIBS = @X_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__leading_dot = @am__leading_dot@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dpagaix_cflags = @dpagaix_cflags@ +dpagaix_ldadd = @dpagaix_ldadd@ +dpagaix_ldflags = @dpagaix_ldflags@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o +AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ + $(INCLUDE_krb4) +@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME +AM_CFLAGS = $(WFLAGS) +CP = cp +buildinclude = $(top_builddir)/include +LIB_getattr = @LIB_getattr@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_setpcred = @LIB_setpcred@ +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +NROFF_MAN = groff -mandoc -Tascii +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la + +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la +@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la +@KRB4_TRUE@KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a +@KRB4_TRUE@KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so +@KRB4_TRUE@L = \ +@KRB4_TRUE@ $(KAFS) \ +@KRB4_TRUE@ $(top_builddir)/lib/krb/.libs/libkrb.a \ +@KRB4_TRUE@ $(LIB_hcrypto_a) \ +@KRB4_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.a \ +@KRB4_TRUE@ -lc + +@KRB4_TRUE@L_shared = \ +@KRB4_TRUE@ $(KAFS_S) \ +@KRB4_TRUE@ $(top_builddir)/lib/krb/.libs/libkrb.so \ +@KRB4_TRUE@ $(LIB_hcrypto_so) \ +@KRB4_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.so \ +@KRB4_TRUE@ $(LIB_getpwnam_r) \ +@KRB4_TRUE@ -lc + +@KRB4_TRUE@MOD = pam_krb4.so +foodir = $(libdir) +foo_DATA = $(MOD) +SRCS = pam.c +OBJS = pam.o +CLEANFILES = $(MOD) $(OBJS) +EXTRA_DIST = pam.conf.add $(SRCS) +all: all-am + +.SUFFIXES: +.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/pam/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign --ignore-deps lib/auth/pam/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-fooDATA: $(foo_DATA) + @$(NORMAL_INSTALL) + test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)" + @list='$(foo_DATA)'; for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + f=$(am__strip_dir) \ + echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \ + $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \ + done + +uninstall-fooDATA: + @$(NORMAL_UNINSTALL) + @list='$(foo_DATA)'; for p in $$list; do \ + f=$(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \ + rm -f "$(DESTDIR)$(foodir)/$$f"; \ + done +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +all-am: Makefile $(DATA) all-local +installdirs: + for dir in "$(DESTDIR)$(foodir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook + +install-dvi: install-dvi-am + +install-exec-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + +install-html: install-html-am + +install-info: install-info-am + +install-man: + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-hook + +.MAKE: install-am install-data-am install-exec-am install-strip \ + uninstall-am + +.PHONY: all all-am all-local check check-am check-local clean \ + clean-generic clean-libtool dist-hook distclean \ + distclean-generic distclean-libtool distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-fooDATA \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am uninstall uninstall-am uninstall-fooDATA \ + uninstall-hook + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) + @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done ; \ + foo='$(nobase_include_HEADERS)'; \ + for f in $$foo; do \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers + +check-local:: + @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ + foo=''; elif test '$(CHECK_LOCAL)'; then \ + foo='$(CHECK_LOCAL)'; else \ + foo='$(PROGRAMS)'; fi; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0 || exit 1; \ + fi + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +uninstall-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-hook: install-cat-mans +uninstall-hook: uninstall-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +# +# Useful target for debugging +# + +check-valgrind: + tobjdir=`cd $(top_builddir) && pwd` ; \ + tsrcdir=`cd $(top_srcdir) && pwd` ; \ + env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + +# +# Target to please samba build farm, builds distfiles in-tree. +# Will break when automake changes... +# + +distdir-in-tree: $(DISTFILES) $(INFO_DEPS) + list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" != .; then \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ + fi ; \ + done + +pam_krb4.so: $(OBJS) + @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \ + echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \ + $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \ + elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \ + echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \ + $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \ + else \ + echo "missing libraries"; exit 1; \ + fi + +# XXX inline COMPILE since automake wont add it + +.c.o: + $(LIBTOOL) --mode=compile --tag=CC $(CC) \ + $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ + -c `test -f '$<' || echo '$(srcdir)/'`$< +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/lib/auth/pam/pam.c b/lib/auth/pam/pam.c new file mode 100644 index 0000000..ed5071b --- /dev/null +++ b/lib/auth/pam/pam.c @@ -0,0 +1,443 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include<config.h> +RCSID("$Id: pam.c 11417 2002-09-09 15:57:24Z joda $"); +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <pwd.h> +#include <unistd.h> +#include <sys/types.h> +#include <syslog.h> + +#include <security/pam_appl.h> +#include <security/pam_modules.h> +#ifndef PAM_AUTHTOK_RECOVERY_ERR /* Fix linsux typo. */ +#define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR +#endif + +#include <netinet/in.h> +#include <krb.h> +#include <kafs.h> + +#if 0 +/* Debugging PAM modules is a royal pain, truss helps. */ +#define DEBUG(msg) (access(msg " at line", __LINE__)) +#endif + +static void +psyslog(int level, const char *format, ...) +{ + va_list args; + va_start(args, format); + openlog("pam_krb4", LOG_PID, LOG_AUTH); + vsyslog(level, format, args); + va_end(args); + closelog(); +} + +enum { + KRB4_DEBUG, + KRB4_USE_FIRST_PASS, + KRB4_TRY_FIRST_PASS, + KRB4_IGNORE_ROOT, + KRB4_NO_VERIFY, + KRB4_REAFSLOG, + KRB4_CTRLS /* Number of ctrl arguments defined. */ +}; + +#define KRB4_DEFAULTS 0 + +static int ctrl_flags = KRB4_DEFAULTS; +#define ctrl_on(x) (krb4_args[x].flag & ctrl_flags) +#define ctrl_off(x) (!ctrl_on(x)) + +typedef struct +{ + const char *token; + unsigned int flag; +} krb4_ctrls_t; + +static krb4_ctrls_t krb4_args[KRB4_CTRLS] = +{ + /* KRB4_DEBUG */ { "debug", 0x01 }, + /* KRB4_USE_FIRST_PASS */ { "use_first_pass", 0x02 }, + /* KRB4_TRY_FIRST_PASS */ { "try_first_pass", 0x04 }, + /* KRB4_IGNORE_ROOT */ { "ignore_root", 0x08 }, + /* KRB4_NO_VERIFY */ { "no_verify", 0x10 }, + /* KRB4_REAFSLOG */ { "reafslog", 0x20 }, +}; + +static void +parse_ctrl(int argc, const char **argv) +{ + int i, j; + + ctrl_flags = KRB4_DEFAULTS; + for (i = 0; i < argc; i++) + { + for (j = 0; j < KRB4_CTRLS; j++) + if (strcmp(argv[i], krb4_args[j].token) == 0) + break; + + if (j >= KRB4_CTRLS) + psyslog(LOG_ALERT, "unrecognized option [%s]", *argv); + else + ctrl_flags |= krb4_args[j].flag; + } +} + +static void +pdeb(const char *format, ...) +{ + va_list args; + if (ctrl_off(KRB4_DEBUG)) + return; + va_start(args, format); + openlog("pam_krb4", LOG_PID, LOG_AUTH); + vsyslog(LOG_DEBUG, format, args); + va_end(args); + closelog(); +} + +#define ENTRY(func) pdeb("%s() flags = %d ruid = %d euid = %d", func, flags, getuid(), geteuid()) + +static void +set_tkt_string(uid_t uid) +{ + char buf[128]; + + snprintf(buf, sizeof(buf), "%s%u", TKT_ROOT, (unsigned)uid); + krb_set_tkt_string(buf); + +#if 0 + /* pam_set_data+pam_get_data are not guaranteed to work, grr. */ + pam_set_data(pamh, "KRBTKFILE", strdup(t), cleanup); + if (pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt) == PAM_SUCCESS) + { + pam_putenv(pamh, var); + } +#endif + + /* We don't want to inherit this variable. + * If we still do, it must have a sane value. */ + if (getenv("KRBTKFILE") != 0) + { + char *var = malloc(sizeof(buf)); + snprintf(var, sizeof(buf), "KRBTKFILE=%s", tkt_string()); + putenv(var); + /* free(var); XXX */ + } +} + +static int +verify_pass(pam_handle_t *pamh, + const char *name, + const char *inst, + const char *pass) +{ + char realm[REALM_SZ]; + int ret, krb_verify, old_euid, old_ruid; + + krb_get_lrealm(realm, 1); + if (ctrl_on(KRB4_NO_VERIFY)) + krb_verify = KRB_VERIFY_SECURE_FAIL; + else + krb_verify = KRB_VERIFY_SECURE; + old_ruid = getuid(); + old_euid = geteuid(); + setreuid(0, 0); + ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL); + pdeb("krb_verify_user(`%s', `%s', `%s', pw, %d, NULL) returns %s", + name, inst, realm, krb_verify, + krb_get_err_text(ret)); + setreuid(old_ruid, old_euid); + if (getuid() != old_ruid || geteuid() != old_euid) + { + psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d", + old_ruid, old_euid, __LINE__); + exit(1); + } + + switch(ret) { + case KSUCCESS: + return PAM_SUCCESS; + case KDC_PR_UNKNOWN: + return PAM_USER_UNKNOWN; + case SKDC_CANT: + case SKDC_RETRY: + case RD_AP_TIME: + return PAM_AUTHINFO_UNAVAIL; + default: + return PAM_AUTH_ERR; + } +} + +static int +krb4_auth(pam_handle_t *pamh, + int flags, + const char *name, + const char *inst, + struct pam_conv *conv) +{ + struct pam_response *resp; + char prompt[128]; + struct pam_message msg, *pmsg = &msg; + int ret; + + if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS)) + { + char *pass = 0; + ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass); + if (ret != PAM_SUCCESS) + { + psyslog(LOG_ERR , "pam_get_item returned error to get-password"); + return ret; + } + else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS) + return PAM_SUCCESS; + else if (ctrl_on(KRB4_USE_FIRST_PASS)) + return PAM_AUTHTOK_RECOVERY_ERR; /* Wrong password! */ + else + /* We tried the first password but it didn't work, cont. */; + } + + msg.msg_style = PAM_PROMPT_ECHO_OFF; + if (*inst == 0) + snprintf(prompt, sizeof(prompt), "%s's Password: ", name); + else + snprintf(prompt, sizeof(prompt), "%s.%s's Password: ", name, inst); + msg.msg = prompt; + + ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr); + if (ret != PAM_SUCCESS) + return ret; + + ret = verify_pass(pamh, name, inst, resp->resp); + if (ret == PAM_SUCCESS) + { + memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */ + free(resp->resp); + free(resp); + } + else + { + pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */ + /* free(resp->resp); XXX */ + /* free(resp); XXX */ + } + + return ret; +} + +int +pam_sm_authenticate(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + char *user; + int ret; + struct pam_conv *conv; + struct passwd *pw; + uid_t uid = -1; + const char *name, *inst; + char realm[REALM_SZ]; + realm[0] = 0; + + parse_ctrl(argc, argv); + ENTRY("pam_sm_authenticate"); + + ret = pam_get_user(pamh, &user, "login: "); + if (ret != PAM_SUCCESS) + return ret; + + if (ctrl_on(KRB4_IGNORE_ROOT) && strcmp(user, "root") == 0) + return PAM_AUTHINFO_UNAVAIL; + + ret = pam_get_item(pamh, PAM_CONV, (void*)&conv); + if (ret != PAM_SUCCESS) + return ret; + + pw = getpwnam(user); + if (pw != 0) + { + uid = pw->pw_uid; + set_tkt_string(uid); + } + + if (strcmp(user, "root") == 0 && getuid() != 0) + { + pw = getpwuid(getuid()); + if (pw != 0) + { + name = strdup(pw->pw_name); + inst = "root"; + } + } + else + { + name = user; + inst = ""; + } + + ret = krb4_auth(pamh, flags, name, inst, conv); + + /* + * The realm was lost inside krb_verify_user() so we can't simply do + * a krb_kuserok() when inst != "". + */ + if (ret == PAM_SUCCESS && inst[0] != 0) + { + uid_t old_euid = geteuid(); + uid_t old_ruid = getuid(); + + setreuid(0, 0); /* To read ticket file. */ + if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS) + ret = PAM_SERVICE_ERR; + else if (krb_kuserok(name, inst, realm, user) != KSUCCESS) + { + setreuid(0, uid); /* To read ~/.klogin. */ + if (krb_kuserok(name, inst, realm, user) != KSUCCESS) + ret = PAM_PERM_DENIED; + } + + if (ret != PAM_SUCCESS) + { + dest_tkt(); /* Passwd known, ok to kill ticket. */ + psyslog(LOG_NOTICE, + "%s.%s@%s is not allowed to log in as %s", + name, inst, realm, user); + } + + setreuid(old_ruid, old_euid); + if (getuid() != old_ruid || geteuid() != old_euid) + { + psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d", + old_ruid, old_euid, __LINE__); + exit(1); + } + } + + if (ret == PAM_SUCCESS) + { + psyslog(LOG_INFO, + "%s.%s@%s authenticated as user %s", + name, inst, realm, user); + if (chown(tkt_string(), uid, -1) == -1) + { + dest_tkt(); + psyslog(LOG_ALERT , "chown(%s, %d, -1) failed", tkt_string(), uid); + exit(1); + } + } + + /* + * Kludge alert!!! Sun dtlogin unlock screen fails to call + * pam_setcred(3) with PAM_REFRESH_CRED after a successful + * authentication attempt, sic. + * + * This hack is designed as a workaround to that problem. + */ + if (ctrl_on(KRB4_REAFSLOG)) + if (ret == PAM_SUCCESS) + pam_sm_setcred(pamh, PAM_REFRESH_CRED, argc, argv); + + return ret; +} + +int +pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + parse_ctrl(argc, argv); + ENTRY("pam_sm_setcred"); + + switch (flags & ~PAM_SILENT) { + case 0: + case PAM_ESTABLISH_CRED: + if (k_hasafs()) + k_setpag(); + /* Fall through, fill PAG with credentials below. */ + case PAM_REINITIALIZE_CRED: + case PAM_REFRESH_CRED: + if (k_hasafs()) + { + void *user = 0; + + if (pam_get_item(pamh, PAM_USER, &user) == PAM_SUCCESS) + { + struct passwd *pw = getpwnam((char *)user); + if (pw != 0) + krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0, + pw->pw_uid, pw->pw_dir); + } + } + break; + case PAM_DELETE_CRED: + dest_tkt(); + if (k_hasafs()) + k_unlog(); + break; + default: + psyslog(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags); + break; + } + + return PAM_SUCCESS; +} + +int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + parse_ctrl(argc, argv); + ENTRY("pam_sm_open_session"); + + return PAM_SUCCESS; +} + + +int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char**argv) +{ + parse_ctrl(argc, argv); + ENTRY("pam_sm_close_session"); + + /* This isn't really kosher, but it's handy. */ + pam_sm_setcred(pamh, PAM_DELETE_CRED, argc, argv); + + return PAM_SUCCESS; +} diff --git a/lib/auth/pam/pam.conf.add b/lib/auth/pam/pam.conf.add new file mode 100644 index 0000000..7db3e3d --- /dev/null +++ b/lib/auth/pam/pam.conf.add @@ -0,0 +1,97 @@ +To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch: + +--- /etc/pam.conf.DIST Mon Jul 20 15:37:46 1998 ++++ /etc/pam.conf Tue Feb 15 19:39:12 2000 +@@ -4,15 +4,19 @@ + # + # Authentication management + # ++login auth sufficient /usr/athena/lib/pam_krb4.so + login auth required /usr/lib/security/pam_unix.so.1 + login auth required /usr/lib/security/pam_dial_auth.so.1 + # + rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1 + rlogin auth required /usr/lib/security/pam_unix.so.1 + # ++dtlogin auth sufficient /usr/athena/lib/pam_krb4.so + dtlogin auth required /usr/lib/security/pam_unix.so.1 + # + rsh auth required /usr/lib/security/pam_rhosts_auth.so.1 ++# Reafslog is for dtlogin lock display ++other auth sufficient /usr/athena/lib/pam_krb4.so reafslog + other auth required /usr/lib/security/pam_unix.so.1 + # + # Account management +@@ -24,6 +28,8 @@ + # + # Session management + # ++dtlogin session required /usr/athena/lib/pam_krb4.so ++login session required /usr/athena/lib/pam_krb4.so + other session required /usr/lib/security/pam_unix.so.1 + # + # Password management +--------------------------------------------------------------------------- +To enable PAM in /bin/login and xdm under Red Hat 6.? apply these patches: + +--- /etc/pam.d/login~ Tue Dec 7 12:01:35 1999 ++++ /etc/pam.d/login Wed May 31 16:27:55 2000 +@@ -1,9 +1,12 @@ + #%PAM-1.0 ++# Updated to work with kerberos ++auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1 + auth required /lib/security/pam_securetty.so + auth required /lib/security/pam_pwdb.so shadow nullok + auth required /lib/security/pam_nologin.so + account required /lib/security/pam_pwdb.so + password required /lib/security/pam_cracklib.so + password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow ++session required /usr/athena/lib/pam_krb4.so.1.0.1 + session required /lib/security/pam_pwdb.so + session optional /lib/security/pam_console.so +--- /etc/pam.d/xdm~ Wed May 31 16:33:54 2000 ++++ /etc/pam.d/xdm Wed May 31 16:28:29 2000 +@@ -1,8 +1,11 @@ + #%PAM-1.0 ++# Updated to work with kerberos ++auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1 + auth required /lib/security/pam_pwdb.so shadow nullok + auth required /lib/security/pam_nologin.so + account required /lib/security/pam_pwdb.so + password required /lib/security/pam_cracklib.so + password required /lib/security/pam_pwdb.so shadow nullok use_authtok ++session required /usr/athena/lib/pam_krb4.so.1.0.1 + session required /lib/security/pam_pwdb.so + session optional /lib/security/pam_console.so +--- /etc/pam.d/gdm~ Wed May 31 16:33:54 2000 ++++ /etc/pam.d/gdm Wed May 31 16:34:28 2000 +@@ -1,8 +1,11 @@ + #%PAM-1.0 ++# Updated to work with kerberos ++auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1 + auth required /lib/security/pam_pwdb.so shadow nullok + auth required /lib/security/pam_nologin.so + account required /lib/security/pam_pwdb.so + password required /lib/security/pam_cracklib.so + password required /lib/security/pam_pwdb.so shadow nullok use_authtok ++session required /usr/athena/lib/pam_krb4.so.1.0.1 + session required /lib/security/pam_pwdb.so + session optional /lib/security/pam_console.so + +-------------------------------------------------------------------------- + +This stuff may work under some other system. + +# To get this to work, you will have to add entries to /etc/pam.conf +# +# To make login kerberos-aware, you might change pam.conf to look +# like: + +# login authorization +login auth sufficient /lib/security/pam_krb4.so +login auth required /lib/security/pam_securetty.so +login auth required /lib/security/pam_unix_auth.so +login account required /lib/security/pam_unix_acct.so +login password required /lib/security/pam_unix_passwd.so +login session required /lib/security/pam_krb4.so +login session required /lib/security/pam_unix_session.so diff --git a/lib/auth/sia/Makefile.am b/lib/auth/sia/Makefile.am new file mode 100644 index 0000000..7b6aedd --- /dev/null +++ b/lib/auth/sia/Makefile.am @@ -0,0 +1,116 @@ +# $Id: Makefile.am 22304 2007-12-14 12:18:18Z lha $ + +include $(top_srcdir)/Makefile.am.common + +AM_CPPFLAGS += $(INCLUDE_krb4) + +WFLAGS += $(WFLAGS_NOIMPLICITINT) + +DEFS = @DEFS@ + +## this is horribly ugly, but automake/libtool doesn't allow us to +## unconditionally build shared libraries, and it does not allow us to +## link with non-installed libraries + +KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a +KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so + +if KRB5 +L = \ + $(KAFS) \ + $(top_builddir)/lib/krb5/.libs/libkrb5.a \ + $(top_builddir)/lib/asn1/.libs/libasn1.a \ + $(LIB_krb4) \ + $(LIB_hcrypto_a) \ + $(LIB_com_err_a) \ + $(top_builddir)/lib/roken/.libs/libroken.a \ + $(LIB_getpwnam_r) \ + -lc + +L_shared = \ + $(KAFS_S) \ + $(top_builddir)/lib/krb5/.libs/libkrb5.so \ + $(top_builddir)/lib/asn1/.libs/libasn1.so \ + $(LIB_krb4) \ + $(LIB_hcrypto_so) \ + $(LIB_com_err_so) \ + $(top_builddir)/lib/roken/.libs/libroken.so \ + $(LIB_getpwnam_r) \ + -lc + +MOD = libsia_krb5.so + +else + +L = \ + $(KAFS) \ + $(top_builddir)/lib/kadm/.libs/libkadm.a \ + $(top_builddir)/lib/krb/.libs/libkrb.a \ + $(LIB_hcrypto_a) \ + $(top_builddir)/lib/com_err/.libs/libcom_err.a \ + $(top_builddir)/lib/roken/.libs/libroken.a \ + $(LIB_getpwnam_r) \ + -lc + +L_shared = \ + $(KAFS_S) \ + $(top_builddir)/lib/kadm/.libs/libkadm.so \ + $(top_builddir)/lib/krb/.libs/libkrb.so \ + $(LIB_hcrypto_so) \ + $(top_builddir)/lib/com_err/.libs/libcom_err.so \ + $(top_builddir)/lib/roken/.libs/libroken.so \ + $(LIB_getpwnam_r) \ + -lc + +MOD = libsia_krb4.so + +endif + +foodir = $(libdir) +foo_DATA = $(MOD) + +LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* + +SRCS = sia.c posix_getpw.c sia_locl.h +OBJS = sia.o posix_getpw.o + +libsia_krb5.so: $(OBJS) + @if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \ + echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \ + $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \ + elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \ + echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \ + $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \ + else \ + echo "missing libraries"; exit 1; \ + fi + ostrip -x $@ + +libsia_krb4.so: $(OBJS) + @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \ + echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \ + $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \ + elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \ + echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \ + $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \ + else \ + echo "missing libraries"; exit 1; \ + fi + ostrip -x $@ + +CLEANFILES = $(MOD) $(OBJS) so_locations + +SUFFIXES += .c .o + +# XXX inline COMPILE since automake wont add it + +.c.o: + $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ + -c `test -f '$<' || echo '$(srcdir)/'`$< + +EXTRA_DIST = sia.c sia_locl.h posix_getpw.c \ + krb4_matrix.conf krb4+c2_matrix.conf \ + krb5_matrix.conf krb5+c2_matrix.conf \ + security.patch \ + make-rpath $(SRCS) diff --git a/lib/auth/sia/Makefile.in b/lib/auth/sia/Makefile.in new file mode 100644 index 0000000..88f6257 --- /dev/null +++ b/lib/auth/sia/Makefile.in @@ -0,0 +1,778 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id: Makefile.am 22304 2007-12-14 12:18:18Z lha $ + +# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ + +# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/Makefile.am.common \ + $(top_srcdir)/cf/Makefile.am.common +subdir = lib/auth/sia +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ + $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/broken-getaddrinfo.m4 \ + $(top_srcdir)/cf/broken-glob.m4 \ + $(top_srcdir)/cf/broken-realloc.m4 \ + $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ + $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ + $(top_srcdir)/cf/capabilities.m4 \ + $(top_srcdir)/cf/check-compile-et.m4 \ + $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ + $(top_srcdir)/cf/check-man.m4 \ + $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ + $(top_srcdir)/cf/check-type-extra.m4 \ + $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ + $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ + $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ + $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/find-func-no-libs.m4 \ + $(top_srcdir)/cf/find-func-no-libs2.m4 \ + $(top_srcdir)/cf/find-func.m4 \ + $(top_srcdir)/cf/find-if-not-broken.m4 \ + $(top_srcdir)/cf/framework-security.m4 \ + $(top_srcdir)/cf/have-struct-field.m4 \ + $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ + $(top_srcdir)/cf/krb-bigendian.m4 \ + $(top_srcdir)/cf/krb-func-getlogin.m4 \ + $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ + $(top_srcdir)/cf/krb-readline.m4 \ + $(top_srcdir)/cf/krb-struct-spwd.m4 \ + $(top_srcdir)/cf/krb-struct-winsize.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ + $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ + $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ + $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ + $(top_srcdir)/cf/roken-frag.m4 \ + $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ + $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ + $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ + $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/include/config.h +CONFIG_CLEAN_FILES = +depcomp = +am__depfiles_maybe = +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(foodir)" +fooDATA_INSTALL = $(INSTALL_DATA) +DATA = $(foo_DATA) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +CFLAGS = @CFLAGS@ +COMPILE_ET = @COMPILE_ET@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DBLIB = @DBLIB@ +DEFS = @DEFS@ +DIR_com_err = @DIR_com_err@ +DIR_hcrypto = @DIR_hcrypto@ +DIR_hdbdir = @DIR_hdbdir@ +DIR_roken = @DIR_roken@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_hcrypto = @INCLUDE_hcrypto@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_openldap = @INCLUDE_openldap@ +INCLUDE_readline = @INCLUDE_readline@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* +LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBADD_roken = @LIBADD_roken@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_NDBM = @LIB_NDBM@ +LIB_XauFileName = @LIB_XauFileName@ +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_XauWriteAuth = @LIB_XauWriteAuth@ +LIB_bswap16 = @LIB_bswap16@ +LIB_bswap32 = @LIB_bswap32@ +LIB_com_err = @LIB_com_err@ +LIB_com_err_a = @LIB_com_err_a@ +LIB_com_err_so = @LIB_com_err_so@ +LIB_crypt = @LIB_crypt@ +LIB_db_create = @LIB_db_create@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_door_create = @LIB_door_create@ +LIB_el_init = @LIB_el_init@ +LIB_freeaddrinfo = @LIB_freeaddrinfo@ +LIB_gai_strerror = @LIB_gai_strerror@ +LIB_getaddrinfo = @LIB_getaddrinfo@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_gethostbyname2 = @LIB_gethostbyname2@ +LIB_getnameinfo = @LIB_getnameinfo@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_hcrypto = @LIB_hcrypto@ +LIB_hcrypto_a = @LIB_hcrypto_a@ +LIB_hcrypto_appl = @LIB_hcrypto_appl@ +LIB_hcrypto_so = @LIB_hcrypto_so@ +LIB_hesiod = @LIB_hesiod@ +LIB_hstrerror = @LIB_hstrerror@ +LIB_kdb = @LIB_kdb@ +LIB_krb4 = @LIB_krb4@ +LIB_loadquery = @LIB_loadquery@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_openldap = @LIB_openldap@ +LIB_openpty = @LIB_openpty@ +LIB_otp = @LIB_otp@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_ndestroy = @LIB_res_ndestroy@ +LIB_res_nsearch = @LIB_res_nsearch@ +LIB_res_search = @LIB_res_search@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NROFF = @NROFF@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ +PTHREADS_LIBS = @PTHREADS_LIBS@ +RANLIB = @RANLIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VERSIONING = @VERSIONING@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT) +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +XMKMF = @XMKMF@ +X_CFLAGS = @X_CFLAGS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_LIBS = @X_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__leading_dot = @am__leading_dot@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dpagaix_cflags = @dpagaix_cflags@ +dpagaix_ldadd = @dpagaix_ldadd@ +dpagaix_ldflags = @dpagaix_ldflags@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o +AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ + $(INCLUDE_krb4) +@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME +AM_CFLAGS = $(WFLAGS) +CP = cp +buildinclude = $(top_builddir)/include +LIB_getattr = @LIB_getattr@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_setpcred = @LIB_setpcred@ +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +NROFF_MAN = groff -mandoc -Tascii +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la + +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la +@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la +KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a +KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so +@KRB5_FALSE@L = \ +@KRB5_FALSE@ $(KAFS) \ +@KRB5_FALSE@ $(top_builddir)/lib/kadm/.libs/libkadm.a \ +@KRB5_FALSE@ $(top_builddir)/lib/krb/.libs/libkrb.a \ +@KRB5_FALSE@ $(LIB_hcrypto_a) \ +@KRB5_FALSE@ $(top_builddir)/lib/com_err/.libs/libcom_err.a \ +@KRB5_FALSE@ $(top_builddir)/lib/roken/.libs/libroken.a \ +@KRB5_FALSE@ $(LIB_getpwnam_r) \ +@KRB5_FALSE@ -lc + +@KRB5_TRUE@L = \ +@KRB5_TRUE@ $(KAFS) \ +@KRB5_TRUE@ $(top_builddir)/lib/krb5/.libs/libkrb5.a \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/.libs/libasn1.a \ +@KRB5_TRUE@ $(LIB_krb4) \ +@KRB5_TRUE@ $(LIB_hcrypto_a) \ +@KRB5_TRUE@ $(LIB_com_err_a) \ +@KRB5_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.a \ +@KRB5_TRUE@ $(LIB_getpwnam_r) \ +@KRB5_TRUE@ -lc + +@KRB5_FALSE@L_shared = \ +@KRB5_FALSE@ $(KAFS_S) \ +@KRB5_FALSE@ $(top_builddir)/lib/kadm/.libs/libkadm.so \ +@KRB5_FALSE@ $(top_builddir)/lib/krb/.libs/libkrb.so \ +@KRB5_FALSE@ $(LIB_hcrypto_so) \ +@KRB5_FALSE@ $(top_builddir)/lib/com_err/.libs/libcom_err.so \ +@KRB5_FALSE@ $(top_builddir)/lib/roken/.libs/libroken.so \ +@KRB5_FALSE@ $(LIB_getpwnam_r) \ +@KRB5_FALSE@ -lc + +@KRB5_TRUE@L_shared = \ +@KRB5_TRUE@ $(KAFS_S) \ +@KRB5_TRUE@ $(top_builddir)/lib/krb5/.libs/libkrb5.so \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/.libs/libasn1.so \ +@KRB5_TRUE@ $(LIB_krb4) \ +@KRB5_TRUE@ $(LIB_hcrypto_so) \ +@KRB5_TRUE@ $(LIB_com_err_so) \ +@KRB5_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.so \ +@KRB5_TRUE@ $(LIB_getpwnam_r) \ +@KRB5_TRUE@ -lc + +@KRB5_FALSE@MOD = libsia_krb4.so +@KRB5_TRUE@MOD = libsia_krb5.so +foodir = $(libdir) +foo_DATA = $(MOD) +SRCS = sia.c posix_getpw.c sia_locl.h +OBJS = sia.o posix_getpw.o +CLEANFILES = $(MOD) $(OBJS) so_locations +EXTRA_DIST = sia.c sia_locl.h posix_getpw.c \ + krb4_matrix.conf krb4+c2_matrix.conf \ + krb5_matrix.conf krb5+c2_matrix.conf \ + security.patch \ + make-rpath $(SRCS) + +all: all-am + +.SUFFIXES: +.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/sia/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign --ignore-deps lib/auth/sia/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-fooDATA: $(foo_DATA) + @$(NORMAL_INSTALL) + test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)" + @list='$(foo_DATA)'; for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + f=$(am__strip_dir) \ + echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \ + $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \ + done + +uninstall-fooDATA: + @$(NORMAL_UNINSTALL) + @list='$(foo_DATA)'; for p in $$list; do \ + f=$(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \ + rm -f "$(DESTDIR)$(foodir)/$$f"; \ + done +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +all-am: Makefile $(DATA) all-local +installdirs: + for dir in "$(DESTDIR)$(foodir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook + +install-dvi: install-dvi-am + +install-exec-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + +install-html: install-html-am + +install-info: install-info-am + +install-man: + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-hook + +.MAKE: install-am install-data-am install-exec-am install-strip \ + uninstall-am + +.PHONY: all all-am all-local check check-am check-local clean \ + clean-generic clean-libtool dist-hook distclean \ + distclean-generic distclean-libtool distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-fooDATA \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am uninstall uninstall-am uninstall-fooDATA \ + uninstall-hook + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) + @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done ; \ + foo='$(nobase_include_HEADERS)'; \ + for f in $$foo; do \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers + +check-local:: + @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ + foo=''; elif test '$(CHECK_LOCAL)'; then \ + foo='$(CHECK_LOCAL)'; else \ + foo='$(PROGRAMS)'; fi; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0 || exit 1; \ + fi + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +uninstall-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-hook: install-cat-mans +uninstall-hook: uninstall-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +# +# Useful target for debugging +# + +check-valgrind: + tobjdir=`cd $(top_builddir) && pwd` ; \ + tsrcdir=`cd $(top_srcdir) && pwd` ; \ + env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + +# +# Target to please samba build farm, builds distfiles in-tree. +# Will break when automake changes... +# + +distdir-in-tree: $(DISTFILES) $(INFO_DEPS) + list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" != .; then \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ + fi ; \ + done + +libsia_krb5.so: $(OBJS) + @if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \ + echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \ + $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \ + elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \ + echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \ + $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \ + else \ + echo "missing libraries"; exit 1; \ + fi + ostrip -x $@ + +libsia_krb4.so: $(OBJS) + @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \ + echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \ + $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \ + elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \ + echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \ + $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \ + else \ + echo "missing libraries"; exit 1; \ + fi + ostrip -x $@ + +# XXX inline COMPILE since automake wont add it + +.c.o: + $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ + -c `test -f '$<' || echo '$(srcdir)/'`$< +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/lib/auth/sia/krb4+c2_matrix.conf b/lib/auth/sia/krb4+c2_matrix.conf new file mode 100644 index 0000000..47b5cd4 --- /dev/null +++ b/lib/auth/sia/krb4+c2_matrix.conf @@ -0,0 +1,58 @@ +# Copyright (c) 1998 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +# $Id: krb4+c2_matrix.conf 7463 1999-12-02 16:58:55Z joda $ + +# sia matrix configuration file (Kerberos 4 + C2) + +siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) +siad_chk_invoker=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_estab=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_chg_finger=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_chg_shell=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_getpwent=(BSD,libc.so) +siad_getpwuid=(BSD,libc.so) +siad_getpwnam=(BSD,libc.so) +siad_setpwent=(BSD,libc.so) +siad_endpwent=(BSD,libc.so) +siad_getgrent=(BSD,libc.so) +siad_getgrgid=(BSD,libc.so) +siad_getgrnam=(BSD,libc.so) +siad_setgrent=(BSD,libc.so) +siad_endgrent=(BSD,libc.so) +siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) diff --git a/lib/auth/sia/krb4_matrix.conf b/lib/auth/sia/krb4_matrix.conf new file mode 100644 index 0000000..17d6d13 --- /dev/null +++ b/lib/auth/sia/krb4_matrix.conf @@ -0,0 +1,59 @@ +# Copyright (c) 1998 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +# $Id: krb4_matrix.conf 7463 1999-12-02 16:58:55Z joda $ + +# sia matrix configuration file (Kerberos 4 + BSD) + +siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) +siad_chk_invoker=(BSD,libc.so) +siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so) +siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) +siad_ses_estab=(BSD,libc.so) +siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) +siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) +siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) +siad_chg_finger=(BSD,libc.so) +siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) +siad_chg_shell=(BSD,libc.so) +siad_getpwent=(BSD,libc.so) +siad_getpwuid=(BSD,libc.so) +siad_getpwnam=(BSD,libc.so) +siad_setpwent=(BSD,libc.so) +siad_endpwent=(BSD,libc.so) +siad_getgrent=(BSD,libc.so) +siad_getgrgid=(BSD,libc.so) +siad_getgrnam=(BSD,libc.so) +siad_setgrent=(BSD,libc.so) +siad_endgrent=(BSD,libc.so) +siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) +siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) + diff --git a/lib/auth/sia/krb5+c2_matrix.conf b/lib/auth/sia/krb5+c2_matrix.conf new file mode 100644 index 0000000..ada8ba5 --- /dev/null +++ b/lib/auth/sia/krb5+c2_matrix.conf @@ -0,0 +1,27 @@ +# $Id: krb5+c2_matrix.conf 5254 1998-11-26 20:58:18Z assar $ + +# sia matrix configuration file (Kerberos 5 + C2) + +siad_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so) +siad_chk_invoker=(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_authent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_estab=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_launch=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_suauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_ses_reauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_chg_finger=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_chg_password=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_chg_shell=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_getpwent=(BSD,libc.so) +siad_getpwuid=(BSD,libc.so) +siad_getpwnam=(BSD,libc.so) +siad_setpwent=(BSD,libc.so) +siad_endpwent=(BSD,libc.so) +siad_getgrent=(BSD,libc.so) +siad_getgrgid=(BSD,libc.so) +siad_getgrnam=(BSD,libc.so) +siad_setgrent=(BSD,libc.so) +siad_endgrent=(BSD,libc.so) +siad_ses_release=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) +siad_chk_user=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) diff --git a/lib/auth/sia/krb5_matrix.conf b/lib/auth/sia/krb5_matrix.conf new file mode 100644 index 0000000..ab07956 --- /dev/null +++ b/lib/auth/sia/krb5_matrix.conf @@ -0,0 +1,27 @@ +# $Id: krb5_matrix.conf 10576 2001-08-28 08:49:20Z joda $ + +# sia matrix configuration file (Kerberos 5 + BSD) + +siad_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) +siad_chk_invoker=(BSD,libc.so) +siad_ses_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so) +siad_ses_authent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) +siad_ses_estab=(BSD,libc.so) +siad_ses_launch=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) +siad_ses_suauthent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) +siad_ses_reauthent=(BSD,libc.so) +siad_chg_finger=(BSD,libc.so) +siad_chg_password=(BSD,libc.so) +siad_chg_shell=(BSD,libc.so) +siad_getpwent=(BSD,libc.so) +siad_getpwuid=(BSD,libc.so) +siad_getpwnam=(BSD,libc.so) +siad_setpwent=(BSD,libc.so) +siad_endpwent=(BSD,libc.so) +siad_getgrent=(BSD,libc.so) +siad_getgrgid=(BSD,libc.so) +siad_getgrnam=(BSD,libc.so) +siad_setgrent=(BSD,libc.so) +siad_endgrent=(BSD,libc.so) +siad_ses_release=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) +siad_chk_user=(BSD,libc.so) diff --git a/lib/auth/sia/make-rpath b/lib/auth/sia/make-rpath new file mode 100755 index 0000000..4aa297e --- /dev/null +++ b/lib/auth/sia/make-rpath @@ -0,0 +1,34 @@ +#!/bin/sh +# $Id: make-rpath 10345 2001-07-17 15:15:31Z assar $ +rlist= +rest= +while test $# -gt 0; do +case $1 in +-R|-rpath) + if test "$rlist"; then + rlist="${rlist}:$2" + else + rlist="$2" + fi + shift 2 + ;; +-R*) + d=`echo $1 | sed 's,^-R,,'` + if test "$rlist"; then + rlist="${rlist}:${d}" + else + rlist="${d}" + fi + shift + ;; +*) + rest="${rest} $1" + shift + ;; +esac +done +rpath= +if test "$rlist"; then + rpath="-rpath $rlist " +fi +echo "${rpath}${rest}" diff --git a/lib/auth/sia/posix_getpw.c b/lib/auth/sia/posix_getpw.c new file mode 100644 index 0000000..65d7a2e --- /dev/null +++ b/lib/auth/sia/posix_getpw.c @@ -0,0 +1,78 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "sia_locl.h" + +RCSID("$Id: posix_getpw.c 5680 1999-03-21 17:07:02Z joda $"); + +#ifndef POSIX_GETPWNAM_R +/* + * These functions translate from the old Digital UNIX 3.x interface + * to POSIX.1c. + */ + +int +posix_getpwnam_r(const char *name, struct passwd *pwd, + char *buffer, int len, struct passwd **result) +{ + int ret = getpwnam_r(name, pwd, buffer, len); + if(ret == 0) + *result = pwd; + else{ + *result = NULL; + ret = _Geterrno(); + if(ret == 0){ + ret = ERANGE; + _Seterrno(ret); + } + } + return ret; +} + +int +posix_getpwuid_r(uid_t uid, struct passwd *pwd, + char *buffer, int len, struct passwd **result) +{ + int ret = getpwuid_r(uid, pwd, buffer, len); + if(ret == 0) + *result = pwd; + else{ + *result = NULL; + ret = _Geterrno(); + if(ret == 0){ + ret = ERANGE; + _Seterrno(ret); + } + } + return ret; +} +#endif /* POSIX_GETPWNAM_R */ diff --git a/lib/auth/sia/security.patch b/lib/auth/sia/security.patch new file mode 100644 index 0000000..c407876 --- /dev/null +++ b/lib/auth/sia/security.patch @@ -0,0 +1,11 @@ +--- /sbin/init.d/security~ Tue Aug 20 22:44:09 1996 ++++ /sbin/init.d/security Fri Nov 1 14:52:56 1996 +@@ -49,7 +49,7 @@ + SECURITY=BASE + fi + ;; +- BASE) ++ BASE|KRB4) + ;; + *) + echo "security configuration set to default (BASE)." diff --git a/lib/auth/sia/sia.c b/lib/auth/sia/sia.c new file mode 100644 index 0000000..640b868 --- /dev/null +++ b/lib/auth/sia/sia.c @@ -0,0 +1,703 @@ +/* + * Copyright (c) 1995-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "sia_locl.h" + +RCSID("$Id: sia.c 14838 2005-04-19 04:41:07Z lha $"); + +int +siad_init(void) +{ + return SIADSUCCESS; +} + +int +siad_chk_invoker(void) +{ + SIA_DEBUG(("DEBUG", "siad_chk_invoker")); + return SIADFAIL; +} + +int +siad_ses_init(SIAENTITY *entity, int pkgind) +{ + struct state *s = malloc(sizeof(*s)); + + SIA_DEBUG(("DEBUG", "siad_ses_init")); + if(s == NULL) + return SIADFAIL; + memset(s, 0, sizeof(*s)); +#ifdef SIA_KRB5 + { + krb5_error_code ret; + ret = krb5_init_context(&s->context); + if (ret) + return SIADFAIL; + } +#endif + entity->mech[pkgind] = (int*)s; + return SIADSUCCESS; +} + +static int +setup_name(SIAENTITY *e, prompt_t *p) +{ + SIA_DEBUG(("DEBUG", "setup_name")); + e->name = malloc(SIANAMEMIN + 1); + if(e->name == NULL){ + SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIANAMEMIN+1)); + return SIADFAIL; + } + p->prompt = (unsigned char*)"login: "; + p->result = (unsigned char*)e->name; + p->min_result_length = 1; + p->max_result_length = SIANAMEMIN; + p->control_flags = 0; + return SIADSUCCESS; +} + +static int +setup_password(SIAENTITY *e, prompt_t *p) +{ + SIA_DEBUG(("DEBUG", "setup_password")); + e->password = malloc(SIAMXPASSWORD + 1); + if(e->password == NULL){ + SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIAMXPASSWORD+1)); + return SIADFAIL; + } + p->prompt = (unsigned char*)"Password: "; + p->result = (unsigned char*)e->password; + p->min_result_length = 0; + p->max_result_length = SIAMXPASSWORD; + p->control_flags = SIARESINVIS; + return SIADSUCCESS; +} + + +static int +doauth(SIAENTITY *entity, int pkgind, char *name) +{ + struct passwd pw, *pwd; + char pwbuf[1024]; + struct state *s = (struct state*)entity->mech[pkgind]; +#ifdef SIA_KRB5 + krb5_realm *realms, *r; + krb5_principal principal; + krb5_ccache ccache; + krb5_error_code ret; +#endif +#ifdef SIA_KRB4 + char realm[REALM_SZ]; + char *toname, *toinst; + int ret; + struct passwd fpw, *fpwd; + char fpwbuf[1024]; + int secure; +#endif + + if(getpwnam_r(name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0 || pwd == NULL){ + SIA_DEBUG(("DEBUG", "failed to getpwnam(%s)", name)); + return SIADFAIL; + } + +#ifdef SIA_KRB5 + ret = krb5_get_default_realms(s->context, &realms); + + for (r = realms; *r != NULL; ++r) { + krb5_make_principal (s->context, &principal, *r, entity->name, NULL); + + if(krb5_kuserok(s->context, principal, entity->name)) + break; + } + krb5_free_host_realm (s->context, realms); + if (*r == NULL) + return SIADFAIL; + + sprintf(s->ticket, "FILE:/tmp/krb5_cc%d_%d", pwd->pw_uid, getpid()); + ret = krb5_cc_resolve(s->context, s->ticket, &ccache); + if(ret) + return SIADFAIL; +#endif + +#ifdef SIA_KRB4 + snprintf(s->ticket, sizeof(s->ticket), + "%s%u_%u", TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid()); + krb_get_lrealm(realm, 1); + toname = name; + toinst = ""; + if(entity->authtype == SIA_A_SUAUTH){ + uid_t ouid; +#ifdef HAVE_SIAENTITY_OUID + ouid = entity->ouid; +#else + ouid = getuid(); +#endif + if(getpwuid_r(ouid, &fpw, fpwbuf, sizeof(fpwbuf), &fpwd) != 0 || fpwd == NULL){ + SIA_DEBUG(("DEBUG", "failed to getpwuid(%u)", ouid)); + return SIADFAIL; + } + snprintf(s->ticket, sizeof(s->ticket), "%s_%s_to_%s_%d", + TKT_ROOT, fpwd->pw_name, pwd->pw_name, getpid()); + if(strcmp(pwd->pw_name, "root") == 0){ + toname = fpwd->pw_name; + toinst = pwd->pw_name; + } + } + if(entity->authtype == SIA_A_REAUTH) + snprintf(s->ticket, sizeof(s->ticket), "%s", tkt_string()); + + krb_set_tkt_string(s->ticket); + + setuid(0); /* XXX fix for fix in tf_util.c */ + if(krb_kuserok(toname, toinst, realm, name)){ + SIA_DEBUG(("DEBUG", "%s.%s@%s is not allowed to login as %s", + toname, toinst, realm, name)); + return SIADFAIL; + } +#endif +#ifdef SIA_KRB5 + ret = krb5_verify_user_lrealm(s->context, principal, ccache, + entity->password, 1, NULL); + if(ret){ + /* if this is most likely a local user (such as + root), just silently return failure when the + principal doesn't exist */ + if(ret != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN && + ret != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) + SIALOG("WARNING", "krb5_verify_user(%s): %s", + entity->name, error_message(ret)); + return SIADFAIL; + } +#endif +#ifdef SIA_KRB4 + if (getuid () == 0) + secure = KRB_VERIFY_SECURE; + else + secure = KRB_VERIFY_NOT_SECURE; + + ret = krb_verify_user(toname, toinst, realm, + entity->password, secure, NULL); + if(ret){ + SIA_DEBUG(("DEBUG", "krb_verify_user: %s", krb_get_err_text(ret))); + if(ret != KDC_PR_UNKNOWN) + /* since this is most likely a local user (such as + root), just silently return failure when the + principal doesn't exist */ + SIALOG("WARNING", "krb_verify_user(%s.%s): %s", + toname, toinst, krb_get_err_text(ret)); + return SIADFAIL; + } +#endif + if(sia_make_entity_pwd(pwd, entity) == SIAFAIL) + return SIADFAIL; + s->valid = 1; + return SIADSUCCESS; +} + + +static int +common_auth(sia_collect_func_t *collect, + SIAENTITY *entity, + int siastat, + int pkgind) +{ + prompt_t prompts[2], *pr; + char *name; + + SIA_DEBUG(("DEBUG", "common_auth")); + if((siastat == SIADSUCCESS) && (geteuid() == 0)) + return SIADSUCCESS; + if(entity == NULL) { + SIA_DEBUG(("DEBUG", "entity == NULL")); + return SIADFAIL | SIADSTOP; + } + name = entity->name; + if(entity->acctname) + name = entity->acctname; + + if((collect != NULL) && entity->colinput) { + int num; + pr = prompts; + if(name == NULL){ + if(setup_name(entity, pr) != SIADSUCCESS) + return SIADFAIL; + pr++; + } + if(entity->password == NULL){ + if(setup_password(entity, pr) != SIADSUCCESS) + return SIADFAIL; + pr++; + } + num = pr - prompts; + if(num == 1){ + if((*collect)(240, SIAONELINER, (unsigned char*)"", num, + prompts) != SIACOLSUCCESS){ + SIA_DEBUG(("DEBUG", "collect failed")); + return SIADFAIL | SIADSTOP; + } + } else if(num > 0){ + if((*collect)(0, SIAFORM, (unsigned char*)"", num, + prompts) != SIACOLSUCCESS){ + SIA_DEBUG(("DEBUG", "collect failed")); + return SIADFAIL | SIADSTOP; + } + } + } + if(name == NULL) + name = entity->name; + if(name == NULL || name[0] == '\0'){ + SIA_DEBUG(("DEBUG", "name is null")); + return SIADFAIL; + } + + if(entity->password == NULL || strlen(entity->password) > SIAMXPASSWORD){ + SIA_DEBUG(("DEBUG", "entity->password is null")); + return SIADFAIL; + } + + return doauth(entity, pkgind, name); +} + + +int +siad_ses_authent(sia_collect_func_t *collect, + SIAENTITY *entity, + int siastat, + int pkgind) +{ + SIA_DEBUG(("DEBUG", "siad_ses_authent")); + return common_auth(collect, entity, siastat, pkgind); +} + +int +siad_ses_estab(sia_collect_func_t *collect, + SIAENTITY *entity, int pkgind) +{ + SIA_DEBUG(("DEBUG", "siad_ses_estab")); + return SIADFAIL; +} + +int +siad_ses_launch(sia_collect_func_t *collect, + SIAENTITY *entity, + int pkgind) +{ + static char env[MaxPathLen]; + struct state *s = (struct state*)entity->mech[pkgind]; + SIA_DEBUG(("DEBUG", "siad_ses_launch")); + if(s->valid){ +#ifdef SIA_KRB5 + chown(s->ticket + sizeof("FILE:") - 1, + entity->pwd->pw_uid, + entity->pwd->pw_gid); + snprintf(env, sizeof(env), "KRB5CCNAME=%s", s->ticket); +#endif +#ifdef SIA_KRB4 + chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid); + snprintf(env, sizeof(env), "KRBTKFILE=%s", s->ticket); +#endif + putenv(env); + } +#ifdef SIA_KRB5 + if (k_hasafs()) { + char cell[64]; + krb5_ccache ccache; + if(krb5_cc_resolve(s->context, s->ticket, &ccache) == 0) { + k_setpag(); + if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0) + krb5_afslog(s->context, ccache, cell, 0); + krb5_afslog_home(s->context, ccache, 0, 0, entity->pwd->pw_dir); + } + } +#endif +#ifdef SIA_KRB4 + if (k_hasafs()) { + char cell[64]; + k_setpag(); + if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0) + krb_afslog(cell, 0); + krb_afslog_home(0, 0, entity->pwd->pw_dir); + } +#endif + return SIADSUCCESS; +} + +int +siad_ses_release(SIAENTITY *entity, int pkgind) +{ + SIA_DEBUG(("DEBUG", "siad_ses_release")); + if(entity->mech[pkgind]){ +#ifdef SIA_KRB5 + struct state *s = (struct state*)entity->mech[pkgind]; + krb5_free_context(s->context); +#endif + free(entity->mech[pkgind]); + } + return SIADSUCCESS; +} + +int +siad_ses_suauthent(sia_collect_func_t *collect, + SIAENTITY *entity, + int siastat, + int pkgind) +{ + SIA_DEBUG(("DEBUG", "siad_ses_suauth")); + if(geteuid() != 0) + return SIADFAIL; + if(entity->name == NULL) + return SIADFAIL; + if(entity->name[0] == '\0') { + free(entity->name); + entity->name = strdup("root"); + if (entity->name == NULL) + return SIADFAIL; + } + return common_auth(collect, entity, siastat, pkgind); +} + +int +siad_ses_reauthent (sia_collect_func_t *collect, + SIAENTITY *entity, + int siastat, + int pkgind) +{ + int ret; + SIA_DEBUG(("DEBUG", "siad_ses_reauthent")); + if(entity == NULL || entity->name == NULL) + return SIADFAIL; + ret = common_auth(collect, entity, siastat, pkgind); + if((ret & SIADSUCCESS)){ + /* launch isn't (always?) called when doing reauth, so we must + duplicate some code here... */ + struct state *s = (struct state*)entity->mech[pkgind]; + chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid); +#ifdef SIA_KRB5 + if (k_hasafs()) { + char cell[64]; + krb5_ccache ccache; + if(krb5_cc_resolve(s->context, s->ticket, &ccache) == 0) { + k_setpag(); + if(k_afs_cell_of_file(entity->pwd->pw_dir, + cell, sizeof(cell)) == 0) + krb5_afslog(s->context, ccache, cell, 0); + krb5_afslog_home(s->context, ccache, 0, 0, entity->pwd->pw_dir); + } + } +#endif +#ifdef SIA_KRB4 + if(k_hasafs()) { + char cell[64]; + if(k_afs_cell_of_file(entity->pwd->pw_dir, + cell, sizeof(cell)) == 0) + krb_afslog(cell, 0); + krb_afslog_home(0, 0, entity->pwd->pw_dir); + } +#endif + } + return ret; +} + +int +siad_chg_finger (sia_collect_func_t *collect, + const char *username, + int argc, + char *argv[]) +{ + SIA_DEBUG(("DEBUG", "siad_chg_finger")); + return SIADFAIL; +} + +#ifdef SIA_KRB5 +int +siad_chg_password (sia_collect_func_t *collect, + const char *username, + int argc, + char *argv[]) +{ + return SIADFAIL; +} +#endif + +#ifdef SIA_KRB4 +static void +sia_message(sia_collect_func_t *collect, int rendition, + const char *title, const char *message) +{ + prompt_t prompt; + prompt.prompt = (unsigned char*)message; + (*collect)(0, rendition, (unsigned char*)title, 1, &prompt); +} + +static int +init_change(sia_collect_func_t *collect, krb_principal *princ) +{ + prompt_t prompt; + char old_pw[MAX_KPW_LEN+1]; + char *msg; + char tktstring[128]; + int ret; + + SIA_DEBUG(("DEBUG", "init_change")); + prompt.prompt = (unsigned char*)"Old password: "; + prompt.result = (unsigned char*)old_pw; + prompt.min_result_length = 0; + prompt.max_result_length = sizeof(old_pw) - 1; + prompt.control_flags = SIARESINVIS; + asprintf(&msg, "Changing password for %s", krb_unparse_name(princ)); + if(msg == NULL){ + SIA_DEBUG(("DEBUG", "out of memory")); + return SIADFAIL; + } + ret = (*collect)(60, SIAONELINER, (unsigned char*)msg, 1, &prompt); + free(msg); + SIA_DEBUG(("DEBUG", "ret = %d", ret)); + if(ret != SIACOLSUCCESS) + return SIADFAIL; + snprintf(tktstring, sizeof(tktstring), + "%s_cpw_%u", TKT_ROOT, (unsigned)getpid()); + krb_set_tkt_string(tktstring); + + ret = krb_get_pw_in_tkt(princ->name, princ->instance, princ->realm, + PWSERV_NAME, KADM_SINST, 1, old_pw); + if (ret != KSUCCESS) { + SIA_DEBUG(("DEBUG", "krb_get_pw_in_tkt: %s", krb_get_err_text(ret))); + if (ret == INTK_BADPW) + sia_message(collect, SIAWARNING, "", "Incorrect old password."); + else + sia_message(collect, SIAWARNING, "", "Kerberos error."); + memset(old_pw, 0, sizeof(old_pw)); + return SIADFAIL; + } + if(chown(tktstring, getuid(), -1) < 0){ + dest_tkt(); + return SIADFAIL; + } + memset(old_pw, 0, sizeof(old_pw)); + return SIADSUCCESS; +} + +int +siad_chg_password (sia_collect_func_t *collect, + const char *username, + int argc, + char *argv[]) +{ + prompt_t prompts[2]; + krb_principal princ; + int ret; + char new_pw1[MAX_KPW_LEN+1]; + char new_pw2[MAX_KPW_LEN+1]; + static struct et_list *et_list; + + setprogname(argv[0]); + + SIA_DEBUG(("DEBUG", "siad_chg_password")); + if(collect == NULL) + return SIADFAIL; + + if(username == NULL) + username = getlogin(); + + ret = krb_parse_name(username, &princ); + if(ret) + return SIADFAIL; + if(princ.realm[0] == '\0') + krb_get_lrealm(princ.realm, 1); + + if(et_list == NULL) { + initialize_kadm_error_table_r(&et_list); + initialize_krb_error_table_r(&et_list); + } + + ret = init_change(collect, &princ); + if(ret != SIADSUCCESS) + return ret; + +again: + prompts[0].prompt = (unsigned char*)"New password: "; + prompts[0].result = (unsigned char*)new_pw1; + prompts[0].min_result_length = MIN_KPW_LEN; + prompts[0].max_result_length = sizeof(new_pw1) - 1; + prompts[0].control_flags = SIARESINVIS; + prompts[1].prompt = (unsigned char*)"Verify new password: "; + prompts[1].result = (unsigned char*)new_pw2; + prompts[1].min_result_length = MIN_KPW_LEN; + prompts[1].max_result_length = sizeof(new_pw2) - 1; + prompts[1].control_flags = SIARESINVIS; + if((*collect)(120, SIAFORM, (unsigned char*)"", 2, prompts) != + SIACOLSUCCESS) { + dest_tkt(); + return SIADFAIL; + } + if(strcmp(new_pw1, new_pw2) != 0){ + sia_message(collect, SIAWARNING, "", "Password mismatch."); + goto again; + } + ret = kadm_check_pw(new_pw1); + if(ret) { + sia_message(collect, SIAWARNING, "", com_right(et_list, ret)); + goto again; + } + + memset(new_pw2, 0, sizeof(new_pw2)); + ret = kadm_init_link (PWSERV_NAME, KRB_MASTER, princ.realm); + if (ret != KADM_SUCCESS) + sia_message(collect, SIAWARNING, "Error initing kadmin connection", + com_right(et_list, ret)); + else { + des_cblock newkey; + char *pw_msg; /* message from server */ + + des_string_to_key(new_pw1, &newkey); + ret = kadm_change_pw_plain((unsigned char*)&newkey, new_pw1, &pw_msg); + memset(newkey, 0, sizeof(newkey)); + + if (ret == KADM_INSECURE_PW) + sia_message(collect, SIAWARNING, "Insecure password", pw_msg); + else if (ret != KADM_SUCCESS) + sia_message(collect, SIAWARNING, "Error changing password", + com_right(et_list, ret)); + } + memset(new_pw1, 0, sizeof(new_pw1)); + + if (ret != KADM_SUCCESS) + sia_message(collect, SIAWARNING, "", "Password NOT changed."); + else + sia_message(collect, SIAINFO, "", "Password changed."); + + dest_tkt(); + if(ret) + return SIADFAIL; + return SIADSUCCESS; +} +#endif + +int +siad_chg_shell (sia_collect_func_t *collect, + const char *username, + int argc, + char *argv[]) +{ + return SIADFAIL; +} + +int +siad_getpwent(struct passwd *result, + char *buf, + int bufsize, + struct sia_context *context) +{ + return SIADFAIL; +} + +int +siad_getpwuid (uid_t uid, + struct passwd *result, + char *buf, + int bufsize, + struct sia_context *context) +{ + return SIADFAIL; +} + +int +siad_getpwnam (const char *name, + struct passwd *result, + char *buf, + int bufsize, + struct sia_context *context) +{ + return SIADFAIL; +} + +int +siad_setpwent (struct sia_context *context) +{ + return SIADFAIL; +} + +int +siad_endpwent (struct sia_context *context) +{ + return SIADFAIL; +} + +int +siad_getgrent(struct group *result, + char *buf, + int bufsize, + struct sia_context *context) +{ + return SIADFAIL; +} + +int +siad_getgrgid (gid_t gid, + struct group *result, + char *buf, + int bufsize, + struct sia_context *context) +{ + return SIADFAIL; +} + +int +siad_getgrnam (const char *name, + struct group *result, + char *buf, + int bufsize, + struct sia_context *context) +{ + return SIADFAIL; +} + +int +siad_setgrent (struct sia_context *context) +{ + return SIADFAIL; +} + +int +siad_endgrent (struct sia_context *context) +{ + return SIADFAIL; +} + +int +siad_chk_user (const char *logname, int checkflag) +{ + if(checkflag != CHGPASSWD) + return SIADFAIL; + return SIADSUCCESS; +} diff --git a/lib/auth/sia/sia_locl.h b/lib/auth/sia/sia_locl.h new file mode 100644 index 0000000..81e8439 --- /dev/null +++ b/lib/auth/sia/sia_locl.h @@ -0,0 +1,93 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +/* $Id: sia_locl.h 10688 2001-09-13 01:15:34Z assar $ */ + +#ifndef __sia_locl_h__ +#define __sia_locl_h__ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#include <ctype.h> +#include <stdio.h> +#include <string.h> +#include <siad.h> +#include <pwd.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <roken.h> + +#ifdef KRB5 +#define SIA_KRB5 +#elif defined(KRB4) +#define SIA_KRB4 +#endif + +#ifdef SIA_KRB5 +#include <krb5.h> +#include <com_err.h> +#endif +#ifdef SIA_KRB4 +#include <krb.h> +#include <krb_err.h> +#include <kadm.h> +#include <kadm_err.h> +#endif +#ifdef KRB4 +#include <kafs.h> +#endif + +#ifndef POSIX_GETPWNAM_R + +#define getpwnam_r posix_getpwnam_r +#define getpwuid_r posix_getpwuid_r + +#endif /* POSIX_GETPWNAM_R */ + +#ifndef DEBUG +#define SIA_DEBUG(X) +#else +#define SIA_DEBUG(X) SIALOG X +#endif + +struct state{ +#ifdef SIA_KRB5 + krb5_context context; + krb5_auth_context auth_context; +#endif + char ticket[MaxPathLen]; + int valid; +}; + +#endif /* __sia_locl_h__ */ |
